From: Abhishek L <abhishek.lekshmanan@gmail.com>
To: Valery Tschopp <valery.tschopp@switch.ch>
Cc: ceph-devel@vger.kernel.org
Subject: Re: radosgw + s3 + keystone + Browser-Based POST bug
Date: Thu, 29 Jan 2015 22:39:40 +0530 [thread overview]
Message-ID: <87k3054irn.fsf@gmail.com> (raw)
In-Reply-To: <54CA50CF.5010109@switch.ch>
[-- Attachment #1: Type: text/plain, Size: 1779 bytes --]
Hi
Valery Tschopp writes:
> Hi guys,
>
> We have integrated our radosgw (v0.80.7) with our OpenStack Keystone
> server (icehouse) successfully.
>
> The "normal" S3 operations can be executed with the Keystone user's EC2
> credentials (EC2_ACCESS_KEY, EC2_SECRET_KEY). The radosgw correctly
> handles these user credentials, ask keystone to validate them, and the
> resulting objects belong to the Keystone tenant/project or the user
> (user is member of the tenant/project).
>
> But for the "Browser-based upload POST" [1] it doesn't work! The user is
> not correctly resolved, and the radosgw returns a 403 code!
>
> It looks like the s3 keystone integration doesn't work correctly when a
> S3 browser-based upload POST is used.
>
> See the attached log file (radosgw.log), you can clearly see the user
> lookup failing, and the status being set to 403:
>
>
> 2015-01-29 15:11:30.151157 7f25616fa700 0 User lookup failed!
> 2015-01-29 15:11:30.151171 7f25616fa700 15 Read
> RGWCORSConfiguration<CORSConfiguration><CORSRule><AllowedMethod>POST</AllowedMethod><AllowedOrigin>https://staging.tube.switch.ch</AllowedOrigin><AllowedHeader>*</AllowedHeader></CORSRule></CORSConfiguration>
> 2015-01-29 15:11:30.151184 7f25616fa700 10 Method POST is supported
> 2015-01-29 15:11:30.151195 7f25616fa700 2 req 1123:0.013204:s3:POST
> /:post_obj:http status=403
>
>
> Is this a bug? Or did we miss something else?
Looks like you may be hitting http://tracker.ceph.com/issues/10062,
where s3 POST requests were failing with keystone. There is a patch that
is merged in master[1] that addresses this. We would also love
to see this ported back to firefly/giant.
[1] https://github.com/ceph/ceph/pull/3251
Regards
--
Abhishek
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 472 bytes --]
next prev parent reply other threads:[~2015-01-29 17:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-29 15:25 radosgw + s3 + keystone + Browser-Based POST bug Valery Tschopp
2015-01-29 17:09 ` Abhishek L [this message]
2015-01-29 17:28 ` Yehuda Sadeh
2015-01-29 17:38 ` Abhishek L
2015-02-02 9:49 ` Valery Tschopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k3054irn.fsf@gmail.com \
--to=abhishek.lekshmanan@gmail.com \
--cc=ceph-devel@vger.kernel.org \
--cc=valery.tschopp@switch.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.