Bug 1274084
Summary: | [RFE] Support for AWS Secure Token Service (STS) with RGW | |||
---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Neil Levine <nlevine> | |
Component: | RGW | Assignee: | Pritha Srivastava <prsrivas> | |
Status: | CLOSED ERRATA | QA Contact: | Tejas <tchandra> | |
Severity: | medium | Docs Contact: | Karen Norteman <knortema> | |
Priority: | medium | |||
Version: | 1.3.0 | CC: | anharris, cbodley, ceph-eng-bugs, flucifre, hnallurv, jbrier, kbader, kdreyer, knortema, mbenjamin, mwatts, prsrivas, rmandyam, sweil, tserlin, uboppana, yweinste | |
Target Milestone: | rc | Keywords: | FutureFeature | |
Target Release: | 4.1 | Flags: | uboppana:
needinfo+
|
|
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ceph-14.2.8-41.el8cp, ceph-14.2.8-33.el7cp | Doc Type: | Enhancement | |
Doc Text: |
.Support for Amazon S3 resources in Ceph Object Gateway
AWS provides the Secure Token Service (STS) to allow secure federation with existing OpenID Connect/ OAuth2.0 compliant identity services such as Keycloak.
STS is a standalone REST service that provides temporary tokens for an application or user to access a Simple Storage Service (S3) endpoint after the user authenticates against an identity provider (IDP).
Previously, users without permanent Amazon Web Services (AWS) credentials could not access S3 resources through Ceph Object Gateway.
With this update, Ceph Object Gateway supports STS AssumeRoleWithWebIdentity.
This service allows web application users who have been authenticated with an OpenID Connect/OAuth 2.0 compliant IDP to access S3 resources through Ceph Object Gateway.
For more information, see link:{developer-guide}#secure-token-service_dev[Secure Token Service] in the link:{developer-guide}[Developer Guide].
|
Story Points: | --- | |
Clone Of: | ||||
: | 1812537 (view as bug list) | Environment: | ||
Last Closed: | 2020-05-19 17:30:39 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1812537, 1816167 |
Description
Neil Levine
2015-10-21 21:04:32 UTC
STS is not in master. From Marcus' comment in bug 1261912, STS support may land in Kraken, with the possibility of a backport to Jewel. Re-targeting to RHCS 2.1. Hi Matt, Commits related to IAM API support are not present in Nautilus 14.2.1, they are there in master though. Thanks, Pritha Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. Regards, Giri Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. Regards, Giri Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:2231 |