Hi >From my point of view. There may has two potential problems.
1. The read ACL is not allowing to list objects in a container by default. And your request is for retrieving objects list of a container tho. 2. For Keystone, I think the value of ACL header should be the username instead of username:tenant-name. For reference : http://docs.openstack.org/developer/swift/misc.html#acls Perhaps I can test it tomorrow morning. +Hugo Kuo+ (+886) 935004793 SwiftStack Inc. 2013/11/13 <thorf...@poivron.org> > Hi all, > > I use Openstack Havana (Storage + Identity) > > I encountered some problems when i set permissions (ACLs) on Openstack > Swift containers. > > My swift proxy-server.conf is here: > http://pastebin.com/0hpfebNp > > My keystone.conf is here: > http://pastebin.com/VUGYbcM5 > > I have the token of test1:test1 and test2:test2 > > curl -s -H 'Content-type: application/json' \ > -d '{"auth": {"tenantName": "test1", "passwordCredentials": > {"username": "test1", "password": "test1"}}}' \ > http://192.168.3.100:5000/v2.0/tokens | python -mjson.tool > > > curl -s -H 'Content-type: application/json' \ > -d '{"auth": {"tenantName": "test2", "passwordCredentials": > {"username": "test2", "password": "test2"}}}' \ > http://192.168.3.100:5000/v2.0/tokens | python -mjson.tool > > Then,enable read access to test2:test2 > > curl -i -X PUT -H "X-Auth-Token: $tokenTest1" \ > -H "X-Container-Read:test2:test2" \ > -H "X-Container-Write: test2:test2" \ > http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo > > Check the permission of the container: > > curl -k -v -H "X-Auth-Token:$tokenTest1" \ > http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo > > This is the reply of the operation: > HTTP/1.1 204 No Content > < Content-Length: 0 > < X-Container-Object-Count: 0 > < X-Container-Write: test2:test2 > < Accept-Ranges: bytes > < X-Timestamp: 1384268871.16508 > < X-Container-Read: test2:test2 > < X-Container-Bytes-Used: 0 > < Content-Type: text/html; charset=UTF-8 > < Date: Tue, 12 Nov 2013 16:30:16 GMT > > Now,the user test2:test2 visit the container of test1:test1 > > curl -k -v -H 'X-Auth-Token:$tokenTest2' \ > http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo > > < HTTP/1.1 403 Forbidden > < Content-Length: 73 > < Content-Type: text/html; charset=UTF-8 > < Date: Tue, 12 Nov 2013 16:34:24 GMT > < Connection: close > < > * Closing connection 0 > <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html> > > While,I got 403 error.Can someone help me? > > > Best Regards > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
