[Openstack] Swift Object Storage ACLs with KeyStone

Tue, 12 Nov 2013 08:43:55 -0800 

Hi all,

I use Openstack Havana (Storage + Identity)
I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. 

My swift proxy-server.conf is here:
     http://pastebin.com/0hpfebNp

My keystone.conf is here:
    http://pastebin.com/VUGYbcM5

I have the token of test1:test1 and test2:test2

curl -s -H 'Content-type: application/json' \
 -d '{"auth": {"tenantName": "test1", "passwordCredentials":
 {"username": "test1", "password": "test1"}}}' \
 http://192.168.3.100:5000/v2.0/tokens | python -mjson.tool


curl -s -H 'Content-type: application/json' \
 -d '{"auth": {"tenantName": "test2", "passwordCredentials":
 {"username": "test2", "password": "test2"}}}' \
 http://192.168.3.100:5000/v2.0/tokens | python -mjson.tool

Then,enable read access to test2:test2

curl -i -X PUT -H "X-Auth-Token: $tokenTest1" \
 -H "X-Container-Read:test2:test2" \
 -H "X-Container-Write: test2:test2" \
 http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo

Check the permission of the container:

curl -k -v -H "X-Auth-Token:$tokenTest1" \
 http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo

This is the reply of the operation:
HTTP/1.1 204 No Content
< Content-Length: 0
< X-Container-Object-Count: 0
< X-Container-Write: test2:test2
< Accept-Ranges: bytes
< X-Timestamp: 1384268871.16508
< X-Container-Read: test2:test2
< X-Container-Bytes-Used: 0
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 12 Nov 2013 16:30:16 GMT

Now,the user test2:test2 visit the container of test1:test1

curl -k -v -H 'X-Auth-Token:$tokenTest2' \
 http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo

< HTTP/1.1 403 Forbidden
< Content-Length: 73
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 12 Nov 2013 16:34:24 GMT
< Connection: close
<
* Closing connection 0
<html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html> 

While,I got 403 error.Can someone help me?


Best Regards

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to