Actions
Bug #14298
closedI can't get all user info using admin api return 403
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
I can't use
GET /{admin}/user?format=json
get all user info ,but get one user info is ok
I haved add cap "users=*"
user info:
{
"user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "testuser:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "testuser:swift",
"access_key": "FS8MV67F40TCO42FEK15",
"secret_key": ""
},
{
"user": "testuser",
"access_key": "M2AW94CC9L3AAKZLLZP4",
"secret_key": "Y5a9kUfU8MV70NSnknFIua8kImgMYMVz4Xe37GqS"
}
],
"swift_keys": [
{
"user": "testuser:swift",
"secret_key": "L8p9xZXENF97a2lOA5AqxekgXLU0iCwD7A9cpOu3"
}
],
"caps": [
{
"type": "admin",
"perm": "*"
},
{
"type": "buckets",
"perm": "*"
},
{
"type": "metadata",
"perm": "*"
},
{
"type": "usage",
"perm": "*"
},
{
"type": "users",
"perm": "*"
},
{
"type": "zone",
"perm": "*"
}
],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}
get user 'testuser',I add the 'uid' param
curl -i -X GET http://192.168.138.131/admin/user?format=json\&uid=testuser -H "Content-length:0" -H "User-agent:Boto/2.38.0 Python/2.7.11 Windows/7" -H "Date:Fri, 08 Jan 2016 04:22:30 GMT" -H "Authorization:AWS M2AW94CC9L3AAKZLLZP4:bncns1Muw7wMVf7T6gje8fhmBtA="
return
{"user_id":"testuser","display_name":"First User","email":"","suspended":0,"max_buckets":1000,"subusers":[{"id":"testuser:swift","permissions":"full-control"}],"keys":[{"user":"testuser:swift","access_key":"FS8MV67F40TCO42FEK15","secret_key":""},{"user":"testuser","access_key":"M2AW94CC9L3AAKZLLZP4","secret_key":"Y5a9kUfU8MV70NSnknFIua8kImgMYMVz4Xe37GqS"}],"swift_keys":[{"user":"testuser:swift","secret_key":"L8p9xZXENF97a2lOA5AqxekgXLU0iCwD7A9cpOu3"}],"caps":[{"type":"admin","perm":"*"},{"type":"buckets","perm":"*"},{"type":"metadata","perm":"*"},{"type":"usage","perm":"*"},{"type":"users","perm":"*"},{"type":"zone","perm":"*"}]}
when delete the uid param
curl -i -X GET http://192.168.138.131/admin/user?format=json -H "Content-length:0" -H "User-agent:Boto/2.38.0 Python/2.7.11 Windows/7" -H "Date:Fri, 08 Jan 2016 04:23:53 GMT" -H "Authorization:AWS M2AW94CC9L3AAKZLLZP4:Fc5UgEUmMHK7s86noP02aMw1Dcg="
return 403
{"Code":"AccessDenied"}
radosgw debug 20:
2016-01-08 12:25:18.969865 7f75841ec700 1 ====== starting new request req=0x7f75ac04d370 ===== 2016-01-08 12:25:18.969887 7f75841ec700 2 req 22:0.000021::GET /admin/user::initializing for trans_id = tx000000000000000000016-00568f3a2e-8564-default 2016-01-08 12:25:18.969893 7f75841ec700 10 host=192.168.138.131 2016-01-08 12:25:18.969895 7f75841ec700 20 subdomain= domain= in_hosted_domain=0 2016-01-08 12:25:18.969952 7f75841ec700 2 req 22:0.000087::GET /admin/user::getting op 2016-01-08 12:25:18.969957 7f75841ec700 2 req 22:0.000092::GET /admin/user:get_user_info:authorizing 2016-01-08 12:25:18.970009 7f75841ec700 10 get_canon_resource(): dest=/admin/user 2016-01-08 12:25:18.970012 7f75841ec700 10 auth_hdr: GET Fri, 08 Jan 2016 04:23:53 GMT /admin/user 2016-01-08 12:25:18.970102 7f75841ec700 15 calculated digest=Fc5UgEUmMHK7s86noP02aMw1Dcg= 2016-01-08 12:25:18.970105 7f75841ec700 15 auth_sign=Fc5UgEUmMHK7s86noP02aMw1Dcg= 2016-01-08 12:25:18.970107 7f75841ec700 15 compare=0 2016-01-08 12:25:18.970110 7f75841ec700 2 req 22:0.000245::GET /admin/user:get_user_info:reading permissions 2016-01-08 12:25:18.970114 7f75841ec700 2 req 22:0.000249::GET /admin/user:get_user_info:init op 2016-01-08 12:25:18.970116 7f75841ec700 2 req 22:0.000251::GET /admin/user:get_user_info:verifying op mask 2016-01-08 12:25:18.970124 7f75841ec700 20 required_mask= 0 user.op_mask=7 2016-01-08 12:25:18.970126 7f75841ec700 2 req 22:0.000261::GET /admin/user:get_user_info:verifying op permissions 2016-01-08 12:25:18.970129 7f75841ec700 2 req 22:0.000264::GET /admin/user:get_user_info:verifying op params 2016-01-08 12:25:18.970132 7f75841ec700 2 req 22:0.000267::GET /admin/user:get_user_info:executing 2016-01-08 12:25:18.970249 7f75841ec700 2 req 22:0.000384::GET /admin/user:get_user_info:http status=403 2016-01-08 12:25:18.970254 7f75841ec700 1 ====== req done req=0x7f75ac04d370 http_status=403 ====== 2016-01-08 12:25:18.970263 7f75841ec700 20 process_request() returned -13 2016-01-08 12:25:18.970299 7f75841ec700 1 civetweb: 0x7f75ac009b30: 192.168.138.131 - - [08/Jan/2016:12:25:18 +0800] "GET /admin/user HTTP/1.1" 403 0 - Boto/2.38.0 Python/2.7.11 Windows/7
Updated by guanghui wang over 8 years ago
I find the way list all user
https://www.mail-archive.com/ceph-users%40lists.ceph.com/msg09969.html
But at [[http://docs.ceph.com/docs/master/radosgw/adminops/#get-user-info]]
Get user information. If no user is specified returns the list of all users along with suspension information.
is it a bug?
Actions