[Openstack] Swift - Container access across different project users
Mark Kirkwood
mark.kirkwood at catalyst.net.nz
Wed Dec 16 22:23:18 UTC 2015
I think what you want is container ACLs for a given user (e.g using
devstack Kilo):
$ openrc user1 project1
$ swift post -r 'project2:user2' con1
$ swift stat con1
Account: AUTH_f399252f66574ea58ab465b3f8a4a2aa
Container: con1
Objects: 1
Bytes: 483
Read ACL: project2:user2
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx911050b8b0d942438cafb-005671e319
X-Storage-Policy: Policy-0
Connection: keep-alive
X-Timestamp: 1450302870.18860
Content-Type: text/plain; charset=utf-8
$ swift list con1
file1
$ . openrc user2 project2
$ swift list con1
file2 <=== sees contents of own con1
$ swift list
--os-storage-url='http://localhost:8080/v1/AUTH_f399252f66574ea58ab465b3f8a4a2aa'
con1
file1 <=== sees contents of project1 con1
Note that we have to tweak the storage url to list project1's container.
Regards
Mark
On 09/12/15 08:13, LucyGe wrote:
> Hi all,
>
> I have a question about swift object storage. So I found out the container creation is within the scope of a project, which means different projects can have same container name created.
> e.g.
> Project 1 - user1 create “container1”
> Project 2 - user2 create “container1”
> this is allowed
> So my question is, can user2 access user1’s container1 without making Project 1’s container1 “Public”, just user1 grant user2 permission for access to Project 1’s container1. Is it supported in the current Openstack swift implementation?
More information about the Openstack
mailing list