Ceph » rgw

Problem

Automation modules in Terraform or Ansible that provide automation around IAM and roles need first to check the identity of the caller, and if policies exist using the API calls mentioned in this epic, currently in RGW, they are not available,e and automation fails to run without workarounds.

Goal
Consistency with AWS Services: Many organizations migrating or integrating with Ceph RGW from AWS S3 rely on the same IAM practices used within AWS.

Support for Terraform IAM Automation: Terraform IAM automation depends on the ability to call sts:GetCallerIdentity and iam:GetPolicy as a first step in policy management. These calls verify if the IAM policies exist and whether the user or service has appropriate access.

Enhanced Policy Management: These API extensions are integral for robust policy management, allowing for secure validation of user identities and access policies before policy creation or modification.

Add:

sts:GetCallerIdentity
https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html