[Openstack-operators] [swift] private read ACL set on container_segments results in 401

Vinsh, Adam adam.vinsh at twcable.com
Tue Dec 15 23:07:39 UTC 2015


Hello,

I am looking for advice on an interesting case a customer of our swift cluster has come with.

They have uploaded a large object (~5G) to a swift container "containerA".  Swift broke this object into segments, creating a container for those segments "containerA_segments".
If both containers are set to public, this object can be downloaded.

They want this container to be private and only serve up content to a specific refer domain.
So, they set the following ACL on "containerA"   ".r:<secret-key>.example.com,.rlistings
Where the secret-key is one their proxy re-directs requests to.

Now, they can not get the object in containerA.
Setting "containerA_segments" to the same ACL as containerA also does not work.

We have found that the only way to access this object is to set the ACL on "containerA_segments" to public.
This isn't desirable because it means the segments container is now public even though containerA is private.

Is this expected?

-Adam

________________________________

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151215/5cbbc605/attachment.html>


More information about the OpenStack-operators mailing list