Permit access to Ceph RGW for 'member' role
From the Rocky release, Keystone is bootstrapped by default [1]
with a 'member' role, while previously we used to create at
deployment time a role called 'Member'.
Role names are case insensitive in Keystone but Ceph RGW expects
a whitelist of role names to which access is permitted. This change
adds 'member' to the Ceph RGW whitelist, in addition to 'Member'.
1. https://blueprints.launchpad.net/keystone/+spec/basic-default-roles
Change-Id: Ib3c70c136fa4a03b58edc370343a01d657b5b101
Closes-Bug: 1847539
(cherry picked from commit 1357a131c8
)
This commit is contained in:
parent
57da31329e
commit
7ecd756b7c
|
@ -429,7 +429,7 @@ resources:
|
|||
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
|
||||
rgw_keystone_api_version: 3
|
||||
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
rgw_keystone_accepted_roles: 'Member, admin'
|
||||
rgw_keystone_accepted_roles: 'member, Member, admin'
|
||||
rgw_keystone_accepted_admin_roles: ResellerAdmin
|
||||
rgw_keystone_admin_domain: default
|
||||
rgw_keystone_admin_project: service
|
||||
|
|
|
@ -103,7 +103,7 @@ outputs:
|
|||
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
||||
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
||||
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'Member' ]
|
||||
ceph::rgw::keystone::auth::roles: [ 'admin', 'member' ]
|
||||
ceph::rgw::keystone::auth::tenant: service
|
||||
ceph::rgw::keystone::auth::user: swift
|
||||
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
||||
|
|
Loading…
Reference in New Issue