openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #09288
Re: 403 Forbidden integrate keystone essex with swift 1.4.9
Well , it looks normal in my consideration.
You specify the operator must have Member or admin role for accessing
swift.
If there's a user associates a role which named "watcher" . It will be
block in swift_auth filter .
That's the function of swift_auth , right ? It looks pretty match to
your expectation.
<jojo_wanglin@xxxxxxxx> 於 2012年3月29日下午5:38 寫道:
> Hi all:
>
> The story is: when i integrate keystone essex with swift 1.4.9, i use
> swift_auth for authorization, the configuration is belows:
>
> [filter:keystone]
> paste.filter_factory = keystone.middleware.swift_auth:filter_factory
> operator_roles = Member,admin
>
> If I access the swift service using swift command with the user who has
> the "Member, admin" role, it works successfully, but if i access using a
> user who has another role, it get the "403 Forbidden".
>
>
> That is why?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
--
+Hugo Kuo+
tonytkdk@xxxxxxxxx
+ <tonytkdk@xxxxxxxxx>886 935004793
References