Open Stack

Account ACL in Swift is not supported with keystoneauth. It is not described in the keystone auth section of [1]. You can probably achieve similar by assigning the appropriate roles to users in keystone.

[1] http://docs.openstack.org/developer/swift/overview_auth.html

Alistair


From: Sampath, Lakshmi
Sent: 19 February 2016 18:29
To: OpenStack Development Mailing List
Subject: [openstack-dev] [swift] Account ACL with keystone auth


Account ACL for allowing other accounts administration access to create containers looks to be accepting the request but doesn't seem to be persisting the information with keystone auth.

For example if admin:admin user allows demo:demo "admin" access on its account, the following request succeeds but later when I try creating a container, using demo account in admin account it fails.

As admin:admin user
curl -X POST -i -H "X-Auth-Token: 57eb097f3b8e4c9e8a927a71c7f18e9c" -H 'X-Account-Access-Control: {"admin":["AUTH_demo"]}' http://127.0.0.1:8080/v1/AUTH_admin
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txefcd03a9b0ea4c2ab28a3-0056c75dae
Date: Fri, 19 Feb 2016 18:23:42 GMT


As demo:demo user
curl -XPUT -i -H "X-Auth-Token: 9173236daaa3470886410934c467fd7e"  http://127.0.0.1:8080/v1/AUTH_admin/container1
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txbd54e9b8f5c64419bf689-0056c75c25
Date: Fri, 19 Feb 2016 18:17:09 GMT


Is Account ACL supported using keystone auth?

Thanks
Lakshmi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160222/ba9d8ea3/attachment-0001.html>