Keystone does not accept Ceph STS and IAM auth requests
Bug #1897280 reported by
Stuart Grace
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Jonathan Rosser |
Bug Description
Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS-compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied. This is because api/s3tokens.py only accepts "s3" as the service name.
Workaround: https:/
Changed in keystone: | |
assignee: | Stuart Grace (stuartgrace) → Jonathan Rosser (jrosser) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/754404
Review: https:/