openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #11628
Re: Swift Object Storage ACLs with KeyStone
Vish ,
Thank you for answering.
While ,sorry,I don`t understand your said.
Do you mean I have to do like follows when I setting up acls:
curl ?CX PUT -i \
-H "X-Auth-Token: <token of demo:demo>" \
-H "X-Container-Read: <tenant_id:user_id>" \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Or,other operations and settings?
------------------
Best Regards
ZhangJialong
------------------ Original ------------------
From: "Vishvananda Ishaya"<vishvananda@xxxxxxxxx>;
Date: Sat, May 12, 2012 03:03 AM
To: "??????"<zhangjl@xxxxxxxxxxx>;
Cc: "openstack"<openstack@xxxxxxxxxxxxxxxxxxx>;
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id.
Vish
On Fri, May 11, 2012 at 12:51 AM, ?????? <zhangjl@xxxxxxxxxxx> wrote:
Hello, everyone.
I encountered some problems when i set permissions (ACLs) on Openstack Swift containers.
I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 .
My swift proxy-server.conf and keystone.conf are here:
http://pastebin.com/dUnHjKSj
Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0 ) to
initialize keystone.
After these operations,I got the token of demo:demo and newuser:newuser
curl -s -H 'Content-type: application/json' \
-d '{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "demo", "password": "admin"}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
curl -s -H 'Content-type: application/json' \
-d '{"auth": {"tenantName": "newuser", "passwordCredentials": {"username": "newuser", "password": "admin"}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
Then,enable read access to newuser:newuser
curl ?CX PUT -i \
-H "X-Auth-Token: <token of demo:demo>" \
-H "X-Container-Read: newuser:newuser" \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Check the permission of the container:
curl -k -v -H 'X-Auth-Token:<token of demo:demo>' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
This is the reply of the operation:
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: newuser:newuser
X-Container-Bytes-Used: 2735
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Fri, 11 May 2012 07:30:23 GMT
opensatck_essex_data.sh
Now,the user newuser:newuser visit the container of demo:demo
curl -k -v -H 'X-Auth-Token:<token of newuser:newuser>' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
While,I got 403 error.Can someone help me?
------------------
Best Regards
ZhangJialong
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups