Bug #10062
closeds3-test failures using keystone authentication
0%
Description
- rgw: check for timestamp for s3 keystone auth
- wip: rgw: check keystone auth also for s3 post requests
Using ceph 0.86 along with keystone gives about ~22 failures, while the same setup creating users with cephx authentication gives no failures. The failures are listed below,
ceph version 0.86 (97dcc0539dfa7dac3de74852305d51580b7b1f82) s3tests.functional.test_headers.test_object_create_bad_date_before_today ... FAIL s3tests.functional.test_headers.test_object_create_bad_date_after_today ... FAIL s3tests.functional.test_headers.test_object_create_bad_date_after_end ... FAIL s3tests.functional.test_headers.test_bucket_create_bad_date_before_today ... FAIL s3tests.functional.test_headers.test_bucket_create_bad_date_after_today ... FAIL s3tests.functional.test_s3.test_post_object_authenticated_request ... FAIL s3tests.functional.test_s3.test_post_object_upload_larger_than_chunk ... FAIL s3tests.functional.test_s3.test_post_object_set_key_from_filename ... FAIL s3tests.functional.test_s3.test_post_object_ignored_header ... FAIL s3tests.functional.test_s3.test_post_object_case_insensitive_condition_fields ... FAIL s3tests.functional.test_s3.test_post_object_escaped_field_values ... FAIL s3tests.functional.test_s3.test_post_object_success_redirect_action ... FAIL s3tests.functional.test_s3.test_post_object_invalid_date_format ... FAIL s3tests.functional.test_s3.test_post_object_user_specified_header ... FAIL s3tests.functional.test_s3.test_post_object_condition_is_case_sensitive ... FAIL s3tests.functional.test_s3.test_post_object_expires_is_case_sensitive ... FAIL s3tests.functional.test_s3.test_post_object_missing_expires_condition ... FAIL s3tests.functional.test_s3.test_post_object_missing_conditions_list ... FAIL s3tests.functional.test_s3.test_post_object_upload_size_limit_exceeded ... FAIL s3tests.functional.test_s3.test_post_object_missing_content_length_argument ... FAIL s3tests.functional.test_s3.test_post_object_invalid_content_length_argument ... FAIL s3tests.functional.test_s3.test_post_object_upload_size_below_minimum ... FAIL s3tests.functional.test_s3.test_bucket_acl_default ... FAIL
the radosgw conf section was the standard one from docs
[client.radosgw.gateway] host = ceph keyring = /etc/ceph/ceph.client.radosgw.keyring rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock log file = /var/log/ceph/client.radosgw.gateway.log rgw keystone url = http://127.0.0.1:35357 rgw keystone admin token = nova rgw keystone accepted roles = admin, Member, _member_ rgw keystone token cache size = 100 rgw keystone revocation interval = 600 rgw s3 auth use keystone = true
Updated by Abhishek Lekshmanan over 9 years ago
Looks like for a few of them eg. the date ones occur as it looks like radosgw doesn't consider checking the date headers once keystone returns successfully.
Updated by Abhishek Lekshmanan over 9 years ago
Hi Yehuda, Sage
the patch addressed only the first 5 or so failures as mentioned.
The post_object* tests were still failing with a 403. Diving into this a
bit more, it looks like for post requests in rgw S3, only
`rgw_get_user_info_by_access_key` method is tried from the access_key recvd (as we don't authorize like get/put which tries keystone etc.), which fails with keystone
Updated by Yehuda Sadeh over 9 years ago
- Status changed from Resolved to Pending Backport
Updated by Loïc Dachary over 9 years ago
- Status changed from Pending Backport to Resolved
Updated by Yehuda Sadeh over 9 years ago
- Status changed from Resolved to Pending Backport
Updated by Loïc Dachary about 9 years ago
- Subject changed from s3-test faolures using keystone authentication to s3-test failures using keystone authentication
Updated by Loïc Dachary about 9 years ago
- firefly backport https://github.com/ceph/ceph/pull/3958
Updated by Abhishek Lekshmanan about 9 years ago
Loic Dachary wrote:
- firefly backport https://github.com/ceph/ceph/pull/3958
the backport should be combined with the issue #10698 patch as well
Updated by Loïc Dachary about 9 years ago
- Status changed from Pending Backport to Resolved
- Backport deleted (
firefly, giant)
Backporting #10698 instead
Updated by Abhishek Lekshmanan about 9 years ago
Loic Dachary wrote:
Backporting #10698 instead
Hi #10968 only fixes the POST issue, the timestamp checking introduced in pull [[https://github.com/ceph/ceph/pull/2993]] will probably have to be made seperately?