[openstack-dev] [swift] Account ACL with keystone auth

Coles, Alistair alistair.coles at hpe.com
Mon Feb 22 10:02:10 UTC 2016

Account ACL in Swift is not supported with keystoneauth. It is not described in the keystone auth section of [1]. You can probably achieve similar by assigning the appropriate roles to users in keystone.

[1] http://docs.openstack.org/developer/swift/overview_auth.html


From: Sampath, Lakshmi
Sent: 19 February 2016 18:29
To: OpenStack Development Mailing List
Subject: [openstack-dev] [swift] Account ACL with keystone auth

Account ACL for allowing other accounts administration access to create containers looks to be accepting the request but doesn't seem to be persisting the information with keystone auth.

For example if admin:admin user allows demo:demo "admin" access on its account, the following request succeeds but later when I try creating a container, using demo account in admin account it fails.

As admin:admin user
curl -X POST -i -H "X-Auth-Token: 57eb097f3b8e4c9e8a927a71c7f18e9c" -H 'X-Account-Access-Control: {"admin":["AUTH_demo"]}'
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txefcd03a9b0ea4c2ab28a3-0056c75dae
Date: Fri, 19 Feb 2016 18:23:42 GMT

As demo:demo user
curl -XPUT -i -H "X-Auth-Token: 9173236daaa3470886410934c467fd7e"
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txbd54e9b8f5c64419bf689-0056c75c25
Date: Fri, 19 Feb 2016 18:17:09 GMT

Is Account ACL supported using keystone auth?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160222/ba9d8ea3/attachment-0001.html>

More information about the OpenStack-dev mailing list