openstack team mailing list archive

Thread
Date

Re: Swift Object Storage ACLs with KeyStone

To: 张家龙 <zhangjl@xxxxxxxxxxx>
From: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
Date: Fri, 11 May 2012 12:03:02 -0700
Cc: openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <tencent_712A694C2B8D3EEE6EA962ED@qq.com>

I'm not totally sure about this, but you might have to use the project_id
from keystone instead of the project_name when setting up acls.   The same
may be true of user_id.

Vish

On Fri, May 11, 2012 at 12:51 AM, 张家龙 <zhangjl@xxxxxxxxxxx> wrote:

>
> Hello, everyone.
>
>     I encountered some problems when i set permissions (ACLs) on Openstack
> Swift containers.
>     I installed swift-1.4.8(essex) and use keystone-2012.1 as
> authentication system on CentOS 6.2 .
>
>     My swift proxy-server.conf and keystone.conf are here:
>     http://pastebin.com/dUnHjKSj
>
>     Then,I use the script named opensatck_essex_data.sh(
> http://pastebin.com/LWGVZrK0) to
>     initialize keystone.
>
>     After these operations,I got the token of demo:demo and newuser:newuser
>
>     curl -s -H 'Content-type: application/json' \
>     -d '{"auth": {"tenantName": "demo", "passwordCredentials":
> {"username": "demo", "password": "admin"}}}' \
>     http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>
>     curl -s -H 'Content-type: application/json' \
>     -d '{"auth": {"tenantName": "newuser", "passwordCredentials":
> {"username": "newuser", "password": "admin"}}}' \
>     http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
>
>     Then,enable read access to newuser:newuser
>
>     curl –X PUT -i \
>     -H "X-Auth-Token: <token of demo:demo>" \
>     -H "X-Container-Read: newuser:newuser" \
>
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
>     Check the permission of the container:
>
>     curl -k -v -H 'X-Auth-Token:<token of demo:demo>' \
>
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
>     This is the reply of the operation:
>
>     HTTP/1.1 200 OK
>     X-Container-Object-Count: 1
>     X-Container-Read: newuser:newuser
>     X-Container-Bytes-Used: 2735
>     Accept-Ranges: bytes
>     Content-Length: 24
>     Content-Type: text/plain; charset=utf-8
>     Date: Fri, 11 May 2012 07:30:23 GMT
>
>     opensatck_essex_data.sh
>
>     Now,the user newuser:newuser visit the container of demo:demo
>
>     curl -k -v -H 'X-Auth-Token:<token of newuser:newuser>' \
>
> http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
>
>     While,I got 403 error.Can someone help me?
>
> **
> ------------------
> Best Regards
>
> ZhangJialong
> **
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

References

Swift Object Storage ACLs with KeyStone
From: ??????, 2012-05-11