Hello, I'm attempting to setup an OpenIDConnect provider with RGW. I'm doing this using the boto3 API & Python. However it seems that the APIs are failing in some unexpected ways because radosgw was not setup correctly. There is sample code below, and yes, I know there are "secrets" in it - but this is an offline test lab so I am fine with this. The first error shows this in the logs. 2023-02-16T00:45:26.860-0500 7fe19fef7700 1 ====== starting new request req=0x7fe2ccb54680 ===== 2023-02-16T00:45:26.904-0500 7fe19def3700 0 req 17562030806519127926 0.044000439s ERROR: listing filtered objects failed: OIDC pool: default.rgw.meta: oidc_url.: (2) No such file or directory 2023-02-16T00:45:26.904-0500 7fe19aeed700 1 ====== req done req=0x7fe2ccb54680 op status=-2 http_status=404 latency=0.044000439s ====== 2023-02-16T00:45:26.904-0500 7fe19aeed700 1 beast: 0x7fe2ccb54680: 10.20.104.178 - authentik [16/Feb/2023:00:45:26.860 -0500] "POST / HTTP/1.1" 404 189 - "Boto3/1.26.71 Python/3.11.1 Linux/6.0.6-76060006-generic Botocore/1.29.72" - latency=0.044000439s So the object "oidc_url" is missing from the "default.rgw.meta" pool? rados --pool default.rgw.meta ls --all users.uid root.buckets users.uid authentik.buckets root test4 root .bucket.meta.test2:3866fac0-854b-48b5-b3b7-bf84a166a404.1165645.1 users.keys ZVBTLTYRRPY7JU39WOR9 users.uid authentik users.uid cephadmin users.keys NIVIV0JSKD9D2LDC3IH4 users.uid root users.email tester@xxxxxxx users.keys L70QT3LN71SQXWHS97Y4 root .bucket.meta.test:3866fac0-854b-48b5-b3b7-bf84a166a404.1204730.1 root .bucket.meta.test4:3866fac0-854b-48b5-b3b7-bf84a166a404.1204730.2 root test root test2 Well the object is clearly not there and I do not know how to fix this. The second error produces this error in the log: 2023-02-16T01:11:29.304-0500 7fe1976e6700 1 ====== starting new request req=0x7fe2ccb54680 ===== 2023-02-16T01:11:29.312-0500 7fe18c6d0700 1 ====== req done req=0x7fe2ccb54680 op status=-22 http_status=400 latency=0.008000083s ====== 2023-02-16T01:11:29.312-0500 7fe18c6d0700 1 beast: 0x7fe2ccb54680: 10.20.104.178 - authentik [16/Feb/2023:01:11:29.304 -0500] "POST / HTTP/1.1" 400 189 - "Boto3/1.26.71 Python/3.11.1 Linux/6.0.6-76060006-generic Botocore/1.29.72" - latency=0.008000083s Its much less clear what is going on here, it just returns 400. Boto raises this exception, "botocore.exceptions.ClientError: An error occurred (Unknown) when calling the CreateOpenIDConnectProvider operation: Unknown". Has anyone seen this before and know how to setup the correct objects for OpenidConnect? Version info ============================================== ceph version 17.2.5 (e04241aa9b639588fa6c864845287d2824cb6b55) quincy (stable) Examples below ============================================== # creating the client works fine - I can see my user authenticate in the radosgw logs access_key_id = 'L70QT3LN71SQXWHS97Y4' secret_access_key = 'QEXLa5V0Zm38068n3goDtm8V6WlaDwxVmAq9W2XV' iam = boto3.client('iam', aws_access_key_id=access_key_id, aws_secret_access_key=secret_access_key, region_name="default", endpoint_url="https://s3.lab") # First error providers_response = iam.list_open_id_connect_providers() # Second Error oidc_response = iam.create_open_id_connect_provider( # Issuer URL Url="https://login.lab/application/o/d7d64496e26c156ca9ea0802c5d7ed1c/", ClientIDList=['authentik'], ThumbprintList=['BDCC44F40254E7E1258DA4698833FFE2E8AECA3D3799044D8A1F97F7DFF20511']) _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx