This syntax is correct:
curl -i -X POST -H "X-Auth-Token: $tokenTest1" -H "X-Container-Read:
*:*" -H " \
X-Container-Write: *:*"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
curl -i -X GET -H "X-Auth-Token: $tokenTest2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
X-Container-Object-Count: 0
Accept-Ranges: bytes
X-Timestamp: 1384268871.16508
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 09:42:33 GMT
Connection: close
I don't understand why but today is ok for me.
curl -i -X POST -H "X-Auth-Token: $tokenTest1" -H "X-container-Read:
test2:test2" \
-H "X-Container-Write: test2:test2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
curl -i -X GET -H "X-Auth-Token: $tokenTest1"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
X-Container-Object-Count: 0
X-Container-Write: test2:test2
Accept-Ranges: bytes
X-Timestamp: 1384268871.16508
X-Container-Read: test2:test2
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 09:58:09 GMT
Connection: close
curl -i -X GET -H "X-Auth-Token: $tokenTest2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
X-Container-Object-Count: 0
Accept-Ranges: bytes
X-Timestamp: 1384268871.16508
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 09:56:55 GMT
Connection: close
Thank you for help
On 2013-11-13 10:31, thorf...@poivron.org wrote:
@Dheerendra:
the correct IP address is 192.168.3.100. It's a mistake. Same problem
with correct ip adress.
@Kuo Hugo:
I don't understand the item 1.
On the item 2:
curl -i -X POST -H "X-Auth-Token: $tokenTest1" -H
"X-Container-Read:test2" -H "X-Container-Write: test2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:55:57 GMT
Connection: close
curl -i -X GET -H "X-Auth-Token: $tokenTest1"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 204 No Content
Content-Length: 0
X-Container-Object-Count: 0
X-Container-Write: test2
Accept-Ranges: bytes
X-Timestamp: 1384268871.16508
X-Container-Read: test2
X-Container-Bytes-Used: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:56:00 GMT
Connection: close
curl -i -X GET -H "X-Auth-Token: $tokenTest2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Nov 2013 08:56:18 GMT
Connection: close
Same problem. Can you test this please?
On 2013-11-12 18:26, Kuo Hugo wrote:
Hi
From my point of view. There may has two potential problems.
1. The read ACL is not allowing to list objects in a container by
default. And your request is for retrieving objects list of a
container tho.
2. For Keystone, I think the value of ACL header should be the
username instead of username:tenant-name.
For reference
: http://docs.openstack.org/developer/swift/misc.html#acls [11]
Perhaps I can test it tomorrow morning.
+Hugo Kuo+
(+886) 935004793
SwiftStack Inc.
2013/11/13 <thorf...@poivron.org [12]>
Hi all,
I use Openstack Havana (Storage + Identity)
I encountered some problems when i set permissions (ACLs) on
Openstack Swift containers.
My swift proxy-server.conf is here:
http://pastebin.com/0hpfebNp [1]
My keystone.conf is here:
http://pastebin.com/VUGYbcM5 [2]
I have the token of test1:test1 and test2:test2
curl -s -H 'Content-type: application/json'
-d '{"auth": {"tenantName": "test1", "passwordCredentials":
{"username": "test1", "password": "test1"}}}'
http://192.168.3.100:5000/v2.0/tokens [3] | python -mjson.tool
curl -s -H 'Content-type: application/json'
-d '{"auth": {"tenantName": "test2", "passwordCredentials":
{"username": "test2", "password": "test2"}}}'
http://192.168.3.100:5000/v2.0/tokens [4] | python -mjson.tool
Then,enable read access to test2:test2
curl -i -X PUT -H "X-Auth-Token: $tokenTest1"
-H "X-Container-Read:test2:test2"
-H "X-Container-Write: test2:test2"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo [5]
Check the permission of the container:
curl -k -v -H "X-Auth-Token:$tokenTest1"
http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo [6]
This is the reply of the operation:
HTTP/1.1 204 No Content
< Content-Length: 0
< X-Container-Object-Count: 0
< X-Container-Write: test2:test2
< Accept-Ranges: bytes
< X-Timestamp: 1384268871.16508
< X-Container-Read: test2:test2
< X-Container-Bytes-Used: 0
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 12 Nov 2013 16:30:16 GMT
Now,the user test2:test2 visit the container of test1:test1
curl -k -v -H 'X-Auth-Token:$tokenTest2'
http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo [7]
< HTTP/1.1 403 Forbidden
< Content-Length: 73
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 12 Nov 2013 16:34:24 GMT
< Connection: close
<
* Closing connection 0
<html><h1>Forbidden</h1><p>Access was denied to this
resource.</p></html>
While,I got 403 error.Can someone help me?
Best Regards
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [8]
Post to : openstack@lists.openstack.org [9]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10]
Links:
------
[1] http://pastebin.com/0hpfebNp
[2] http://pastebin.com/VUGYbcM5
[3] http://192.168.3.100:5000/v2.0/tokens
[4] http://192.168.3.100:5000/v2.0/tokens
[5] http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
[6] http://192.168.3.100:8080/v1/AUTH_$tenantTest1/foo
[7] http://127.0.0.1:8080/v1/AUTH_$tenantTest1/foo
[8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[9] mailto:openstack@lists.openstack.org
[10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[11] http://docs.openstack.org/developer/swift/misc.html#acls
[12] mailto:thorf...@poivron.org
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
