
when you created the user did you add the -a param (to make the user an admin for the account )? <div><br><br><div class="gmail_quote">On Mon, Dec 5, 2011 at 3:09 PM, Judd Maltin <span dir="ltr"><<a href="mailto:openstack@newgoliath.com">openstack@newgoliath.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">oops.. pasted too much with the x-storage-url, but still access denied.<div class="HOEnZb"><div class="h5"><br><br><div class="gmail_quote">

On Mon, Dec 5, 2011 at 3:06 PM, Judd Maltin <span dir="ltr"><<a href="mailto:openstack@newgoliath.com" target="_blank">openstack@newgoliath.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">No curl love either.<br><br>Might have to remove the .auth database by hand or somehting??<br><br>root@proxy01-c01:/etc/swift# curl  -i -H 'X-Auth-User: test1:tester1' -H 'X-Storage-Pass: testing1' <a href="http://127.0.0.1:8080/auth/v1.0" target="_blank">http://127.0.0.1:8080/auth/v1.0</a><br>


HTTP/1.1 200 OK<br>X-Storage-Url: <a href="http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74" target="_blank">http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74</a><br>X-Storage-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980<br>


X-Auth-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980<br>X-Trans-Id: tx9a8f99333ac44e0885b0b4c0ddb67c30<br>Content-Length: 112<br>Date: Mon, 05 Dec 2011 20:05:09 GMT<br><br>{"storage": {"default": "local", "local": "<a href="http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74" target="_blank">http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74</a>"}}root@proxy01-c01:/etc/swift# <br>


<br>root@proxy01-c01:/etc/swift# curl -i -H 'X-Auth-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980' X-Storage-Url: <a href="http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74/" target="_blank">http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74/</a><br>


curl: (6) Couldn't resolve host 'X-Storage-Url:'<br>HTTP/1.1 403 Forbidden<br>Content-Length: 157<br>Content-Type: text/html; charset=UTF-8<br>X-Trans-Id: tx8d228af637ca40818a4fb4cae5e20e0e<br>Date: Mon, 05 Dec 2011 20:05:35 GMT<br>


<br><html><br> <head><br>  <title>403 Forbidden</title><br> </head><br> <body><br>  <h1>403 Forbidden</h1><br>  Access was denied to this resource.<br /><br /><br>


<br><br><br> </body><div><div><br><br><br><br><div class="gmail_quote">On Mon, Dec 5, 2011 at 2:26 PM, Jeff Kramer <span dir="ltr"><<a href="mailto:jeffkramer@gmail.com" target="_blank">jeffkramer@gmail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Maybe drop the single quotes around the password?  Have you tried with<br>

curl?  Something like this (ripped out of some docs I've got):<br>

<br>

We can also test this with curl, from this machine or another machine<br>

(replace 127.0.0.1 with the servers IP address as appropriate):<br>

<br>

[code]<br>

curl -v -H 'X-Storage-User: testaccount:testuser' -H 'X-Storage-Pass:<br>

testpassword' <a href="http://127.0.0.1:8080/auth/v1.0" target="_blank">http://127.0.0.1:8080/auth/v1.0</a><br>

[/code]<br>

<br>

This should return an auth token like this:<br>

<br>

X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274<br>

<br>

And a URL like this:<br>

<br>

X-Storage-Url: <a href="http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87" target="_blank">http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87</a><br>

<br>

Which you can use to talk to storage:<br>

<br>

[code]<br>

curl -v -H 'X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274'<br>

<a href="http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87" target="_blank">http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87</a><br>

[/code]<br>

<br>

Which should show you something like this:<br>

<br>

[code]<br>

< HTTP/1.1 204 No Content<br>

< X-Account-Object-Count: 0<br>

< X-Account-Bytes-Used: 0<br>

< X-Account-Container-Count: 0<br>

< Accept-Ranges: bytes<br>

< Content-Length: 0<br>

[/code]<br>

<div><div><br>

<br>

On Mon, Dec 5, 2011 at 12:56 PM, Judd Maltin <<a href="mailto:openstack@newgoliath.com" target="_blank">openstack@newgoliath.com</a>> wrote:<br>

> I create my user test1:tester1 testing1 using the swauth tools just fine.<br>

><br>

> root@proxy01-c01:/etc/swift# swauth-list -K swauthkey<br>

> {"accounts": [{"name": "test1"}]}<br>

> root@proxy01-c01:/etc/swift# swauth-list -K swauthkey test1<br>

> {"services": {"storage": {"default": "local", "local":<br>

> "<a href="http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74" target="_blank">http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74</a>"}},<br>

> "account_id": "AUTH_840f1320-2d45-4e62-92a5-71e448190c74", "users":<br>

> [{"name": "tester1"}]}<br>

> root@proxy01-c01:/etc/swift#<br>

><br>

> But then when I try to stat the account: :(<br>

><br>

> /etc/swift# swift -A <a href="http://127.0.0.1:8080/auth/v1.0" target="_blank">http://127.0.0.1:8080/auth/v1.0</a> -U test1:tester1 -K<br>

> 'testing1' stat -v<br>

> Account HEAD failed:<br>

> <a href="http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74" target="_blank">http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74</a> 403<br>

> Forbidden<br>

><br>

> /var/log/syslog:<br>

><br>

> Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET<br>

> /v1/AUTH_.auth/test1/tester1 HTTP/1.0 200 - Swauth - - - -<br>

> txb6f5ac66b1134c31814f1daf4192548b - 0.0440<br>

> Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET<br>

> /v1/AUTH_.auth/.token_2/AUTH_tk01423b7c65fc463394cf8ca3de8fef52 HTTP/1.0 200<br>

> - Swauth - - - - txc70046f612ce4baca788ee49b20fba63 - 0.0291<br>

> Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET<br>

> /v1/AUTH_.auth/test1/.services HTTP/1.0 200 - Swauth - - - -<br>

> tx0547130a2c444252a21a868785f68ebd - 0.0308<br>

> Dec  5 13:45:30 proxy01-c01 swauth - 127.0.0.1 05/Dec/2011/18/45/30 GET<br>

> /auth/v1.0 HTTP/1.0 200 - - - - - - - - 0.1095<br>

> Dec  5 13:45:30 proxy01-c01 proxy-server 127.0.0.1 127.0.0.1<br>

> 05/Dec/2011/18/45/30 HEAD /v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74<br>

> HTTP/1.0 403 - - test1%3Atester1%2CAUTH_tk01423b7c65fc463394cf8ca3de8fef52 -<br>

> - - tx116c0dc81110402fa4f106feebe3c121 - 0.0006<br>

><br>

> I'm using swift 1.4.4, swauth 1.0.3<br>

><br>

> proxy-server.conf:<br>

> [pipeline:main]<br>

> pipeline = swift3 catch_errors healthcheck cache swauth proxy-server<br>

><br>

> ...<br>

><br>

> [filter:swauth]<br>

> use = egg:swauth#swauth<br>

> set default_swift_cluster =<br>

> local#<a href="http://127.0.0.1:8080/v1#http://127.0.0.1:8080/v1" target="_blank">http://127.0.0.1:8080/v1#http://127.0.0.1:8080/v1</a><br>

> set log_name = swauth<br>

> super_admin_key = swauthkey<br>

><br>

><br>

> Any ideas whats going on here?<br>

><br>

> Thanks,<br>

> -judd<br>

><br>

</div></div>> _______________________________________________<br>

> Openstack-operators mailing list<br>

> <a href="mailto:Openstack-operators@lists.openstack.org" target="_blank">Openstack-operators@lists.openstack.org</a><br>

> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>

><br>

<span><font color="#888888"><br>

<br>

<br>

--<br>

Jeff Kramer<br>

<a href="mailto:jeffkramer@gmail.com" target="_blank">jeffkramer@gmail.com</a><br>

<a href="http://www.jeffkramer.org/" target="_blank">http://www.jeffkramer.org/</a><br>

_______________________________________________<br>

Openstack-operators mailing list<br>

<a href="mailto:Openstack-operators@lists.openstack.org" target="_blank">Openstack-operators@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>

</font></span></blockquote></div><br>

</div></div></blockquote></div><br>

</div></div><br>_______________________________________________<br>

Openstack-operators mailing list<br>

<a href="mailto:Openstack-operators@lists.openstack.org">Openstack-operators@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>

<br></blockquote></div><br></div>