Bug 2240909

Summary: (OpenStack/Keystone) Secure RBAC within RGW is missing
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Francesco Pantano <fpantano>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED CURRENTRELEASE QA Contact: Madhavi Kasturi <mkasturi>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: akraj, aoconnor, cbodley, ceph-eng-bugs, cephqe-warriors, gcharot, gfidente, igarciam, johfulto, kbader, mbenjamin, mkasturi, mkatari, mwatts, pdiazbou, pgrist, prsrivas, seamurph, tchandra, tserlin, uboppana, yrabl, zaitcev
Target Milestone: ---Keywords: FutureFeature
Target Release: Backlog   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1901857 Environment:
Last Closed: 2023-11-09 16:18:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1228474, 1901857    
Bug Blocks: 1820257, 1901691, 2076150, 2122298    

Description Francesco Pantano 2023-09-27 08:16:34 UTC 
SRBAC has been included in RHCSv5 and RHCSv6.
However, while switching to Reef upstream, we realized this feature is missing [1]

[1] https://github.com/ceph/ceph/pull/45469
Comment 2 Manoj Katari 2023-11-09 16:13:24 UTC 
This SRBAC feature [1] is available in downstream RHCSv7 


[ceph: root@edpm-compute-0 /]# ceph config set mgr rgw_keystone_accepted_reader_roles "SwiftSystemReader"
[ceph: root@edpm-compute-0 /]# ceph config dump | grep -i swift
mgr           advanced  rgw_keystone_accepted_reader_roles     SwiftSystemReader             * 
[ceph: root@edpm-compute-0 /]# ceph -v
ceph version 18.2.0-120.el9cp (015ec02f7f835b04129e06183e73523f897e5a12) reef (stable)
[ceph: root@edpm-compute-0 /]# 


but it is still missing in upstream Reef.

[1] https://github.com/ceph/ceph/pull/45469