[openstack-dev] [swift] Account ACL with keystone auth
Sampath, Lakshmi
lakshmi.sampath at hpe.com
Fri Feb 19 18:29:26 UTC 2016
Account ACL for allowing other accounts administration access to create containers looks to be accepting the request but doesn't seem to be persisting the information with keystone auth.
For example if admin:admin user allows demo:demo "admin" access on its account, the following request succeeds but later when I try creating a container, using demo account in admin account it fails.
As admin:admin user
curl -X POST -i -H "X-Auth-Token: 57eb097f3b8e4c9e8a927a71c7f18e9c" -H 'X-Account-Access-Control: {"admin":["AUTH_demo"]}' http://127.0.0.1:8080/v1/AUTH_admin
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txefcd03a9b0ea4c2ab28a3-0056c75dae
Date: Fri, 19 Feb 2016 18:23:42 GMT
As demo:demo user
curl -XPUT -i -H "X-Auth-Token: 9173236daaa3470886410934c467fd7e" http://127.0.0.1:8080/v1/AUTH_admin/container1
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txbd54e9b8f5c64419bf689-0056c75c25
Date: Fri, 19 Feb 2016 18:17:09 GMT
Is Account ACL supported using keystone auth?
Thanks
Lakshmi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160219/b043b120/attachment.html>
More information about the OpenStack-dev
mailing list