← Back to team overview

openstack team mailing list archive

swift acl's

 

Hi All,

I am testing acl support in swift-1.4.5. According to the document
http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the
syntax to allow all non-admin users read access to the container except for
one is as following.

Executing the curl following curl command from an admin user.
curl -v -X POST -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
http://127.0.0.1:8080/v1/AUTH_test/cont -H 'X-Container-Read:
.r:*,.rlistings,.r:-test:tester3'

curl -v -X HEAD -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
http://127.0.0.1:8080/v1/AUTH_test/cont
*About to connect() to 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> HEAD /v1/AUTH_test/cont HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: 127.0.0.1:8080\
> Accept:
> X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47
>
< HTTP/1.1 204 No Content
< X-Container-Object-Count: 10
< X-Container-Read: .r:*,.rlistings,.r:-test:tester3
< X-Container-Bytes-Used: 100000000
< Accept-Ranges: bytes
< Content-Length: 0
< Date: Thu, 15 Dec 2011 18:38:25 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
-- 

But GET operations still succeed for the user tester3. What else is
required to make the swift-server deny this user from doing GET operations.
Thanks in advance.

regards,
Junaid