Re: [ceph-users] rgw make container private again

Thu, 05 Apr 2018 04:29:15 -0700 

There is an existing bug related to the impossibility to delete the read ACL of 
Swift.
Check https://tracker.ceph.com/issues/22897

V.

On 30/03/18, 18:11 , "ceph-users on behalf of Vladimir Prokofev" 
<ceph-users-boun...@lists.ceph.com on behalf of v...@prokofev.me> wrote:

    As usual, I found solution after a while.
    Metadata field is not deleting as it should by API docs, but it can be 
changed. So I just changed it with
    curl -X POST -i -H "X-Auth-Token: <authtoken> -H "X-Container-Read: 
<project_id>:*" https://endpoint.url/swift/v1/containername
    
    and now metadata field looks like this
    X-Container-Read: <project_id>:*
    
    
    Essentialy this behaves the same as when there's no  
    X-Container-Read at all.
    
    
    But
     overall this is still an issue - what should've taken 5 seconds to just 
uncheck a box in Horizon interface turned into couple hours of debugging.
    Can
     anyone who uses same version check if this issue is reproducible? If so - 
this seems to be a ticket-worthy.
    
    
    
    
    2018-03-30 17:40 GMT+03:00 Vladimir Prokofev 
    <v...@prokofev.me>:
    
    CEPH 12.2.2, RGW.
    I'm using it as an object storage endpoint for Openstack.
    
    
    Recently while browsing an object storage from Horizon, I accidently marked 
container as public. The issue is - I can't make it private again!
    Docs state that to do it I should simply delete X-Container-Read metadata, 
but I just can't!
    
    
    Examples:
    private container headers(only relevant output, some other empty container):
    X-Container-Bytes-Used-Actual: 0
    
    X-Storage-Policy: default-placement
    
    
    
    public container headers(only
     relevant output):
    X-Container-Bytes-Used-Actual: 114688
    X-Container-Read: .r:*,.rlistings
    X-Storage-Policy: default-placement
    
    
    As you can see, there's now an X-Container-Read
     header.
    
    
    
    
    I've tried to make it back private with swift client and curl, but to no 
success. Here're some curl examples.
    
    
    Updating works!
    If I do
    curl -X POST -i -H "X-Auth-Token: <authoken>" -H "X-Container-Read: .r:test"
    https://endpoint.url/swift/v1/containername
    
    metadata will become
    X-Container-Read: .r:test
    
    
    
    But if I do
    curl -X POST -i -H "X-Auth-Token: <authtoken>" -H "X-Remove-Container-Read: 
x"
    https://endpoint.url/swift/v1/containername
    
    
    
    nothing happens, metadata field will remain there.
    
    
    So is this a broken API in RGW, or am I missing something? Maybe there's 
some explicit warning that after becoming public you can't make container 
private again?
    
    
    
    
    
    
    
    

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to