I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id.
Vish On Fri, May 11, 2012 at 12:51 AM, 张家龙 <zhan...@awcloud.com> wrote: > > Hello, everyone. > > I encountered some problems when i set permissions (ACLs) on Openstack > Swift containers. > I installed swift-1.4.8(essex) and use keystone-2012.1 as > authentication system on CentOS 6.2 . > > My swift proxy-server.conf and keystone.conf are here: > http://pastebin.com/dUnHjKSj > > Then,I use the script named opensatck_essex_data.sh( > http://pastebin.com/LWGVZrK0) to > initialize keystone. > > After these operations,I got the token of demo:demo and newuser:newuser > > curl -s -H 'Content-type: application/json' \ > -d '{"auth": {"tenantName": "demo", "passwordCredentials": > {"username": "demo", "password": "admin"}}}' \ > http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool > > curl -s -H 'Content-type: application/json' \ > -d '{"auth": {"tenantName": "newuser", "passwordCredentials": > {"username": "newuser", "password": "admin"}}}' \ > http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool > > Then,enable read access to newuser:newuser > > curl –X PUT -i \ > -H "X-Auth-Token: <token of demo:demo>" \ > -H "X-Container-Read: newuser:newuser" \ > > http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc > > Check the permission of the container: > > curl -k -v -H 'X-Auth-Token:<token of demo:demo>' \ > > http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc > > This is the reply of the operation: > > HTTP/1.1 200 OK > X-Container-Object-Count: 1 > X-Container-Read: newuser:newuser > X-Container-Bytes-Used: 2735 > Accept-Ranges: bytes > Content-Length: 24 > Content-Type: text/plain; charset=utf-8 > Date: Fri, 11 May 2012 07:30:23 GMT > > opensatck_essex_data.sh > > Now,the user newuser:newuser visit the container of demo:demo > > curl -k -v -H 'X-Auth-Token:<token of newuser:newuser>' \ > > http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc > > While,I got 403 error.Can someone help me? > > ** > ------------------ > Best Regards > > ZhangJialong > ** > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp