Bug #17779
closedrgw: s3 API does not honor rgw_keystone_implicit_tenants when keystone integration is configured
0%
Description
When I tried to access rgw configured with keystone integration using S3 API with a new user , It appears that the new user is still access with legacy tenant (i.e. global). Swift API works as intended.
Here is the relevant command output:
root@ceph-radosgw:~# radosgw-admin metadata list user
[
"1b614dca7b8e4582aba67581d92e8aa8",
"9c40f84284fa4bddb7ca381fd32054c3$9c40f84284fa4bddb7ca381fd32054c3",
"1b614dca7b8e4582aba67581d92e8aa8$1b614dca7b8e4582aba67581d92e8aa8"
]
"1b614dca7b8e4582aba67581d92e8aa8$1b614dca7b8e4582aba67581d92e8aa8" is the user auto-created using Swift API
"1b614dca7b8e4582aba67581d92e8aa8" is the user auto-created using S3 API
Note that you need to access rgw using swift API before using S3 API, otherwise the user "1b614dca7b8e4582aba67581d92e8aa8$1b614dca7b8e4582aba67581d92e8aa8" will not be created.
root@ceph-radosgw:~# radosgw-admin bucket list
[
"s3-bucket",
"1b614dca7b8e4582aba67581d92e8aa8\/swift-bucket"
]
You can also see the "s3-bucket" (created using S3 API) is in global tenant, while swift-bucket is in user tenant. S3 API cannot access buckets created using Swift API and vice versa.
Files