Keystone does not accept Ceph STS and IAM auth requests
Bug #1897280 reported by
Stuart Grace
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Jonathan Rosser | ||
Bug Description
Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS-compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied. This is because api/s3tokens.py only accepts "s3" as the service name.
Workaround: https:/
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| assignee: | nobody → Stuart Grace (stuartgrace) |
| status: | New → In Progress |
| Changed in keystone: | |
| assignee: | Stuart Grace (stuartgrace) → Jonathan Rosser (jrosser) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (stable/xena) | #3 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (stable/wallaby) | #4 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 21.0.0.0rc1 | #5 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on keystone (stable/wallaby) | #6 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on keystone (stable/xena) | #7 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/