[Openstack] Swift Object Storage ACLs with KeyStone

张家龙 zhangjl at awcloud.com
Sat May 12 02:02:38 UTC 2012


Vish ,
      Thank you for answering. 
      While ,sorry,I don`t understand your said.
      Do you mean I have to do like follows when I setting up acls:
    
     curl –X PUT -i \ 
    -H "X-Auth-Token: <token of demo:demo>" \ 
    -H "X-Container-Read: <tenant_id:user_id>" \ 
    http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc 
  
     Or,other operations and settings?   

  ------------------
   Best Regards
  
 ZhangJialong



  
  
  
  ------------------ Original ------------------
  From:  "Vishvananda Ishaya"<vishvananda at gmail.com>;
 Date:  Sat, May 12, 2012 03:03 AM
 To:  "张家龙"<zhangjl at awcloud.com>; 
 Cc:  "openstack"<openstack at lists.launchpad.net>; 
 Subject:  Re: [Openstack] Swift Object Storage ACLs with KeyStone

  
I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls.   The same may be true of user_id.  

Vish  
 On Fri, May 11, 2012 at 12:51 AM, 张家龙 <zhangjl at awcloud.com> wrote:
 
Hello, everyone.
    
    I encountered some problems when i set permissions (ACLs) on Openstack Swift containers.
    I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 .
    
    My swift proxy-server.conf and keystone.conf are here:
    http://pastebin.com/dUnHjKSj 
    
    Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0 ) to 
    initialize keystone.
    
    After these operations,I got the token of demo:demo and newuser:newuser
    
    curl -s -H 'Content-type: application/json' \ 
    -d '{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "demo", "password": "admin"}}}' \ 
    http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool 
    
    curl -s -H 'Content-type: application/json' \
    -d '{"auth": {"tenantName": "newuser", "passwordCredentials": {"username": "newuser", "password": "admin"}}}' \
    http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool 
    
    Then,enable read access to newuser:newuser
    
    curl –X PUT -i \ 
    -H "X-Auth-Token: <token of demo:demo>" \ 
    -H "X-Container-Read: newuser:newuser" \ 
    http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc 
    
    Check the permission of the container:
    
    curl -k -v -H 'X-Auth-Token:<token of demo:demo>' \ 
    http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc 
    
    This is the reply of the operation:
    
    HTTP/1.1 200 OK 
    X-Container-Object-Count: 1 
    X-Container-Read: newuser:newuser 
    X-Container-Bytes-Used: 2735 
    Accept-Ranges: bytes 
    Content-Length: 24 
    Content-Type: text/plain; charset=utf-8 
    Date: Fri, 11 May 2012 07:30:23 GMT 

    opensatck_essex_data.sh 
    
    Now,the user newuser:newuser visit the container of demo:demo
    
    curl -k -v -H 'X-Auth-Token:<token of newuser:newuser>' \ 
    http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc 
    
    While,I got 403 error.Can someone help me?

  ------------------
   Best Regards
  
 ZhangJialong



  

_______________________________________________
Mailing list: https://launchpad.net/~openstack 
Post to     : openstack at lists.launchpad.net 
Unsubscribe : https://launchpad.net/~openstack 
More help   : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120512/ff0f8bc6/attachment.html>


More information about the Openstack mailing list