I created a role and attached a permission policy to it.
radosgw-admin role create --role-name=S3Access
--path=/application_abc/component_xyz/
--assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\},\"Action\":\[\"sts:*\"\]\}\]\}
radosgw-admin role-policy put --role-name=S3Access --policy-name=Policy1
--policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\}\}\]\}
I then created a user with administrator privileges.
radosgw-admin user create --uid=admin --display-name="admin" --admin
radosgw-admin caps add --uid=admin --caps="roles=*"
When I use the REST admin APIs to get the Role, it returns an HTTP 405 error.
Request:
POST / HTTP/1.1
Host: 192.168.199.81:7480
Accept-Encoding: identity
Content-Length: 51
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20190307T062057Z
Authorization: AWS4-HMAC-SHA256
Credential=PW6NM2ITY1U7AZDD23LR/20190307//iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=af5f820f898a856f3a624a47b37d7577bd0bf1b23b4100070a03d910b64717db
User-Agent: Boto3/1.9.107 Python/2.7.15 Windows/7 Botocore/1.12.107
Action=GetRole&RoleName=S3Access&Version=2010-05-08
Response:
HTTP/1.1 405 Method Not Allowed
Content-Length: 191
x-amz-request-id: tx000000000000000000004-005c80b848-1b028-default
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 07 Mar 2019 06:20:56 GMT
Connection: keep-alive
<?xml version="1.0"
encoding="UTF-8"?><Error><Code>MethodNotAllowed</Code><RequestId>tx000000000000000000004-005c80b848-1b028-default</RequestId><HostId>1b028-default-default</HostId></Error>
This is my test code:
import os
import sys
import boto3
import traceback
try:
host = 'http://192.168.199.81:7480'
access_key = 'PW6NM2ITY1U7AZDD23LR'
secret_key = 'o0Td78FhgxUMJ6qZuv5OcmntLEYpyavVUuZE5TGM'
client = boto3.client('iam',
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
endpoint_url = host,
region_name="")
response = client.get_role(
RoleName='S3Access'
)
print response
except:
print traceback.format_exc()
This is my ceph.conf:
[global]
fsid = adf809ab-6534-469d-afe6-a7677d8a490c
mon_initial_members = admin, node1, node2, node3
mon_host = 192.168.199.81,192.168.199.82,192.168.199.83,192.168.199.84
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
osd pool default size = 2
[client.rgw.admin]
rgw sts key = "abcdefghijklmnopq"
rgw s3 auth use sts = true
Can someone tell me if my configuration is incorrect?
Or does the version I tested not provide a rest admin API?
My version of ceph is: ceph version 14.1.0
(adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)
Thanks,
myxingkong
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
