[ceph-users] How to attach permission policy to user?

myxingkong admin at xingkong.io
Mon Mar 11 18:49:20 PDT 2019


Hi Pritha:

I was unable to attach the permission policy through S3curl, which returned an HTTP 403 error.

./s3curl.pl --id admin -- -s -v -X POST "http://192.168.199.81:7480/?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER&PolicyDocument=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08"


Request:

> POST /?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER&PolicyDocument={"Version":"2012-10-17","Statement":[{"Effect":"Deny","Action":"s3:*","Resource":["*"],"Condition":{"BoolIfExists":{"sts:authentication":"false"}}},{"Effect":"Allow","Action":"sts:GetSessionToken","Resource":"*","Condition":{"BoolIfExists":{"sts:authentication":"false"}}}]}&Version=2010-05-08 HTTP/1.1 
> User-Agent: curl/7.29.0
> Host: 192.168.199.81:7480
> Accept: */*
> Date: Tue, 12 Mar 2019 01:39:55 GMT
> Authorization: AWS HTRJ1HIKR4FB9A24ZG9C:FTMBoc7+sJf0K+cx+nYD7Sdj2Xg=

Response:

< HTTP/1.1 403 Forbidden
< Content-Length: 187
< x-amz-request-id: tx000000000000000000144-005c870deb-4a92d-default
< Accept-Ranges: bytes
< Content-Type: application/xml
< Date: Tue, 12 Mar 2019 01:39:55 GMT
< 
* Connection #0 to host 192.168.199.81 left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx000000000000000000144-005c870deb-4a92d-default</RequestId><HostId>4a92d-default-default</HostId></Error>


.s3curl

%awsSecretAccessKeys = (
    admin => {
        id => 'HTRJ1HIKR4FB9A24ZG9C',
        key => 'Dfk7t5u4jvdyFMlEf8t4MTdBLEqVlru7tag1g8PE',
    },
);

Can you tell me what went wrong?


Thanks,
myxingkong


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20190312/16e706bc/attachment.html>


More information about the ceph-users mailing list