From 69742b482390a16bcd5dedf6c8f8013752771ea9 Mon Sep 17 00:00:00 2001 From: Anthony D'Atri Date: Fri, 29 Jul 2022 00:11:22 -0700 Subject: [PATCH] doc/radosgw: make s3 uppercase s/s3/S3/ (cherry picked from commit 73f0d5707d275529416d5110160b9ff5ead23d22) Signed-off-by: Anthony D'Atri --- doc/radosgw/STS.rst | 11 ++++++++++- doc/radosgw/STSLite.rst | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/radosgw/STS.rst b/doc/radosgw/STS.rst index b4cd67148b582..f0729680b7d56 100644 --- a/doc/radosgw/STS.rst +++ b/doc/radosgw/STS.rst @@ -107,6 +107,15 @@ Examples those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, according to the permission policy attached to the role. +.. code-block:: console + + radosgw-admin caps add --uid="TESTER" --caps="roles=*" + +2. The following is an example of the AssumeRole API call, which shows steps to create a role, assign a policy to it + (that allows access to S3 resources), assuming a role to get temporary credentials and accessing S3 resources using + those credentials. In this example, TESTER1 assumes a role created by TESTER, to access S3 resources owned by TESTER, + according to the permission policy attached to the role. + .. code-block:: python import boto3 @@ -286,4 +295,4 @@ Steps for integrating Radosgw with Keycloak can be found here STSLite ======= STSLite has been built on STS, and documentation for the same can be found here -:doc:`STSLite`. \ No newline at end of file +:doc:`STSLite`. diff --git a/doc/radosgw/STSLite.rst b/doc/radosgw/STSLite.rst index c78c14e5005b3..f5dae7050a173 100644 --- a/doc/radosgw/STSLite.rst +++ b/doc/radosgw/STSLite.rst @@ -35,7 +35,7 @@ Parameters: **TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required. An administrative user needs to attach a policy to allow invocation of GetSessionToken API using its permanent -credentials and to allow subsequent s3 operations invocation using only the temporary credentials returned +credentials and to allow subsequent S3 operations invocation using only the temporary credentials returned by GetSessionToken. The user attaching the policy needs to have admin caps. For example:: -- 2.39.5