Permit access to Ceph RGW for 'member' role
From the Rocky release, Keystone is bootstrapped by default [1] with a 'member' role, while previously we used to create at deployment time a role called 'Member'. Role names are case insensitive in Keystone but Ceph RGW expects a whitelist of role names to which access is permitted. This change adds 'member' to the Ceph RGW whitelist, in addition to 'Member'. 1. https://blueprints.launchpad.net/keystone/+spec/basic-default-roles Change-Id: Ib3c70c136fa4a03b58edc370343a01d657b5b101 Closes-Bug: 1847539
This commit is contained in:
parent
30bb654b1b
commit
1357a131c8
|
@ -309,7 +309,7 @@ resources:
|
|||
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
|
||||
rgw_keystone_api_version: 3
|
||||
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
rgw_keystone_accepted_roles: 'Member, admin'
|
||||
rgw_keystone_accepted_roles: 'member, Member, admin'
|
||||
rgw_keystone_accepted_admin_roles: ResellerAdmin
|
||||
rgw_keystone_admin_domain: default
|
||||
rgw_keystone_admin_project: service
|
||||
|
|
|
@ -116,7 +116,7 @@ outputs:
|
|||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'Member' ]
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
|
||||
ceph::rgw::keystone::auth::tenant: service
|
||||
ceph::rgw::keystone::auth::user: swift
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
|
|
Loading…
Reference in New Issue