[openstack-dev] [Openstack] [Swift] Public Container's file listing

Hua ZZ Zhang zhuadl at cn.ibm.com
Mon Nov 19 09:52:05 UTC 2012


>>Is this the correct general format?
>>user_username_grpname = password
The tempauth format is user_<accountname>_<username> = <password>

>>Is there any way where i can list the containers in a account?
I don't see the possibility of doing this without code change.

>>Does .rlistings do the same job as staticweb?
IMO, .rlistings directive is implemented as ACL. Staticweb middleware are
using customerized metadata "web-listings: true" to enable listing objects
in static web page. But you can get listings in staticweb without setting
directive inside of the ACL. If you want to support API level of public
listing container, you should use .rlisting directive.

Best Regards,

                                                                             
 Edward Zhang(张华)                                                          
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             





                                                                           
             Sujay M                                                       
             <sujay.m17 at gmail.                                             
             com>                                                       To 
                                       Hua ZZ Zhang/China/IBM at IBMCN        
             2012-11-19 15:32                                           cc 
                                       "openstack at lists.launchpad.net"     
                                       <openstack at lists.launchpad.net>,    
                                       openstack-bounces                   
                                       +zhuadl=cn.ibm.com at lists.launchpad. 
                                       net,                                
                                       openstack-dev at lists.openstack.org,  
                                       openstack-operators at lists.openstack 
                                       .org                                
                                                                   Subject 
                                       Re: [Openstack] [Swift] Public      
                                       Container's file listing            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




>>if you are using keystone as Swift authentication, you can create user in
an account(project) through horizion or using command
keystone user-create ...

I am using tempauth where i'm specifying all the account details as below

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3

Is this the correct general format?
user_username_grpname = password


>>For object public write, it seems that the referer is not allowed in ACL:

swift post -w '.r:*' publicContainer
Don't forget to add directive .rlistings to allow listing the whole public
container:
swift post -r '.r:*,.rlistings' publicContainer

thanks. (Does .rlistings do the same job as staticweb?)


On 19 November 2012 11:59, Hua ZZ Zhang <zhuadl at cn.ibm.com> wrote:
  if you are using keystone as Swift authentication, you can create user in
  an account(project) through horizion or using command
  keystone user-create ...
  For object public write, it seems that the referer is not allowed in ACL:

  swift post -w '.r:*' publicContainer

  Best Regards,

                                                                             
       Edward Zhang(张华)                    地址:北京市海淀区东北旺西路8号  
       Advisory Software Engineer            中关村软件园28号楼 环宇大厦3层  
       Software Standards & Open             邮编:100193                    
       Source Software                       Address: 3F Ring, Building 28   
       Emerging Technology Institute         Zhongguancun Software Park, 8   
       (ETI)                                 Dongbeiwang West Road, Haidian  
       IBM China Software Development        District, Beijing, P.R.C.100193 
       Lab                                                                   
       e-mail: zhuadl at cn.ibm.com                                             
       Notes ID: Hua ZZ                                                      
       Zhang/China/IBM                                                       
       Tel: 86-10-82450483                                                   
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             



  Inactive hide details for Sujay M ---2012-11-19 13:43:53---Thanks Edward
  Zhang,Sujay M ---2012-11-19 13:43:53---Thanks Edward Zhang,
                                                                           
       Sujay M                                                             
       <                                                                   
       sujay.m                                                             
       17 at gmai                                                             
       l.com>                                                           To 
                                                                           
                            Hua ZZ Zhang/China/IBM at IBMCN                   
       2012-11                                                             
       -19                                                              cc 
       13:43                                                               
                            openstack at lists.launchpad.net,                 
                            openstack-bounces+zhuadl=                      
                            cn.ibm.com at lists.launchpad.net,                
                            openstack-dev at lists.openstack.org,             
                            openstack-operators at lists.openstack.org        
                                                                           
                                                                   Subject 
                                                                           
                            Re: [Openstack] [Swift] Public Container's     
                            file listing                                   
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           



  Thanks Edward Zhang,


  >>"You can implement access control for objects either for users or
  accounts using XContainer-
  Read: accountname and X-Container-Write: accountname:username, which
  allows any user from the accountname account to read but only allows the
  username
  user from the accountname account to write."

  How do i create users in a account? Currently i have only admin:admin
  account with password admin.(one user per account)



  >>"You can also grant public access to objects stored in OpenStack Object
  Storage but also limit
  public access using the Referer header to prevent site-based content
  theft such as hot-linking
  (for example, linking to an image filefrom off-site and therefore using
  other's bandwidth).
  The public container settings are used as the default authorization over
  access control lists.
  For example, using X-Container-Read:referer:any allows anyone to read
  from the container regardless
   of other authorization settings.

  Can i give public access that allows anyone to store/write the objects
  into a container.  I have used referer for making container as public
  '.r:*'. Is there anything like this for write?


  On 19 November 2012 10:36, Hua ZZ Zhang <zhuadl at cn.ibm.com> wrote:
        "You can implement access control for objects either for users or
        accounts using XContainer-
        Read: accountname and X-Container-Write: accountname:username,
        which
        allows any user from the accountname account to read but only
        allows the username
        user from the accountname account to write."

        "You can also grant public access to objects stored in OpenStack
        Object Storage but also limit
        public access using the Referer header to prevent site-based
        content theft such as hot-linking
        (for example, linking to an image filefrom off-site and therefore
        using other's bandwidth).
        The public container settings are used as the default authorization
        over access control lists.
        For example, using X-Container-Read:referer:any allows anyone to
        read from the container regardless
         of other authorization settings."

        Best Regards,

                                                                             
       Edward Zhang(张华)                                                    
                                                                             
                                                                             
                                                                             
                                                                             
                                                                             



        Inactive hide details for Sujay M ---2012-11-19 11:59:55---Hi all,
        Sujay M ---2012-11-19 11:59:55---Hi all,
                                                                           
       Sujay M <                                                           
       sujay.m17 at gmail.com>                                                
       Sent by:                                                            
       openstack-bounces                                                   
       +zhuadl=                                                         To 
       cn.ibm.com at lists.laun                                               
       chpad.net                           openstack-operators at lists.opens 
                                           tack.org,                       
                                           openstack at lists.launchpad.net,  
       2012-11-19 11:59                    openstack-dev at lists.openstack.o 
                                           rg                              
                                                                           
                                                                        cc 
                                                                           
                                                                           
                                                                   Subject 
                                                                           
                                           [Openstack] [Swift] Public      
                                           Container's file listing        
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           


        Hi all,


        Currently it is showing Unauthorized if i give only public
        container name for listing of files in the public Container


        192.168.56.20:8080/v1/AUTH_test/publicContainer/


        192.168.56.20:8080/v1/AUTH_test/publicContainer


        Unauthorized


        Is there any way i can list the files publicly? Thanks in advance




        --
        Best Regards,

        Sujay M
        Final year B.Tech
        Computer Engineering
        NITK Surathkal

        contact: +918971897571
        _______________________________________________
        Mailing list: https://launchpad.net/~openstack
        Post to     : openstack at lists.launchpad.net
        Unsubscribe : https://launchpad.net/~openstack
        More help   : https://help.launchpad.net/ListHelp






  --
  Best Regards,

  Sujay M
  Final year B.Tech
  Computer Engineering
  NITK Surathkal

  contact: +918971897571
  (See attached file: pic23265.gif)





--
Best Regards,

Sujay M
Final year B.Tech
Computer Engineering
NITK Surathkal

contact: +918971897571
[附件 "pic15750.gif" 被 Hua ZZ Zhang/China/IBM 删除]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/a69e9284/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/a69e9284/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/a69e9284/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic02883.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/a69e9284/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 51843587.gif
Type: image/gif
Size: 1279 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121119/a69e9284/attachment-0003.gif>


More information about the OpenStack-dev mailing list