Hi Myxingkong, http://docs.ceph.com/docs/nautilus/mgr/restful/ is for the Manager module of ceph. This is not related to rgw.
Please try attaching a policy by configuring s3curl tool. Thanks, Pritha On Mon, Mar 11, 2019 at 3:43 PM myxingkong <ad...@xingkong.io> wrote: > Hi Pritha: > > This is the documentation for configuring restful modules: > http://docs.ceph.com/docs/nautilus/mgr/restful/ > > The command given according to the official documentation is to attach the > permission policy through the REST API. > > This is the documentation for STS lite: > http://docs.ceph.com/docs/nautilus/radosgw/STSLite/ > > My version of ceph is: ceph version 14.1.0 > (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev) > > Thanks, > myxingkong > On 3/11/2019 18:06,Pritha Srivastava<prsri...@redhat.com> > <prsri...@redhat.com> wrote: > > Hi Myxingkong, > > Can you explain what you mean by 'enabling restful modules', particularly > which document are you referring to? > > Right now there is no other way to attach a permission policy to a user. > > There is work in progress for adding functionality to RGW using which such > calls can be scripted using boto. > > Thanks, > Pritha > > On Mon, Mar 11, 2019 at 3:21 PM myxingkong <ad...@xingkong.io> wrote: > >> Hello: >> >> I want to use the GetSessionToken method to get the temporary >> credentials, but according to the answer given in the official >> documentation, I need to attach a permission policy to the user before I >> can use the GetSessionToken method. >> >> This is the command for the additional permission policy provided by the >> official documentation: >> >> s3curl.pl --debug --id admin -- -s -v -X POST " >> http://localhost:8000/?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER1&PolicyDocument=\{\ >> "Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08" >> >> >> This requires enabling restful modules to execute this command. >> >> I configured the restful module according to the documentation, but >> without success, I was unable to configure the SSL certificate. >> >> ceph config-key set mgr/restful/crt -i restful.crt >> >> WARNING: it looks like you might be trying to set a ceph-mgr module >> configuration key. Since Ceph 13.0.0 (Mimic), mgr module configuration is >> done with `config set`, and new values set using `config-key set` will be >> ignored. >> set mgr/restful/crt >> >> Can someone tell me if there is a way to configure a restful module's >> certificate, or if there is another way to attach permission policies to >> users? >> >> Thanks, >> myxingkong >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
