RGW cannot list or create openidconnect providers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I'm attempting to setup an OpenIDConnect provider with RGW. I'm doing this using the boto3 API & Python. However it seems that the APIs are failing in some unexpected ways because radosgw was not setup correctly. There is sample code below, and yes, I know there are "secrets" in it - but this is an offline test lab so I am fine with this.

The first error shows this in the logs.

2023-02-16T00:45:26.860-0500 7fe19fef7700  1 ====== starting new request req=0x7fe2ccb54680 =====
2023-02-16T00:45:26.904-0500 7fe19def3700  0 req 17562030806519127926 0.044000439s ERROR: listing filtered objects failed: OIDC pool: default.rgw.meta: oidc_url.: (2) No such file or directory
2023-02-16T00:45:26.904-0500 7fe19aeed700  1 ====== req done req=0x7fe2ccb54680 op status=-2 http_status=404 latency=0.044000439s ======
2023-02-16T00:45:26.904-0500 7fe19aeed700  1 beast: 0x7fe2ccb54680: 10.20.104.178 - authentik [16/Feb/2023:00:45:26.860 -0500] "POST / HTTP/1.1" 404 189 - "Boto3/1.26.71 Python/3.11.1 Linux/6.0.6-76060006-generic Botocore/1.29.72" - latency=0.044000439s

So the object "oidc_url" is missing from the "default.rgw.meta" pool?

rados --pool default.rgw.meta ls --all
users.uid       root.buckets
users.uid       authentik.buckets
root    test4
root    .bucket.meta.test2:3866fac0-854b-48b5-b3b7-bf84a166a404.1165645.1
users.keys      ZVBTLTYRRPY7JU39WOR9
users.uid       authentik
users.uid       cephadmin
users.keys      NIVIV0JSKD9D2LDC3IH4
users.uid       root
users.email     tester@xxxxxxx
users.keys      L70QT3LN71SQXWHS97Y4
root    .bucket.meta.test:3866fac0-854b-48b5-b3b7-bf84a166a404.1204730.1
root    .bucket.meta.test4:3866fac0-854b-48b5-b3b7-bf84a166a404.1204730.2
root    test
root    test2

Well the object is clearly not there and I do not know how to fix this.

The second error produces this error in the log:

2023-02-16T01:11:29.304-0500 7fe1976e6700  1 ====== starting new request req=0x7fe2ccb54680 =====
2023-02-16T01:11:29.312-0500 7fe18c6d0700  1 ====== req done req=0x7fe2ccb54680 op status=-22 http_status=400 latency=0.008000083s ======
2023-02-16T01:11:29.312-0500 7fe18c6d0700  1 beast: 0x7fe2ccb54680: 10.20.104.178 - authentik [16/Feb/2023:01:11:29.304 -0500] "POST / HTTP/1.1" 400 189 - "Boto3/1.26.71 Python/3.11.1 Linux/6.0.6-76060006-generic Botocore/1.29.72" - latency=0.008000083s

Its much less clear what is going on here, it just returns 400. Boto raises this exception, "botocore.exceptions.ClientError: An error occurred (Unknown) when calling the CreateOpenIDConnectProvider operation: Unknown".

Has anyone seen this before and know how to setup the correct objects for OpenidConnect?

Version info
==============================================
ceph version 17.2.5 (e04241aa9b639588fa6c864845287d2824cb6b55) quincy (stable)


Examples below
==============================================

# creating the client works fine - I can see my user authenticate in the radosgw logs
access_key_id = 'L70QT3LN71SQXWHS97Y4'
secret_access_key = 'QEXLa5V0Zm38068n3goDtm8V6WlaDwxVmAq9W2XV'
iam = boto3.client('iam',
  aws_access_key_id=access_key_id,
  aws_secret_access_key=secret_access_key,
  region_name="default",
  endpoint_url="https://s3.lab";)

# First error
providers_response = iam.list_open_id_connect_providers()

# Second Error
oidc_response = iam.create_open_id_connect_provider(
  # Issuer URL
  Url="https://login.lab/application/o/d7d64496e26c156ca9ea0802c5d7ed1c/";,
  ClientIDList=['authentik'],
  ThumbprintList=['BDCC44F40254E7E1258DA4698833FFE2E8AECA3D3799044D8A1F97F7DFF20511'])
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux