rgw: s3 API does not honor rgw_keystone_implicit_tenants when keystone integration is configured
When I tried to access rgw configured with keystone integration using S3 API with a new user , It appears that the new user is still access with legacy tenant (i.e. global). Swift API works as intended.
Here is the relevant command output:
root@ceph-radosgw:~# radosgw-admin metadata list user
"1b614dca7b8e4582aba67581d92e8aa8$1b614dca7b8e4582aba67581d92e8aa8" is the user auto-created using Swift API
"1b614dca7b8e4582aba67581d92e8aa8" is the user auto-created using S3 API
Note that you need to access rgw using swift API before using S3 API, otherwise the user "1b614dca7b8e4582aba67581d92e8aa8$1b614dca7b8e4582aba67581d92e8aa8" will not be created.
root@ceph-radosgw:~# radosgw-admin bucket list
You can also see the "s3-bucket" (created using S3 API) is in global tenant, while swift-bucket is in user tenant. S3 API cannot access buckets created using Swift API and vice versa.
#5 Updated by Yiu Chung Lee over 2 years ago
Well, I read the doc again, and it says "When a client application accesses buckets, it always operates with credentials of a particular user. As mentioned above, every user belongs to a tenant. Therefore, every operation has an implicit tenant in its context", so it seems still to be a bug...