[ceph-users] How to use STS Lite correctly?

myxingkong admin at xingkong.io
Mon Mar 4 18:57:34 PST 2019


Hello.

I successfully created the role and attached the permission policy, but it still didn't work as expected.

When I request the root path, it returns an HTTP 400 error:

Request:

POST / HTTP/1.1
Host: 192.168.199.81:8080
Accept-Encoding: identity
Content-Length: 159
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20190305T024604Z
Authorization: AWS4-HMAC-SHA256 Credential=O966WM2NEUB232Z53VYG/20190305//sts/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=dfb51d46ca561fa7bf763ceaededf58afd17b3fe6293c4cc6dc4fccba24c95d1
User-Agent: Boto3/1.9.106 Python/2.7.15 Windows/7 Botocore/1.12.106

Action=AssumeRole&DurationSeconds=3600&RoleArn=arn%3Aaws%3Aiam%3A%3A%3Arole%2Fapplication_abc%2Fcomponent_xyz%2Fcgtw-STS&Version=2011-06-15&RoleSessionName=Bob


Response:

<Error>
    <Code>InvalidArgument</Code>
    <RequestId>tx00000000000000000000f-005c7de2ea-1217e-default</RequestId>
    <HostId>1217e-default-default</HostId>
</Error>


When I requested the /rgw path, it returned an HTTP 403 error:

Request:

POST /rgw HTTP/1.1
Host: 192.168.199.81:8080
Accept-Encoding: identity
Content-Length: 159
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20190305T024904Z
Authorization: AWS4-HMAC-SHA256 Credential=O966WM2NEUB232Z53VYG/20190305//sts/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=d68e6f79ded8d06bef19fa0d9248d5c72bdfd08abbd61b54de887fba17474f6d
User-Agent: Boto3/1.9.106 Python/2.7.15 Windows/7 Botocore/1.12.106

Action=AssumeRole&DurationSeconds=3600&RoleArn=arn%3Aaws%3Aiam%3A%3A%3Arole%2Fapplication_abc%2Fcomponent_xyz%2Fcgtw-STS&Version=2011-06-15&RoleSessionName=Bob


Response:

<Error>
    <Code>AccessDenied</Code>
    <RequestId>tx000000000000000000010-005c7de39f-1217e-default</RequestId>
    <HostId>1217e-default-default</HostId>
</Error>

Can you tell me if my request path is incorrect?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20190305/8bb15254/attachment.html>


More information about the ceph-users mailing list