The Ceph Admin REST API is producing SignatureDoesNotMatch access denied errors when attempting to make a request for the user's key sub-resource. Both PUT and DELETE actions for the /admin/user?key resource are failing even though the string to sign on the client and the one returned by the server are identical.
### # Requesting: GET /admin/user?uid=C1 ### ### START String To Sign from Request ### GET application/x-www-form-urlencoded Fri, 10 Jul 2015 17:42:47 GMT /admin/user ### END String to Sign ### ### START CURL VERBOSE ### * Trying 1.2.3.4... * Connected to s3.example.com (1.2.3.4) port 443 (#0) * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com * start date: 2015-06-22 00:00:00 GMT * expire date: 2016-06-21 23:59:59 GMT * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser ver CA * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET /admin/user?uid=C1 HTTP/1.1 User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m Host: s3.example.com Accept: */* Accept-Encoding: gzip, deflate Referer: https://s3.example.com/admin/user?uid=C1 Content-Type: application/x-www-form-urlencoded Date: Fri, 10 Jul 2015 17:42:47 GMT Authorization: AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok= Content-Length: 0 < HTTP/1.1 200 OK < Server: Tengine/2.1.0 < Date: Fri, 10 Jul 2015 17:42:44 GMT < Content-Type: application/json < Transfer-Encoding: chunked < Connection: keep-alive < * Connection #0 to host s3.example.com left intact ### END CURL VERBOSE ### ### START Response Dump ### CFResponse Object ( [header] => Array ( [server] => Tengine/2.1.0 [date] => Fri, 10 Jul 2015 17:42:44 GMT [content-type] => application/json [transfer-encoding] => chunked [connection] => keep-alive [_info] => Array ( [url] => https://s3.example.com/admin/user?uid=C1 [content_type] => application/json [http_code] => 200 [header_size] => 163 [request_size] => 422 [filetime] => -1 [ssl_verify_result] => 20 [redirect_count] => 0 [total_time] => 1.341 [namelookup_time] => 0 [connect_time] => 0.046 [pretransfer_time] => 1.279 [size_upload] => 0 [size_download] => 341 [speed_download] => 254 [speed_upload] => 0 [download_content_length] => -1 [upload_content_length] => 0 [starttransfer_time] => 1.341 [redirect_time] => 0 [redirect_url] => [primary_ip] => 1.2.3.4 [certinfo] => Array ( ) [primary_port] => 443 [local_ip] => 192.168.2.12 [local_port] => 64078 [method] => GET ) [x-aws-request-url] => https://s3.example.com/admin/user?uid=C1 [x-aws-redirects] => 0 [x-aws-stringtosign] => GET application/x-www-form-urlencoded Fri, 10 Jul 2015 17:42:47 GMT /admin/user [x-aws-requestheaders] => Array ( [Content-Type] => application/x-www-form-urlencoded [Date] => Fri, 10 Jul 2015 17:42:47 GMT [Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:Y8hxsK3lsVsXIBVsECY6iiMXQok= [Expect] => ) ) [body] => CFSimpleXML Object ( [user_id] => C1 [display_name] => C1 [email] => CFSimpleXML Object ( ) [suspended] => 0 [max_buckets] => 1000 [subusers] => CFSimpleXML Object ( ) [keys] => Array ( [0] => CFSimpleXML Object ( [user] => C1 [access_key] => ANNMJKDEZ2RN60I03GI9 [secret_key] => E5ACgu28+AP1u7z4+qbKeIfEtsaAFVrBKSgTAupE ) [1] => CFSimpleXML Object ( [user] => C1 [access_key] => IQAEY8F8CFIR7XG4CAGB [secret_key] => hfr89xH5C01VCNNwv3wkMT5+JmsXrSwjXnB55ttS ) ) [swift_keys] => CFSimpleXML Object ( ) [caps] => CFSimpleXML Object ( ) ) [status] => 200 ) ### END Response Dump ### ##################################################################################################### ### # Requesting: DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 ### ### START String To Sign from Request ### DELETE application/x-www-form-urlencoded Fri, 10 Jul 2015 17:42:48 GMT /admin/user?key ### END String to Sign ### ### START CURL VERBOSE ### * Hostname s3.example.com was found in DNS cache * Trying 1.2.3.4... * Connected to s3.example.com (1.2.3.4) port 443 (#0) * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: OU=Domain Control Validated; OU=COMODO SSL Wildcard; CN=*.s3.example.com * start date: 2015-06-22 00:00:00 GMT * expire date: 2016-06-21 23:59:59 GMT * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Ser ver CA * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > DELETE /admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 HTTP/1.1 User-Agent: aws-sdk-php/1.6.2 PHP/5.6.8 curl/7.40.0 openssl/1.0.1m Host: s3.example.com Accept: */* Accept-Encoding: gzip, deflate Referer: https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 Content-Type: application/x-www-form-urlencoded Date: Fri, 10 Jul 2015 17:42:48 GMT Authorization: AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc= Content-Length: 0 < HTTP/1.1 403 Forbidden < Server: Tengine/2.1.0 < Date: Fri, 10 Jul 2015 17:42:44 GMT < Content-Type: application/json < Content-Length: 32 < Connection: keep-alive < Accept-Ranges: bytes * HTTP error before end of send, stop sending < * Closing connection 0 ### END CURL VERBOSE ### ### START Response Dump ### CFResponse Object ( [header] => Array ( [server] => Tengine/2.1.0 [date] => Fri, 10 Jul 2015 17:42:44 GMT [content-type] => application/json [content-length] => 32 [connection] => keep-alive [accept-ranges] => bytes [_info] => Array ( [url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 [content_type] => application/json [http_code] => 403 [header_size] => 184 [request_size] => 497 [filetime] => -1 [ssl_verify_result] => 20 [redirect_count] => 0 [total_time] => 0.312 [namelookup_time] => 0 [connect_time] => 0.062 [pretransfer_time] => 0.234 [size_upload] => 0 [size_download] => 32 [speed_download] => 102 [speed_upload] => 0 [download_content_length] => 32 [upload_content_length] => 0 [starttransfer_time] => 0.312 [redirect_time] => 0 [redirect_url] => [primary_ip] => 1.2.3.4 [certinfo] => Array ( ) [primary_port] => 443 [local_ip] => 192.168.2.12 [local_port] => 64079 [method] => DELETE ) [x-aws-request-url] => https://s3.example.com/admin/user?key&uid=C1&access-key=ANNMJKDEZ2RN60I03GI9 [x-aws-redirects] => 0 [x-aws-stringtosign] => DELETE application/x-www-form-urlencoded Fri, 10 Jul 2015 17:42:48 GMT /admin/user?key [x-aws-requestheaders] => Array ( [Content-Type] => application/x-www-form-urlencoded [Date] => Fri, 10 Jul 2015 17:42:48 GMT [Authorization] => AWS 27K8RGLQBN8K6G5PV3RS:vojakYdp1RqR3JYX5g5P6ny0vMc= [Expect] => ) ) [body] => CFSimpleXML Object ( [Code] => SignatureDoesNotMatch ) [status] => 403 ) ### END Response Dump ### Tyler Bishop Chief Executive Officer 513-299-7108 x10 tyler.bis...@beyondhosting.net If you are not the intended recipient of this transmission you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
