>From what I can tell, this should be enough. I'll need to see more concrete logs to figure out what went wrong though.
Yehuda On Mon, Jul 8, 2013 at 10:47 PM, Alvaro Izquierdo Jimeno <aizquie...@aubay.es> wrote: > Any idea? > > Thanks a lot, > Álvaro. > > -----Mensaje original----- > De: ceph-users-boun...@lists.ceph.com > [mailto:ceph-users-boun...@lists.ceph..com] En nombre de Alvaro Izquierdo > Jimeno > Enviado el: viernes, 05 de julio de 2013 11:58 > Para: Yehuda Sadeh > CC: ceph-users@lists.ceph.com > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > Hi, > > Maybe i forgot something but i can't use this behavior: > > I will try to explain my setting: > > I have two keystone users: 'x' and 'y' > And two keystone tenants: 'xtenant' and 'ytenant' > > In ceph.conf I have the option: > rgw enforce swift acls = true > > I have got the token for x and xtenant with curl -k -X 'POST' -v > http://mykeystone:5000/v2.0/tokens -d > '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, > "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json' > > Create a container (with permissions to ytenant) and an object curl -v -X PUT > -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: x_token' > http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H 'X-Auth-Token: x_token' > http://myradosgw/swift/v1/bucket1/object1 > > I can get the container and object with x_token: > curl -v -X GET -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1 > curl -v -X GET -H 'X-Auth-Token: x_token' > http://myradosgw/swift/v1/bucket1/object1 > > until this moment, all ok. > > I have got the token for y and ytenant with > > curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d > '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, > "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json' > > But, radosgw returns a 401 when I try to get the container or the bucket: > curl -v -X GET -H 'X-Auth-Token: y_token' http://myradosgw/swift/v1/bucket1 > curl -v -X GET -H 'X-Auth-Token: y_token' > http://myradosgw/swift/v1/bucket1/object1 > > > What have I forgotten? > > Thanks and regards, > Álvaro. > > -----Mensaje original----- > De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: viernes, 05 de julio > de 2013 8:39 > Para: Alvaro Izquierdo Jimeno > CC: ceph-users@lists.ceph.com > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > The rados gateway supports swift form of ACLs on buckets in which it is > possible to set read/write permissions for each bucket to allow access for > its objects. This can be done by setting the X-Container-Read, and > X-Container-Write attributes on the containers. > Each attribute is a comma delimited list of permitted users that are given > the specific permission. Note that when using the keystone backed, the > permissions are given at the tenant level, so they should be referred as such > (using the tenant hex id). > > On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno > <aizquie...@aubay.es> wrote: >> May anybody help me? >> >> >> >> Many thanks and regards, >> >> Álvaro. >> >> >> >> >> >> De: ceph-users-boun...@lists.ceph.com >> [mailto:ceph-users-boun...@lists.ceph.com] En nombre de Alvaro >> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30 >> Para: ceph-users@lists.ceph.com >> Asunto: [ceph-users] (keystone + radosgw ) users >> >> >> >> Hi all, >> >> >> >> I have been able to bind openstack keystone and radosgw and have >> checked users created from keystone can make requests on radosgw. >> >> >> >> But, how can we handle several tenants and users from keystone? In >> swift, we have the option of setting up ACLs in the config file and >> headers to mark which user can make an operation in each container in >> a specific tenant (for example). Does it exist that option with radosgw >> instead of swift? >> >> >> >> Many thanks in advanced and best regards, >> >> Álvaro. >> >> >> >> >> >> >> ____________ >> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA >> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com >> >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10718 del 05.07.2013 > Noticias de virus: www.antiviruslab.com > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10827 del 09.07.2013 > Noticias de virus: www.antiviruslab.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
