[ceph-users] How to attach permission policy to user?

Pritha Srivastava prsrivas at redhat.com
Mon Mar 11 03:05:59 PDT 2019

Hi Myxingkong,

Can you explain what you mean by 'enabling restful modules', particularly
which document are you referring to?

Right now there is no other way to attach a permission policy to a user.

There is work in progress for adding functionality to RGW using which such
calls can be scripted using boto.


On Mon, Mar 11, 2019 at 3:21 PM myxingkong <admin at xingkong.io> wrote:

> Hello:
> I want to use the GetSessionToken method to get the temporary credentials,
> but according to the answer given in the official documentation, I need to
> attach a permission policy to the user before I can use the GetSessionToken
> method.
> This is the command for the additional permission policy provided by the
> official documentation:
> s3curl.pl --debug --id admin -- -s -v -X POST "
> http://localhost:8000/?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER1&PolicyDocument=\{\
> "Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08"
> This requires enabling restful modules to execute this command.
> I configured the restful module according to the documentation, but
> without success, I was unable to configure the SSL certificate.
> ceph config-key set mgr/restful/crt -i restful.crt
> WARNING: it looks like you might be trying to set a ceph-mgr module
> configuration key. Since Ceph 13.0.0 (Mimic), mgr module configuration is
> done with `config set`, and new values set using `config-key set` will be
> ignored.
> set mgr/restful/crt
> Can someone tell me if there is a way to configure a restful module's
> certificate, or if there is another way to attach permission policies to
> users?
> Thanks,
> myxingkong
> _______________________________________________
> ceph-users mailing list
> ceph-users at lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20190311/f8ab5bbb/attachment.html>

More information about the ceph-users mailing list