From: Anthony D'Atri Date: Fri, 29 Jul 2022 07:11:22 +0000 (-0700) Subject: doc/radosgw: make s3 uppercase X-Git-Tag: v16.2.11~419^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F47360%2Fhead;p=ceph.git doc/radosgw: make s3 uppercase s/s3/S3/ (Also, a "the" has been added.) (cherry picked from commit 73f0d5707d275529416d5110160b9ff5ead23d22) Signed-off-by: Anthony D'Atri --- diff --git a/doc/radosgw/STS.rst b/doc/radosgw/STS.rst index d843ea5d37c1..30929a537475 100644 --- a/doc/radosgw/STS.rst +++ b/doc/radosgw/STS.rst @@ -95,6 +95,15 @@ Examples those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, according to the permission policy attached to the role. +.. code-block:: console + + radosgw-admin caps add --uid="TESTER" --caps="roles=*" + +2. The following is an example of the AssumeRole API call, which shows steps to create a role, assign a policy to it + (that allows access to S3 resources), assuming a role to get temporary credentials and accessing S3 resources using + those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, + according to the permission policy attached to the role. + .. code-block:: python import boto3 @@ -274,4 +283,4 @@ Steps for integrating Radosgw with Keycloak can be found here STSLite ======= STSLite has been built on STS, and documentation for the same can be found here -:doc:`STSLite`. \ No newline at end of file +:doc:`STSLite`. diff --git a/doc/radosgw/STSLite.rst b/doc/radosgw/STSLite.rst index bccc1694e476..63164e48d3b7 100644 --- a/doc/radosgw/STSLite.rst +++ b/doc/radosgw/STSLite.rst @@ -35,7 +35,7 @@ Parameters: **TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required. An administrative user needs to attach a policy to allow invocation of GetSessionToken API using its permanent -credentials and to allow subsequent s3 operations invocation using only the temporary credentials returned +credentials and to allow subsequent S3 operations invocation using only the temporary credentials returned by GetSessionToken. The user attaching the policy needs to have admin caps. For example::