Re: [ceph-users] radosgw keystone accepted roles not matching

Sat, 17 Oct 2015 12:36:07 -0700 

I think I figured it out, for my install the admin token is broken for v2 auth 
and I needed to use user:password w/ admin role.  It is the more correct way to 
do things but is conspicuously missing from here 
http://docs.ceph.com/docs/master/radosgw/keystone/ 
<http://docs.ceph.com/docs/master/radosgw/keystone/> and here 
http://docs.ceph.com/docs/master/radosgw/config-ref/ 
<http://docs.ceph.com/docs/master/radosgw/config-ref/> and I had to read the 
source code to find it.  I would have expected some sort of error to be thrown 
before the role checking failed.  I’ll see if I can’t file a documentation bug.


> On Oct 15, 2015, at 2:06 PM, Mike Lowe <j.michael.l...@gmail.com> wrote:
> 
> I think so, unless I misunderstand how it works.
> 
> (openstack) role list --user jomlowe --project jomlowe
> +----------------------------------+----------+---------+---------+
> | ID                               | Name     | Project | User    |
> +----------------------------------+----------+---------+---------+
> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | jomlowe | jomlowe |
> | 8adcf7413cd3469abe4ae13cf259be6e | user     | jomlowe | jomlowe |
> +----------------------------------+----------+---------+---------+
> 
> 
>> On Oct 15, 2015, at 1:50 PM, Yehuda Sadeh-Weinraub <yeh...@redhat.com> wrote:
>> 
>> On Thu, Oct 15, 2015 at 8:34 AM, Mike Lowe <j.michael.l...@gmail.com> wrote:
>>> I’m having some trouble with radosgw and keystone integration, I always get 
>>> the following error:
>>> 
>>> user does not hold a matching role; required roles: 
>>> Member,user,_member_,admin
>>> 
>>> Despite my token clearly having one of the roles:
>>> 
>>>       "user": {
>>>           "id": "401375297eb540bbb1c32432439827b0",
>>>           "name": "jomlowe",
>>>           "roles": [
>>>               {
>>>                   "id": "8adcf7413cd3469abe4ae13cf259be6e",
>>>                   "name": "user"
>>>               }
>>>           ],
>>>           "roles_links": [],
>>>           "username": "jomlowe"
>>>       }
>>> 
>>> Does anybody have any hints?
>> 
>> 
>> Does the user has these roles assigned on keystone?
>> 
>> Yehuda
> 


_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to