[openstack-dev] [Openstack] [Swift] Public Container's file listing

Sujay M sujay.m17 at gmail.com
Mon Nov 19 07:32:19 UTC 2012


*>>if you are using keystone as Swift authentication, you can create user
in an account(project) through horizion or using command
keystone user-create ...*
*
*
*I am using tempauth where i'm specifying all the account details as below*
*

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3

Is this the correct general format?
user_username_grpname = password

*
*
*>>For object public write, it seems that the referer is not allowed in
ACL:
*swift post -w '.r:*' publicContainer*
Don't forget to add directive .rlistings to allow listing the whole public
container:
*swift post -r '.r:*,.rlistings' publicContainer*
 *
*
*thanks. (Does .rlistings do the same job as staticweb?)*


On 19 November 2012 11:59, Hua ZZ Zhang <zhuadl at cn.ibm.com> wrote:

>  if you are using keystone as Swift authentication, you can create user
> in an account(project) through horizion or using command
> *keystone user-create ...*
> For object public write, it seems that the referer is not allowed in ACL:
> *swift post -w '.r:*' publicContainer*
>
> *Best Regards, *
>
> ------------------------------
>
>    *Edward Zhang(张华)*
>    Advisory Software Engineer
>    Software Standards & Open Source Software
>    Emerging Technology Institute(ETI)
>    IBM China Software Development Lab
>    e-mail: zhuadl at cn.ibm.com
>    Notes ID: Hua ZZ Zhang/China/IBM
>    Tel: 86-10-82450483
>
>
>    地址:北京市海淀区东北旺西路8号 中关村软件园28号楼 环宇大厦3层 邮编:100193
>    Address: 3F Ring, Building 28 Zhongguancun Software Park, 8
>    Dongbeiwang West Road, Haidian District, Beijing, P.R.C.100193
>
>
>
>
>
>
>
> [image: Inactive hide details for Sujay M ---2012-11-19 13:43:53---Thanks
> Edward Zhang,]Sujay M ---2012-11-19 13:43:53---Thanks Edward Zhang,
>
>
>    *Sujay M <sujay.m17 at gmail.com>*
>
>    2012-11-19 13:43
>
>
> To
>
>
>    Hua ZZ Zhang/China/IBM at IBMCN
>
>
> cc
>
>
>    openstack at lists.launchpad.net, openstack-bounces+zhuadl=
>    cn.ibm.com at lists.launchpad.net, openstack-dev at lists.openstack.org,
>    openstack-operators at lists.openstack.org
>
>
> Subject
>
>
>    Re: [Openstack] [Swift] Public Container's file listing
>
>
> Thanks Edward Zhang,
>
>
> >>"You can implement access control for objects either for users or
> accounts using XContainer-
> Read: accountname and X-Container-Write: accountname:username, which
> allows any user from the accountname account to read but only allows the
> username
> user from the accountname account to write."
>
> How do i create users in a account? Currently i have only admin:admin
> account with password admin.(one user per account)
>
>
>
> >>"You can also grant public access to objects stored in OpenStack Object
> Storage but also limit
> public access using the Referer header to prevent site-based content theft
> such as hot-linking
> (for example, linking to an image filefrom off-site and therefore using
> other's bandwidth).
> The public container settings are used as the default authorization over
> access control lists.
> For example, using X-Container-Read:referer:any allows anyone to read from
> the container regardless
>  of other authorization settings.
>
> Can i give public access that allows anyone to store/write the objects
> into a container.  I have used referer for making container as public
> '.r:*'. Is there anything like this for write?
>
>
> On 19 November 2012 10:36, Hua ZZ Zhang <*zhuadl at cn.ibm.com*<zhuadl at cn.ibm.com>>
> wrote:
>
>    "You can implement access control for objects either for users or
>    accounts using XContainer-
>    Read: accountname and X-Container-Write: accountname:username, which
>    allows any user from the accountname account to read but only allows
>    the username
>    user from the accountname account to write."
>
>    "You can also grant public access to objects stored in OpenStack
>    Object Storage but also limit
>    public access using the Referer header to prevent site-based content
>    theft such as hot-linking
>    (for example, linking to an image filefrom off-site and therefore
>    using other's bandwidth).
>    The public container settings are used as the default authorization
>    over access control lists.
>    For example, using X-Container-Read:referer:any allows anyone to read
>    from the container regardless
>     of other authorization settings."
>    *
>    Best Regards, *
>
>    ------------------------------
>     *Edward Zhang(张华)*
>
>    [image: Inactive hide details for Sujay M ---2012-11-19 11:59:55---Hi
>    all,]Sujay M ---2012-11-19 11:59:55---Hi all,
>      *Sujay M <**sujay.m17 at gmail.com* <sujay.m17 at gmail.com>*>*
>       Sent by: openstack-bounces+zhuadl=*cn.ibm.com at lists.launchpad.net*<cn.ibm.com at lists.launchpad.net>
>
>
>       2012-11-19 11:59
>        To
>    *openstack-operators at lists.openstack.org*<openstack-operators at lists.openstack.org>,
>       *openstack at lists.launchpad.net* <openstack at lists.launchpad.net>, *
>       openstack-dev at lists.openstack.org*<openstack-dev at lists.openstack.org>
>     cc
>     Subject
>    [Openstack] [Swift] Public Container's file listing
>
>    Hi all,
>
>    Currently it is showing Unauthorized if i give only public container
>    name for listing of files in the public Container
>
>    *192.168.56.20:8080/v1/AUTH_test/publicContainer/*<http://192.168.56.20:8080/v1/AUTH_test/publicContainer/>
>
>
>    *192.168.56.20:8080/v1/AUTH_test/publicContainer*<http://192.168.56.20:8080/v1/AUTH_test/publicContainer>
>
>
>    Unauthorized
>
>    Is there any way i can list the files publicly? Thanks in advance
>
>
>
>    --
>    Best Regards,
>
>    Sujay M
>    Final year B.Tech
>    Computer Engineering
>    NITK Surathkal
>
>    contact: +918971897571
>    _______________________________________________
>    Mailing list: *https://launchpad.net/~openstack*<https://launchpad.net/~openstack>
>    Post to     : *openstack at lists.launchpad.net*<openstack at lists.launchpad.net>
>    Unsubscribe : *https://launchpad.net/~openstack*<https://launchpad.net/~openstack>
>    More help   : *https://help.launchpad.net/ListHelp*<https://help.launchpad.net/ListHelp>
>
>
>
>
>
>
> --
> Best Regards,
>
> Sujay M
> Final year B.Tech
> Computer Engineering
> NITK Surathkal
>
> contact: +918971897571
> *(See attached file: pic23265.gif)*
>
>


-- 
Best Regards,

Sujay M
Final year B.Tech
Computer Engineering
NITK Surathkal

contact: +918971897571
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/ea67fcbf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/ea67fcbf/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/ea67fcbf/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic15750.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/ea67fcbf/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1D933875.gif
Type: image/gif
Size: 1279 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/ea67fcbf/attachment-0003.gif>


More information about the OpenStack-dev mailing list