openstack team mailing list archive

Thread
Date

Re: 403 Forbidden integrate keystone essex with swift 1.4.9

To: jojo_wanglin@xxxxxxxx
From: Kuo Hugo <tonytkdk@xxxxxxxxx>
Date: Thu, 29 Mar 2012 22:59:51 +0800
Cc: openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20120329093834.BAB07130CD1@webmail.sinamail.sina.com.cn>

Well , it looks normal in my consideration.

You specify the operator must have Member or admin role for accessing
swift.
If there's a user associates a role which named "watcher" . It will be
block in swift_auth filter .
That's the function of swift_auth , right ?  It looks pretty match to
your expectation.

<jojo_wanglin@xxxxxxxx> 於 2012年3月29日下午5:38 寫道：

> Hi all:
>
> The story is: when i integrate keystone essex with swift 1.4.9, i use
> swift_auth for authorization, the configuration is belows:
>
> [filter:keystone]
> paste.filter_factory = keystone.middleware.swift_auth:filter_factory
> operator_roles = Member,admin
>
> If I access the swift service using swift command with the user who has
> the "Member, admin" role, it works successfully, but if i access using a
> user who has another role, it get the "403 Forbidden".
>
>
> That is why?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
+Hugo Kuo+
tonytkdk@xxxxxxxxx
+ <tonytkdk@xxxxxxxxx>886 935004793

References

403 Forbidden integrate keystone essex with swift 1.4.9
From: jojo_wanglin, 2012-03-29