<div dir="ltr"><div>quick observation. Why are you running the last command with local ip address i.e (127.0.0.1) <a href="http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo" target="_blank">http://127.0.0.1:8080</a>. Can you run this with <br>
your appropriate IP ?<br><br></div>-Dheerendra<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Nov 12, 2013 at 10:09 PM, <span dir="ltr"><<a href="mailto:thorfinn@poivron.org" target="_blank">thorfinn@poivron.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I use Openstack Havana (Storage + Identity)<br>
<br>
I encountered some problems when i set permissions (ACLs) on Openstack Swift containers.<br>
<br>
My swift proxy-server.conf is here:<br>
<a href="http://pastebin.com/0hpfebNp" target="_blank">http://pastebin.com/0hpfebNp</a><br>
<br>
My keystone.conf is here:<br>
<a href="http://pastebin.com/VUGYbcM5" target="_blank">http://pastebin.com/VUGYbcM5</a><br>
<br>
I have the token of test1:test1 and test2:test2<br>
<br>
curl -s -H 'Content-type: application/json' \<br>
-d '{"auth": {"tenantName": "test1", "passwordCredentials":<br>
{"username": "test1", "password": "test1"}}}' \<br>
<a href="http://192.168.3.100:5000/v2.0/tokens" target="_blank">http://192.168.3.100:5000/v2.<u></u>0/tokens</a> | python -mjson.tool<br>
<br>
<br>
curl -s -H 'Content-type: application/json' \<br>
-d '{"auth": {"tenantName": "test2", "passwordCredentials":<br>
{"username": "test2", "password": "test2"}}}' \<br>
<a href="http://192.168.3.100:5000/v2.0/tokens" target="_blank">http://192.168.3.100:5000/v2.<u></u>0/tokens</a> | python -mjson.tool<br>
<br>
Then,enable read access to test2:test2<br>
<br>
curl -i -X PUT -H "X-Auth-Token: $tokenTest1" \<br>
-H "X-Container-Read:test2:test2" \<br>
-H "X-Container-Write: test2:test2" \<br>
<a href="http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo" target="_blank">http://192.168.3.100:8080/v1/<u></u>AUTH_$tenantTest1/foo</a><br>
<br>
Check the permission of the container:<br>
<br>
curl -k -v -H "X-Auth-Token:$tokenTest1" \<br>
<a href="http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo" target="_blank">http://192.168.3.100:8080/v1/<u></u>AUTH_$tenantTest1/foo</a><br>
<br>
This is the reply of the operation:<br>
HTTP/1.1 204 No Content<br>
< Content-Length: 0<br>
< X-Container-Object-Count: 0<br>
< X-Container-Write: test2:test2<br>
< Accept-Ranges: bytes<br>
< X-Timestamp: 1384268871.16508<br>
< X-Container-Read: test2:test2<br>
< X-Container-Bytes-Used: 0<br>
< Content-Type: text/html; charset=UTF-8<br>
< Date: Tue, 12 Nov 2013 16:30:16 GMT<br>
<br>
Now,the user test2:test2 visit the container of test1:test1<br>
<br>
curl -k -v -H 'X-Auth-Token:$tokenTest2' \<br>
<a href="http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo" target="_blank">http://127.0.0.1:8080/v1/AUTH_<u></u>$tenantTest1/foo</a><br>
<br>
< HTTP/1.1 403 Forbidden<br>
< Content-Length: 73<br>
< Content-Type: text/html; charset=UTF-8<br>
< Date: Tue, 12 Nov 2013 16:34:24 GMT<br>
< Connection: close<br>
<<br>
* Closing connection 0<br>
<html><h1>Forbidden</h1><p><u></u>Access was denied to this resource.</p></html><br>
<br>
While,I got 403 error.Can someone help me?<br>
<br>
<br>
Best Regards<br>
<br>
______________________________<u></u>_________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack</a><br>
</blockquote></div><br></div>