Open Stack

@Dheerendra:
the correct IP address is 192.168.3.100. It's a mistake. Same problem 
with correct ip adress.

@Kuo Hugo:
I don't understand the item 1.

On the item 2:

curl -i -X POST -H "X-Auth-Token: $tokenTest1" -H 
"X-Container-Read:test2" -H "X-Container-Write: test2"  
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:55:57 GMT
Connection: close

curl -i -X GET -H "X-Auth-Token: $tokenTest1" 
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
X-Container-Object-Count: 0
X-Container-Write: test2
Accept-Ranges: bytes
X-Timestamp: 1384268871.16508
X-Container-Read: test2
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:56:00 GMT
Connection: close


curl -i -X GET -H "X-Auth-Token: $tokenTest2" 
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:56:18 GMT
Connection: close

Same problem. Can you test this please?



On 2013-11-12 18:26, Kuo Hugo wrote:
> Hi 
>
> From my point of view. There may has two potential problems. 
>
> 1. The read ACL is not allowing to list objects in a container by
> default. And your request is for retrieving objects list of a
> container tho. 
>
> 2. For Keystone, I think the value of ACL header should be the
> username instead of username:tenant-name. 
>
> For reference
> : http://docs.openstack.org/developer/swift/misc.html#acls [11]
>
> Perhaps I can test it tomorrow morning. 
>
> +Hugo Kuo+
> (+886) 935004793
>
> SwiftStack Inc.
>
> 2013/11/13 <thorfinn at poivron.org [12]>
>
>> Hi all,
>>
>> I use Openstack Havana (Storage + Identity)
>>
>> I encountered some problems when i set permissions (ACLs) on
>> Openstack Swift containers.
>>
>> My swift proxy-server.conf is here:
>>      http://pastebin.com/0hpfebNp [1]
>>
>> My keystone.conf is here:
>>     http://pastebin.com/VUGYbcM5 [2]
>>
>> I have the token of test1:test1 and test2:test2
>>
>> curl -s -H 'Content-type: application/json'
>>  -d '{"auth": {"tenantName": "test1", "passwordCredentials":
>>  {"username": "test1", "password": "test1"}}}'
>>  http://192.168.3.100:5000/v2.0/tokens [3] | python -mjson.tool
>>
>> curl -s -H 'Content-type: application/json'
>>  -d '{"auth": {"tenantName": "test2", "passwordCredentials":
>>  {"username": "test2", "password": "test2"}}}'
>>  http://192.168.3.100:5000/v2.0/tokens [4] | python -mjson.tool
>>
>> Then,enable read access to test2:test2
>>
>> curl -i -X PUT -H "X-Auth-Token: $tokenTest1"
>>  -H "X-Container-Read:test2:test2"
>>  -H "X-Container-Write: test2:test2"
>>  http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo [5]
>>
>> Check the permission of the container:
>>
>> curl -k -v -H "X-Auth-Token:$tokenTest1"
>>  http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo [6]
>>
>> This is the reply of the operation:
>> HTTP/1.1 204 No Content
>> < Content-Length: 0
>> < X-Container-Object-Count: 0
>> < X-Container-Write: test2:test2
>> < Accept-Ranges: bytes
>> < X-Timestamp: 1384268871.16508
>> < X-Container-Read: test2:test2
>> < X-Container-Bytes-Used: 0
>> < Content-Type: text/html; charset=UTF-8
>> < Date: Tue, 12 Nov 2013 16:30:16 GMT
>>
>> Now,the user test2:test2 visit the container of test1:test1
>>
>> curl -k -v -H 'X-Auth-Token:$tokenTest2'
>>  http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo [7]
>>
>> < HTTP/1.1 403 Forbidden
>> < Content-Length: 73
>> < Content-Type: text/html; charset=UTF-8
>> < Date: Tue, 12 Nov 2013 16:34:24 GMT
>> < Connection: close
>> <
>> * Closing connection 0
>> <html><h1>Forbidden</h1><p>Access was denied to this
>> resource.</p></html>
>>
>> While,I got 403 error.Can someone help me?
>>
>> Best Regards
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [8]
>> Post to     : openstack at lists.openstack.org [9]
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10]
>
>
>
> Links:
> ------
> [1] http://pastebin.com/0hpfebNp
> [2] http://pastebin.com/VUGYbcM5
> [3] http://192.168.3.100:5000/v2.0/tokens
> [4] http://192.168.3.100:5000/v2.0/tokens
> [5] http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
> [6] http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
> [7] http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo
> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [9] mailto:openstack at lists.openstack.org
> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [11] http://docs.openstack.org/developer/swift/misc.html#acls
> [12] mailto:thorfinn at poivron.org