Reviewed: https://review.opendev.org/c/openstack/keystone/+/754404 Committed: https://opendev.org/openstack/keystone/commit/36d6fc7f8f06b4b4d1af09bd56b3c17fa1a502ca Submitter: "Zuul (22348)" Branch: master
commit 36d6fc7f8f06b4b4d1af09bd56b3c17fa1a502ca Author: Stuart Grace <[email protected]> Date: Fri Sep 25 15:10:22 2020 +0100 Accept STS and IAM services from Ceph Obj Gateway Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS-compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied because _calculate_signature_v4() in api/s3tokens.py only accepts "s3" as the service name. This patch accepts any of "s3" or "sts" or "iam" as valid service names. Change-Id: I69f16ed55dd9852859307b701a8391ba1e71c042 Closes-Bug: #1897280 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1897280 Title: Keystone does not accept Ceph STS and IAM auth requests Status in OpenStack Identity (keystone): Fix Released Bug description: Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS-compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied. This is because api/s3tokens.py only accepts "s3" as the service name. Workaround: https://docs.ceph.com/en/latest/radosgw/STSLite/#limitations-and- workarounds To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1897280/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
