[ceph-users] GetRole Error:405 Method Not Allowed

Pritha Srivastava prsrivas at redhat.com
Thu Mar 7 00:13:30 PST 2019


A separate 'iam' namespace is still not supported in RGW, hence the REST
APIs for Roles using boto will not work. The REST APIs have been tested
using another client (s3curl) for the time being.

On Thu, Mar 7, 2019 at 12:00 PM myxingkong <admin at xingkong.io> wrote:

>
> I created a role and attached a permission policy to it.
>
> radosgw-admin role create --role-name=S3Access
> --path=/application_abc/component_xyz/
> --assume-role-policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\},\"Action\":\[\"sts:*\"\]\}\]\}
>
>
> radosgw-admin role-policy put --role-name=S3Access --policy-name=Policy1
> --policy-doc=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Allow\",\"Action\":\[\"s3:*\"\],\"Principal\":\{\"AWS\":\[\"arn:aws:iam:::user/TESTER\"\]\}\}\]\}
>
>
> I then created a user with administrator privileges.
>
> radosgw-admin user create --uid=admin --display-name="admin" --admin
>
> radosgw-admin caps add --uid=admin --caps="roles=*"
>
>
> When I use the REST admin APIs to get the Role, it returns an HTTP 405
> error.
>
> Request:
>
> POST / HTTP/1.1
> Host: 192.168.199.81:7480
> Accept-Encoding: identity
> Content-Length: 51
> Content-Type: application/x-www-form-urlencoded; charset=utf-8
> X-Amz-Date: 20190307T062057Z
> Authorization: AWS4-HMAC-SHA256
> Credential=PW6NM2ITY1U7AZDD23LR/20190307//iam/aws4_request,
> SignedHeaders=content-type;host;x-amz-date,
> Signature=af5f820f898a856f3a624a47b37d7577bd0bf1b23b4100070a03d910b64717db
> User-Agent: Boto3/1.9.107 Python/2.7.15 Windows/7 Botocore/1.12.107
>
> Action=GetRole&RoleName=S3Access&Version=2010-05-08
>
>
> Response:
>
> HTTP/1.1 405 Method Not Allowed
> Content-Length: 191
> x-amz-request-id: tx000000000000000000004-005c80b848-1b028-default
> Accept-Ranges: bytes
> Content-Type: application/xml
> Date: Thu, 07 Mar 2019 06:20:56 GMT
> Connection: keep-alive
>
> <?xml version="1.0"
> encoding="UTF-8"?><Error><Code>MethodNotAllowed</Code><RequestId>tx000000000000000000004-005c80b848-1b028-default</RequestId><HostId>1b028-default-default</HostId></Error>
>
>
> This is my test code:
>
> import os
> import sys
> import boto3
> import traceback
>
> try:
>     host = 'http://192.168.199.81:7480'
>     access_key = 'PW6NM2ITY1U7AZDD23LR'
>     secret_key = 'o0Td78FhgxUMJ6qZuv5OcmntLEYpyavVUuZE5TGM'
>
>     client = boto3.client('iam',
>                           aws_access_key_id = access_key,
>                           aws_secret_access_key = secret_key,
>                           endpoint_url = host,
>                           region_name="")
>
>     response = client.get_role(
>         RoleName='S3Access'
>     )
>     print response
> except:
>     print traceback.format_exc()
>
>
>
> This is my ceph.conf:
>
> [global]
> fsid = adf809ab-6534-469d-afe6-a7677d8a490c
> mon_initial_members = admin, node1, node2, node3
> mon_host = 192.168.199.81,192.168.199.82,192.168.199.83,192.168.199.84
> auth_cluster_required = cephx
> auth_service_required = cephx
> auth_client_required = cephx
> osd pool default size = 2
>
> [client.rgw.admin]
> rgw sts key = "abcdefghijklmnopq"
> rgw s3 auth use sts = true
>
> Can someone tell me if my configuration is incorrect?
> Or does the version I tested not provide a rest admin API?
>
> My version of ceph is: ceph version 14.1.0
> (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)
>
>
> Thanks,
> myxingkong
> _______________________________________________
> ceph-users mailing list
> ceph-users at lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20190307/a158a8e3/attachment.html>


More information about the ceph-users mailing list