Bug 2240909 - (OpenStack/Keystone) Secure RBAC within RGW is missing
Summary: (OpenStack/Keystone) Secure RBAC within RGW is missing
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: Backlog
Assignee: Matt Benjamin (redhat)
QA Contact: Madhavi Kasturi
URL:
Whiteboard:
Depends On: 1228474 1901857
Blocks: 1820257 1901691 2076150 2122298
TreeView+ depends on / blocked
 
Reported: 2023-09-27 08:16 UTC by Francesco Pantano
Modified: 2023-11-09 16:18 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 1901857
Environment:
Last Closed: 2023-11-09 16:18:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCEPH-7560 0 None None None 2023-09-27 08:19:54 UTC

Description Francesco Pantano 2023-09-27 08:16:34 UTC 
SRBAC has been included in RHCSv5 and RHCSv6.
However, while switching to Reef upstream, we realized this feature is missing [1]

[1] https://github.com/ceph/ceph/pull/45469
Comment 2 Manoj Katari 2023-11-09 16:13:24 UTC 
This SRBAC feature [1] is available in downstream RHCSv7 


[ceph: root@edpm-compute-0 /]# ceph config set mgr rgw_keystone_accepted_reader_roles "SwiftSystemReader"
[ceph: root@edpm-compute-0 /]# ceph config dump | grep -i swift
mgr           advanced  rgw_keystone_accepted_reader_roles     SwiftSystemReader             * 
[ceph: root@edpm-compute-0 /]# ceph -v
ceph version 18.2.0-120.el9cp (015ec02f7f835b04129e06183e73523f897e5a12) reef (stable)
[ceph: root@edpm-compute-0 /]# 


but it is still missing in upstream Reef.

[1] https://github.com/ceph/ceph/pull/45469
Note You need to log in before you can comment on or make changes to this bug.