Hello Pieter, I did run into the same problem today. Did you find pointers to more updated documentation ? Were you able to configure the cross tenant read ACL ?
thank you Saverio 2016-04-20 13:48 GMT+02:00 Wijngaarden, Pieter van <pieter.van.wijngaar...@philips.com>: > Hi all, > > I’m playing around with a Swift cluster (Liberty) and cannot get the Swift > ACL’s to work. My objective is to give users from one project (and thus > Swift account?) selective access to specific containers in another project. > > According to > http://docs.openstack.org/developer/swift/middleware.html#keystoneauth, the > swift/keystoneauth plugin should support cross-tenant (now cross-project) > ACL’s by setting the read-acl of a container to something like: > > swift post <containername> --read-acl '<projectname>:<username>' > > Using a project name instead of a UUID should be supported if all projects > are in the default domain. > > But if I set this for a user in a different project / different swift > account, it doesn’t seem to work. The last reference to Swift container > ACL’s from the archives is somewhere in 2011.. > > I have found a few Swift ACL examples / tutorials online, but they are all > outdated or appear to use special / proprietary middleware. Does anybody > have (or can anybody create) an example that is up-to-date for OpenStack > Liberty or later, and shows container ACL’s together with Keystone > integration? > > What I would like to do: > - I have a bunch of users and projects in Keystone, and thus a bunch of > (automatically created) Swift accounts > - I would like to allow one specific user in a project (say project X) to > access a container from a different project (Y) > - And/or, I would like to allow all users in project X to access one > specific container in project Y. > Both these options should include listing the objects in the container, but > exclude listing all containers in the other account. > > I hope there is someone who can help, thanks a lot in advance! > > With kind regards, > Pieter van Wijngaarden > System Architect > Digital Pathology Solutions > Philips Healthcare > > Veenpluis 4-6, Building QY-2.006, 5684 PC Best > Tel: +31 6 2958 6736, Email: pieter.van.wijngaar...@philips.com > > > > > ________________________________ > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby notified > that any use, forwarding, dissemination, or reproduction of this message is > strictly prohibited and may be unlawful. If you are not the intended > recipient, please contact the sender by return e-mail and destroy all copies > of the original message. > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators