rgw:STSLite documentation correction

Correcting STS documentation to remove s3curl.pl command for getsessiontoken and replacing it with user policy Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
2024-12-26 21:43:10 +00:00 · 2020-03-04 04:05:50 +05:30 · 2020-03-04 04:05:50 +05:30 · 89a2ade827
commit 89a2ade827
parent b58c14a2d8
1 changed files with 5 additions and 3 deletions
--- a/doc/radosgw/STSLite.rst
+++ b/doc/radosgw/STSLite.rst
@ -37,14 +37,16 @@ Parameters:
 An end user needs to attach a policy to allow invocation of GetSessionToken API using its permanent
 credentials and to allow subsequent s3 operations invocation using only the temporary credentials returned
 by GetSessionToken.
-The following is an example of attaching the policy to a user 'TESTER1'::
-
-    s3curl.pl --debug --id admin -- -s -v -X POST "http://localhost:8000/?Action=PutUserPolicy&PolicyName=Policy1&UserName=TESTER1&PolicyDocument=\{\"Version\":\"2012-10-17\",\"Statement\":\[\{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":\[\"*\"\],\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\},\{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":\{\"BoolIfExists\":\{\"sts:authentication\":\"false\"\}\}\}\]\}&Version=2010-05-08"

 The user attaching the policy needs to have admin caps. For example::

    radosgw-admin caps add --uid="TESTER" --caps="user-policy=*"

+The following is the policy that needs to be attached to a user 'TESTER1'::
+
+    user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
+
+
 STS Lite Configuration
 ======================