[Openstack] 403 Forbidden integrate keystone essex with swift 1.4.9

Kuo Hugo tonytkdk at gmail.com
Thu Mar 29 14:59:51 UTC 2012


Well , it looks normal in my consideration.

You specify the operator must have Member or admin role for accessing
swift.
If there's a user associates a role which named "watcher" . It will be
block in swift_auth filter .
That's the function of swift_auth , right ?  It looks pretty match to
your expectation.

<jojo_wanglin at sina.com> 於 2012年3月29日下午5:38 寫道:

> Hi all:
>
> The story is: when i integrate keystone essex with swift 1.4.9, i use
> swift_auth for authorization, the configuration is belows:
>
> [filter:keystone]
> paste.filter_factory = keystone.middleware.swift_auth:filter_factory
> operator_roles = Member,admin
>
> If I access the swift service using swift command with the user who has
> the "Member, admin" role, it works successfully, but if i access using a
> user who has another role, it get the "403 Forbidden".
>
>
> That is why?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
+Hugo Kuo+
tonytkdk at gmail.com
+ <tonytkdk at gmail.com>886 935004793
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120329/5182f10e/attachment.html>


More information about the Openstack mailing list