Permit access to Ceph RGW for 'member' role

From the Rocky release, Keystone is bootstrapped by default [1]
with a 'member' role, while previously we used to create at
deployment time a role called 'Member'.

Role names are case insensitive in Keystone but Ceph RGW expects
a whitelist of role names to which access is permitted. This change
adds 'member' to the Ceph RGW whitelist, in addition to 'Member'.

1. https://blueprints.launchpad.net/keystone/+spec/basic-default-roles

Change-Id: Ib3c70c136fa4a03b58edc370343a01d657b5b101
Closes-Bug: 1847539
(cherry picked from commit 1357a131c8)
This commit is contained in:
Giulio Fidente 2019-10-09 23:19:43 +02:00
parent 57da31329e
commit 7ecd756b7c
2 changed files with 2 additions and 2 deletions

View File

@ -429,7 +429,7 @@ resources:
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'Member, admin'
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service

View File

@ -103,7 +103,7 @@ outputs:
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
ceph::rgw::keystone::auth::roles: [ 'admin', 'Member' ]
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
ceph::rgw::keystone::auth::tenant: service
ceph::rgw::keystone::auth::user: swift
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}