Actions
Bug #14298
closedI can't get all user info using admin api return 403
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
I can't use
GET /{admin}/user?format=json
get all user info ,but get one user info is ok
I haved add cap "users=*"
user info:
{ "user_id": "testuser", "display_name": "First User", "email": "", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [ { "id": "testuser:swift", "permissions": "full-control" } ], "keys": [ { "user": "testuser:swift", "access_key": "FS8MV67F40TCO42FEK15", "secret_key": "" }, { "user": "testuser", "access_key": "M2AW94CC9L3AAKZLLZP4", "secret_key": "Y5a9kUfU8MV70NSnknFIua8kImgMYMVz4Xe37GqS" } ], "swift_keys": [ { "user": "testuser:swift", "secret_key": "L8p9xZXENF97a2lOA5AqxekgXLU0iCwD7A9cpOu3" } ], "caps": [ { "type": "admin", "perm": "*" }, { "type": "buckets", "perm": "*" }, { "type": "metadata", "perm": "*" }, { "type": "usage", "perm": "*" }, { "type": "users", "perm": "*" }, { "type": "zone", "perm": "*" } ], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }
get user 'testuser',I add the 'uid' param
curl -i -X GET http://192.168.138.131/admin/user?format=json\&uid=testuser -H "Content-length:0" -H "User-agent:Boto/2.38.0 Python/2.7.11 Windows/7" -H "Date:Fri, 08 Jan 2016 04:22:30 GMT" -H "Authorization:AWS M2AW94CC9L3AAKZLLZP4:bncns1Muw7wMVf7T6gje8fhmBtA="
return
{"user_id":"testuser","display_name":"First User","email":"","suspended":0,"max_buckets":1000,"subusers":[{"id":"testuser:swift","permissions":"full-control"}],"keys":[{"user":"testuser:swift","access_key":"FS8MV67F40TCO42FEK15","secret_key":""},{"user":"testuser","access_key":"M2AW94CC9L3AAKZLLZP4","secret_key":"Y5a9kUfU8MV70NSnknFIua8kImgMYMVz4Xe37GqS"}],"swift_keys":[{"user":"testuser:swift","secret_key":"L8p9xZXENF97a2lOA5AqxekgXLU0iCwD7A9cpOu3"}],"caps":[{"type":"admin","perm":"*"},{"type":"buckets","perm":"*"},{"type":"metadata","perm":"*"},{"type":"usage","perm":"*"},{"type":"users","perm":"*"},{"type":"zone","perm":"*"}]}
when delete the uid param
curl -i -X GET http://192.168.138.131/admin/user?format=json -H "Content-length:0" -H "User-agent:Boto/2.38.0 Python/2.7.11 Windows/7" -H "Date:Fri, 08 Jan 2016 04:23:53 GMT" -H "Authorization:AWS M2AW94CC9L3AAKZLLZP4:Fc5UgEUmMHK7s86noP02aMw1Dcg="
return 403
{"Code":"AccessDenied"}
radosgw debug 20:
2016-01-08 12:25:18.969865 7f75841ec700 1 ====== starting new request req=0x7f75ac04d370 ===== 2016-01-08 12:25:18.969887 7f75841ec700 2 req 22:0.000021::GET /admin/user::initializing for trans_id = tx000000000000000000016-00568f3a2e-8564-default 2016-01-08 12:25:18.969893 7f75841ec700 10 host=192.168.138.131 2016-01-08 12:25:18.969895 7f75841ec700 20 subdomain= domain= in_hosted_domain=0 2016-01-08 12:25:18.969952 7f75841ec700 2 req 22:0.000087::GET /admin/user::getting op 2016-01-08 12:25:18.969957 7f75841ec700 2 req 22:0.000092::GET /admin/user:get_user_info:authorizing 2016-01-08 12:25:18.970009 7f75841ec700 10 get_canon_resource(): dest=/admin/user 2016-01-08 12:25:18.970012 7f75841ec700 10 auth_hdr: GET Fri, 08 Jan 2016 04:23:53 GMT /admin/user 2016-01-08 12:25:18.970102 7f75841ec700 15 calculated digest=Fc5UgEUmMHK7s86noP02aMw1Dcg= 2016-01-08 12:25:18.970105 7f75841ec700 15 auth_sign=Fc5UgEUmMHK7s86noP02aMw1Dcg= 2016-01-08 12:25:18.970107 7f75841ec700 15 compare=0 2016-01-08 12:25:18.970110 7f75841ec700 2 req 22:0.000245::GET /admin/user:get_user_info:reading permissions 2016-01-08 12:25:18.970114 7f75841ec700 2 req 22:0.000249::GET /admin/user:get_user_info:init op 2016-01-08 12:25:18.970116 7f75841ec700 2 req 22:0.000251::GET /admin/user:get_user_info:verifying op mask 2016-01-08 12:25:18.970124 7f75841ec700 20 required_mask= 0 user.op_mask=7 2016-01-08 12:25:18.970126 7f75841ec700 2 req 22:0.000261::GET /admin/user:get_user_info:verifying op permissions 2016-01-08 12:25:18.970129 7f75841ec700 2 req 22:0.000264::GET /admin/user:get_user_info:verifying op params 2016-01-08 12:25:18.970132 7f75841ec700 2 req 22:0.000267::GET /admin/user:get_user_info:executing 2016-01-08 12:25:18.970249 7f75841ec700 2 req 22:0.000384::GET /admin/user:get_user_info:http status=403 2016-01-08 12:25:18.970254 7f75841ec700 1 ====== req done req=0x7f75ac04d370 http_status=403 ====== 2016-01-08 12:25:18.970263 7f75841ec700 20 process_request() returned -13 2016-01-08 12:25:18.970299 7f75841ec700 1 civetweb: 0x7f75ac009b30: 192.168.138.131 - - [08/Jan/2016:12:25:18 +0800] "GET /admin/user HTTP/1.1" 403 0 - Boto/2.38.0 Python/2.7.11 Windows/7
Updated by guanghui wang over 8 years ago
I find the way list all user
https://www.mail-archive.com/ceph-users%40lists.ceph.com/msg09969.html
But at [[http://docs.ceph.com/docs/master/radosgw/adminops/#get-user-info]]
Get user information. If no user is specified returns the list of all users along with suspension information.
is it a bug?
Actions