[openstack-dev] [swift] Account ACL with keystone auth

Sampath, Lakshmi lakshmi.sampath at hpe.com
Fri Feb 19 18:29:26 UTC 2016

Account ACL for allowing other accounts administration access to create containers looks to be accepting the request but doesn't seem to be persisting the information with keystone auth.

For example if admin:admin user allows demo:demo "admin" access on its account, the following request succeeds but later when I try creating a container, using demo account in admin account it fails.

As admin:admin user
curl -X POST -i -H "X-Auth-Token: 57eb097f3b8e4c9e8a927a71c7f18e9c" -H 'X-Account-Access-Control: {"admin":["AUTH_demo"]}'
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txefcd03a9b0ea4c2ab28a3-0056c75dae
Date: Fri, 19 Feb 2016 18:23:42 GMT

As demo:demo user
curl -XPUT -i -H "X-Auth-Token: 9173236daaa3470886410934c467fd7e"
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txbd54e9b8f5c64419bf689-0056c75c25
Date: Fri, 19 Feb 2016 18:17:09 GMT

Is Account ACL supported using keystone auth?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160219/b043b120/attachment.html>

More information about the OpenStack-dev mailing list