From: Anthony D'Atri Date: Fri, 29 Jul 2022 07:11:22 +0000 (-0700) Subject: doc/radosgw: make s3 uppercase X-Git-Tag: v17.2.4~162^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=69742b482390a16bcd5dedf6c8f8013752771ea9;p=ceph.git doc/radosgw: make s3 uppercase s/s3/S3/ (cherry picked from commit 73f0d5707d275529416d5110160b9ff5ead23d22) Signed-off-by: Anthony D'Atri --- diff --git a/doc/radosgw/STS.rst b/doc/radosgw/STS.rst index b4cd67148b58..f0729680b7d5 100644 --- a/doc/radosgw/STS.rst +++ b/doc/radosgw/STS.rst @@ -107,6 +107,15 @@ Examples those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, according to the permission policy attached to the role. +.. code-block:: console + + radosgw-admin caps add --uid="TESTER" --caps="roles=*" + +2. The following is an example of the AssumeRole API call, which shows steps to create a role, assign a policy to it + (that allows access to S3 resources), assuming a role to get temporary credentials and accessing S3 resources using + those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, + according to the permission policy attached to the role. + .. code-block:: python import boto3 @@ -286,4 +295,4 @@ Steps for integrating Radosgw with Keycloak can be found here STSLite ======= STSLite has been built on STS, and documentation for the same can be found here -:doc:`STSLite`. \ No newline at end of file +:doc:`STSLite`. diff --git a/doc/radosgw/STSLite.rst b/doc/radosgw/STSLite.rst index c78c14e5005b..f5dae7050a17 100644 --- a/doc/radosgw/STSLite.rst +++ b/doc/radosgw/STSLite.rst @@ -35,7 +35,7 @@ Parameters: **TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required. An administrative user needs to attach a policy to allow invocation of GetSessionToken API using its permanent -credentials and to allow subsequent s3 operations invocation using only the temporary credentials returned +credentials and to allow subsequent S3 operations invocation using only the temporary credentials returned by GetSessionToken. The user attaching the policy needs to have admin caps. For example::