Can you try using 'HTTP-X-Container-Read' instead?
On Mon, Jul 8, 2013 at 11:31 PM, Alvaro Izquierdo Jimeno <aizquie...@aubay.es> wrote: > Hi, > > I´m using RedHat 6.4. > Attached two files: one with the log output from GET bucket1 from ytenant and > the other with the log output from GET object1 from ytenant (both with 401 > response) > > When I get the bucket (after the Put request with X-Container-Read header) > from xtenant, I can see > > < HTTP/1.1 200 > < Date: Tue, 09 Jul 2013 06:24:27 GMT > < Server: Apache/2.2.15 (Red Hat) > < Connection: close > < Transfer-Encoding: chunked > < Content-Type: text/plain; charset=utf-8 > < > Object1 > * Closing connection #0 > > But, where is the X-Container-Read header? it should appear? Maybe the > problem is saving the metadata header.... > > Thanks a lot, > Álvaro > > > > -----Mensaje original----- > De: Yehuda Sadeh [mailto:yeh...@inktank.com] > Enviado el: martes, 09 de julio de 2013 7:53 > Para: Alvaro Izquierdo Jimeno > CC: ceph-users@lists.ceph.com > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > From what I can tell, this should be enough. I'll need to see more concrete > logs to figure out what went wrong though. > > Yehuda > > On Mon, Jul 8, 2013 at 10:47 PM, Alvaro Izquierdo Jimeno > <aizquie...@aubay.es> wrote: >> Any idea? >> >> Thanks a lot, >> Álvaro. >> >> -----Mensaje original----- >> De: ceph-users-boun...@lists.ceph.com >> [mailto:ceph-users-boun...@lists.ceph..com] En nombre de Alvaro >> Izquierdo Jimeno Enviado el: viernes, 05 de julio de 2013 11:58 >> Para: Yehuda Sadeh >> CC: ceph-users@lists.ceph.com >> Asunto: Re: [ceph-users] (keystone + radosgw ) users >> >> Hi, >> >> Maybe i forgot something but i can't use this behavior: >> >> I will try to explain my setting: >> >> I have two keystone users: 'x' and 'y' >> And two keystone tenants: 'xtenant' and 'ytenant' >> >> In ceph.conf I have the option: >> rgw enforce swift acls = true >> >> I have got the token for x and xtenant with curl -k -X 'POST' -v >> http://mykeystone:5000/v2.0/tokens -d >> '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, >> "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json' >> >> Create a container (with permissions to ytenant) and an object curl -v >> -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: >> x_token' http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H >> 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1 >> >> I can get the container and object with x_token: >> curl -v -X GET -H 'X-Auth-Token: x_token' >> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >> x_token' http://myradosgw/swift/v1/bucket1/object1 >> >> until this moment, all ok. >> >> I have got the token for y and ytenant with >> >> curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d >> '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, >> "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json' >> >> But, radosgw returns a 401 when I try to get the container or the bucket: >> curl -v -X GET -H 'X-Auth-Token: y_token' >> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >> y_token' http://myradosgw/swift/v1/bucket1/object1 >> >> >> What have I forgotten? >> >> Thanks and regards, >> Álvaro. >> >> -----Mensaje original----- >> De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: viernes, 05 >> de julio de 2013 8:39 >> Para: Alvaro Izquierdo Jimeno >> CC: ceph-users@lists.ceph.com >> Asunto: Re: [ceph-users] (keystone + radosgw ) users >> >> The rados gateway supports swift form of ACLs on buckets in which it is >> possible to set read/write permissions for each bucket to allow access for >> its objects. This can be done by setting the X-Container-Read, and >> X-Container-Write attributes on the containers. >> Each attribute is a comma delimited list of permitted users that are given >> the specific permission. Note that when using the keystone backed, the >> permissions are given at the tenant level, so they should be referred as >> such (using the tenant hex id). >> >> On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno >> <aizquie...@aubay.es> wrote: >>> May anybody help me? >>> >>> >>> >>> Many thanks and regards, >>> >>> Álvaro. >>> >>> >>> >>> >>> >>> De: ceph-users-boun...@lists.ceph.com >>> [mailto:ceph-users-boun...@lists.ceph.com] En nombre de Alvaro >>> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30 >>> Para: ceph-users@lists.ceph.com >>> Asunto: [ceph-users] (keystone + radosgw ) users >>> >>> >>> >>> Hi all, >>> >>> >>> >>> I have been able to bind openstack keystone and radosgw and have >>> checked users created from keystone can make requests on radosgw. >>> >>> >>> >>> But, how can we handle several tenants and users from keystone? In >>> swift, we have the option of setting up ACLs in the config file and >>> headers to mark which user can make an operation in each container in >>> a specific tenant (for example). Does it exist that option with radosgw >>> instead of swift? >>> >>> >>> >>> Many thanks in advanced and best regards, >>> >>> Álvaro. >>> >>> >>> >>> >>> >>> >>> ____________ >>> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA >>> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com >>> >>> >>> _______________________________________________ >>> ceph-users mailing list >>> ceph-users@lists.ceph.com >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> >> ____________ >> Verificada la ausencia de virus por G Data AntiVirus >> Versión: AVA 22.10718 del 05.07.2013 >> Noticias de virus: www.antiviruslab.com >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> ____________ >> Verificada la ausencia de virus por G Data AntiVirus >> Versión: AVA 22.10827 del 09.07.2013 >> Noticias de virus: www.antiviruslab.com > > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10829 del 09.07.2013 > Noticias de virus: www.antiviruslab.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
