Hi Myxingkong, Can you explain what you mean by 'enabling restful modules', particularly which document are you referring to?
Right now there is no other way to attach a permission policy to a user. There is work in progress for adding functionality to RGW using which such calls can be scripted using boto. Thanks, Pritha On Mon, Mar 11, 2019 at 3:21 PM myxingkong <ad...@xingkong.io> wrote: > Hello: > > I want to use the GetSessionToken method to get the temporary credentials, > but according to the answer given in the official documentation, I need to > attach a permission policy to the user before I can use the GetSessionToken > method. > > This is the command for the additional permission policy provided by the > official documentation: > > s3curl.pl --debug --id admin -- -s -v -X POST " > http://localhost:8000/?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER1&PolicyDocument=\{\ > "Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08" > > > This requires enabling restful modules to execute this command. > > I configured the restful module according to the documentation, but > without success, I was unable to configure the SSL certificate. > > ceph config-key set mgr/restful/crt -i restful.crt > > WARNING: it looks like you might be trying to set a ceph-mgr module > configuration key. Since Ceph 13.0.0 (Mimic), mgr module configuration is > done with `config set`, and new values set using `config-key set` will be > ignored. > set mgr/restful/crt > > Can someone tell me if there is a way to configure a restful module's > certificate, or if there is another way to attach permission policies to > users? > > Thanks, > myxingkong > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
