Re: [ceph-users] Access denied error

Mon, 28 Apr 2014 02:56:22 -0700 

Hi Yehuda,

I am using the same above method to call the api and used the way which
described in the
http://ceph.com/docs/master/radosgw/s3/authentication/#access-control-lists-aclsfor
connection. The method in the
http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html is
for generating the hash of the header string and secret keys, since these
keys are created already and i think we don't need this method, right ?

I also tried one function to list out the bucket data as like

curl -i 'http://gateway.3linux.com/test?format=json' -X GET -H
'Authorization: AWS
KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN' -H 'Host:
gateway.3linux.com' -H 'Date: Mon, 28 April 2014 07:25:00 GMT ' -H
'Content-Length: 0'

but its also getting the access denied error. But i can view the bucket
details by directly entering http://gateway.3linux.com/test?format=json in
the browser. What do you think ? what may be the reason ? I am able to
connect and list buckets etc using cyberduck ftp clients these access keys
but unable to do with the function calls.




On Sat, Apr 26, 2014 at 12:22 AM, Yehuda Sadeh <yeh...@inktank.com> wrote:

> On Fri, Apr 25, 2014 at 1:03 AM, Punit Dambiwal <hypu...@gmail.com> wrote:
> > Hi Yehuda,
> >
> > Thanks for your help...that missing date error gone but still i am
> getting
> > the access denied error :-
> >
> > -----------------------------
> > 2014-04-25 15:52:56.988025 7f00d37c6700  1 ====== starting new request
> > req=0x237a090 =====
> > 2014-04-25 15:52:56.988072 7f00d37c6700  2 req 24:0.000046::GET
> > /admin/usage::initializing
> > 2014-04-25 15:52:56.988077 7f00d37c6700 10 host=gateway.3linux.com
> > rgw_dns_name=gateway.3linux.com
> > 2014-04-25 15:52:56.988102 7f00d37c6700 20 FCGI_ROLE=RESPONDER
> > 2014-04-25 15:52:56.988103 7f00d37c6700 20 SCRIPT_URL=/admin/usage
> > 2014-04-25 15:52:56.988104 7f00d37c6700 20
> > SCRIPT_URI=http://gateway.3linux.com/admin/usage
> > 2014-04-25 15:52:56.988105 7f00d37c6700 20 HTTP_AUTHORIZATION=AWS
> > KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN
> > 2014-04-25 15:52:56.988107 7f00d37c6700 20 HTTP_USER_AGENT=curl/7.22.0
> > (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23
> > librtmp/2.3
> > 2014-04-25 15:52:56.988108 7f00d37c6700 20 HTTP_ACCEPT=*/*
> > 2014-04-25 15:52:56.988109 7f00d37c6700 20 HTTP_HOST=gateway.3linux.com
> > 2014-04-25 15:52:56.988110 7f00d37c6700 20 HTTP_DATE=Fri, 25 April 2014
> > 07:50:00 GMT
> > 2014-04-25 15:52:56.988111 7f00d37c6700 20 CONTENT_LENGTH=0
> > 2014-04-25 15:52:56.988112 7f00d37c6700 20
> PATH=/usr/local/bin:/usr/bin:/bin
> > 2014-04-25 15:52:56.988113 7f00d37c6700 20 SERVER_SIGNATURE=
> > 2014-04-25 15:52:56.988114 7f00d37c6700 20 SERVER_SOFTWARE=Apache/2.2.22
> > (Ubuntu)
> > 2014-04-25 15:52:56.988115 7f00d37c6700 20 SERVER_NAME=
> gateway.3linux.com
> > 2014-04-25 15:52:56.988116 7f00d37c6700 20 SERVER_ADDR=117.18.79.110
> > 2014-04-25 15:52:56.988117 7f00d37c6700 20 SERVER_PORT=80
> > 2014-04-25 15:52:56.988117 7f00d37c6700 20 REMOTE_ADDR=122.166.115.191
> > 2014-04-25 15:52:56.988118 7f00d37c6700 20 DOCUMENT_ROOT=/var/www
> > 2014-04-25 15:52:56.988119 7f00d37c6700 20 SERVER_ADMIN=c...@3linux.com
> > 2014-04-25 15:52:56.988120 7f00d37c6700 20
> > SCRIPT_FILENAME=/var/www/s3gw.fcgi
> > 2014-04-25 15:52:56.988120 7f00d37c6700 20 REMOTE_PORT=28840
> > 2014-04-25 15:52:56.988121 7f00d37c6700 20 GATEWAY_INTERFACE=CGI/1.1
> > 2014-04-25 15:52:56.988122 7f00d37c6700 20 SERVER_PROTOCOL=HTTP/1.1
> > 2014-04-25 15:52:56.988123 7f00d37c6700 20 REQUEST_METHOD=GET
> > 2014-04-25 15:52:56.988123 7f00d37c6700 20
> > QUERY_STRING=page=admin&params=/usage&format=json
> > 2014-04-25 15:52:56.988124 7f00d37c6700 20
> > REQUEST_URI=/admin/usage?format=json
> > 2014-04-25 15:52:56.988125 7f00d37c6700 20 SCRIPT_NAME=/admin/usage
> > 2014-04-25 15:52:56.988126 7f00d37c6700  2 req 24:0.000101::GET
> > /admin/usage::getting op
> > 2014-04-25 15:52:56.988129 7f00d37c6700  2 req 24:0.000104::GET
> > /admin/usage:get_usage:authorizing
> > 2014-04-25 15:52:56.988141 7f00d37c6700 20 get_obj_state:
> > rctx=0x7effbc004aa0 obj=.users:KGXJJGKDM5G7G4CNKC7R state=0x7effbc00e718
> > s->prefetch_data=0
> > 2014-04-25 15:52:56.988148 7f00d37c6700 10 moving
> > .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
> > 2014-04-25 15:52:56.988150 7f00d37c6700 10 cache get:
> > name=.users+KGXJJGKDM5G7G4CNKC7R : hit
> > 2014-04-25 15:52:56.988155 7f00d37c6700 20 get_obj_state: s->obj_tag was
> set
> > empty
> > 2014-04-25 15:52:56.988160 7f00d37c6700 10 moving
> > .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
> > 2014-04-25 15:52:56.988161 7f00d37c6700 10 cache get:
> > name=.users+KGXJJGKDM5G7G4CNKC7R : hit
> > 2014-04-25 15:52:56.988179 7f00d37c6700 20 get_obj_state:
> > rctx=0x7effbc001ce0 obj=.users.uid:admin state=0x7effbc00ec58
> > s->prefetch_data=0
> > 2014-04-25 15:52:56.988185 7f00d37c6700 10 moving .users.uid+admin to
> cache
> > LRU end
> > 2014-04-25 15:52:56.988186 7f00d37c6700 10 cache get:
> name=.users.uid+admin
> > : hit
> > 2014-04-25 15:52:56.988190 7f00d37c6700 20 get_obj_state: s->obj_tag was
> set
> > empty
> > 2014-04-25 15:52:56.988193 7f00d37c6700 10 moving .users.uid+admin to
> cache
> > LRU end
> > 2014-04-25 15:52:56.988195 7f00d37c6700 10 cache get:
> name=.users.uid+admin
> > : hit
> > 2014-04-25 15:52:56.988236 7f00d37c6700 10 get_canon_resource():
> > dest=/admin/usage
> > 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr:
> > GET
> >
> >
> > Fri, 25 April 2014 07:50:00 GMT
> > /admin/usage
> > 2014-04-25 15:52:56.988325 7f00d37c6700 15 calculated
> > digest=nLKirQEEPeSS0Lzvr52NAB2phpA=
> > 2014-04-25 15:52:56.988329 7f00d37c6700 15
> > auth_sign=LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN
> > 2014-04-25 15:52:56.988330 7f00d37c6700 15 compare=-34
>
>
> Still signing issues. If you're manually constructing the auth header
> you need to make it look like the above (copy pasted here):
>
> > 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr:
> > GET
> >
> >
> > Fri, 25 April 2014 07:50:00 GMT
> > /admin/usage
>
> Then you need to run hmac-sha1 on it, as described here:
>
> http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
>
> If you have any backslash in the key then you need to remove it, it's
> just an escape character for representing slashes in json.
>
> Yehuda
>

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to