主页
产品
Red Hat Ceph Storage
4
Developer Guide
2.3.11.6. 围绕将 STS Lite 与 Keystone 搭配使用的限制（技术预览）

2.3.11.6. 围绕将 STS Lite 与 Keystone 搭配使用的限制（技术预览）

Keystone 的一个限制是它不支持 STS 请求。请求中不包含另一个限制的有效负载哈希。要解决这两个限制，必须修改 Boto 身份验证代码。

先决条件

正在运行的 Red Hat Ceph Storage 集群，版本 3.2 或更高版本。
正在运行的 Ceph 对象网关.
安装 Boto Python 模块，版本 3 或更高版本。

流程

打开并编辑 Boto 的 auth.py 文件。

将以下四行添加到代码块中：

class SigV4Auth(BaseSigner):
  """
  Sign a request with Signature V4.
  """
  REQUIRES_REGION = True

  def __init__(self, credentials, service_name, region_name):
      self.credentials = credentials
      # We initialize these value here so the unit tests can have
      # valid values.  But these will get overriden in ``add_auth``
      # later for real requests.
      self._region_name = region_name
      if service_name == 'sts': 
          self._service_name = 's3' 
      else: 
          self._service_name = service_name

class SigV4Auth(BaseSigner):
  """
  Sign a request with Signature V4.
  """
  REQUIRES_REGION = True

  def __init__(self, credentials, service_name, region_name):
      self.credentials = credentials
      # We initialize these value here so the unit tests can have
      # valid values.  But these will get overriden in ``add_auth``
      # later for real requests.
      self._region_name = region_name
      if service_name == 'sts':


          self._service_name = 's3'


      else:


          self._service_name = service_name

Copy to Clipboard

Toggle word wrap

将以下两行添加到代码块中：

def _modify_request_before_signing(self, request):
        if 'Authorization' in request.headers:
            del request.headers['Authorization']
        self._set_necessary_date_headers(request)
        if self.credentials.token:
            if 'X-Amz-Security-Token' in request.headers:
                del request.headers['X-Amz-Security-Token']
            request.headers['X-Amz-Security-Token'] = self.credentials.token

        if not request.context.get('payload_signing_enabled', True):
            if 'X-Amz-Content-SHA256' in request.headers:
                del request.headers['X-Amz-Content-SHA256']
            request.headers['X-Amz-Content-SHA256'] = UNSIGNED_PAYLOAD 
        else: 
            request.headers['X-Amz-Content-SHA256'] = self.payload(request)

def _modify_request_before_signing(self, request):
        if 'Authorization' in request.headers:
            del request.headers['Authorization']
        self._set_necessary_date_headers(request)
        if self.credentials.token:
            if 'X-Amz-Security-Token' in request.headers:
                del request.headers['X-Amz-Security-Token']
            request.headers['X-Amz-Security-Token'] = self.credentials.token

        if not request.context.get('payload_signing_enabled', True):
            if 'X-Amz-Content-SHA256' in request.headers:
                del request.headers['X-Amz-Content-SHA256']
            request.headers['X-Amz-Content-SHA256'] = UNSIGNED_PAYLOAD


        else:


            request.headers['X-Amz-Content-SHA256'] = self.payload(request)

Copy to Clipboard

Toggle word wrap

其它资源

有关安装 Boto Python 模块的更多信息，请参阅 Red Hat Ceph Storage Object Gateway 指南中的 Test S3 Access 部分。

返回顶部

2.3.11.6. 围绕将 STS Lite 与 Keystone 搭配使用的限制（技术预览）

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links