Re: (keystone + radosgw ) users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Maybe i forgot something but i can't use this behavior:

I will try to explain my setting:

I have two keystone users: 'x' and 'y'
And two keystone tenants: 'xtenant' and 'ytenant'

In ceph.conf I have the option:
rgw enforce swift acls = true

I have got the token for x and xtenant with
curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json'

Create a container (with permissions to ytenant) and an object
curl -v -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1
curl -v -X PUT -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1

I can get the container and object with x_token:
curl -v -X GET -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1
curl -v -X GET -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1

until this moment, all ok.

I have got the token for y and ytenant with 

curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json'

But, radosgw returns a 401 when I try to get the container or the bucket:
curl -v -X GET -H 'X-Auth-Token: y_token' http://myradosgw/swift/v1/bucket1
curl -v -X GET -H 'X-Auth-Token: y_token' http://myradosgw/swift/v1/bucket1/object1


What have I forgotten?

Thanks and regards,
Álvaro.

-----Mensaje original-----
De: Yehuda Sadeh [mailto:yehuda@xxxxxxxxxxx] 
Enviado el: viernes, 05 de julio de 2013 8:39
Para: Alvaro Izquierdo Jimeno
CC: ceph-users@xxxxxxxxxxxxxx
Asunto: Re:  (keystone + radosgw ) users

The rados gateway supports swift form of ACLs on buckets in which it is possible to set read/write permissions for each bucket to allow access for its objects. This can be done by setting the X-Container-Read, and X-Container-Write attributes on the containers.
Each attribute is a comma delimited list of permitted users that are given the specific permission. Note that when using the keystone backed, the permissions are given at the tenant level, so they should be referred as such (using the tenant hex id).

On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno <aizquierdo@xxxxxxxx> wrote:
> May anybody help me?
>
>
>
> Many thanks and regards,
>
> Álvaro.
>
>
>
>
>
> De: ceph-users-bounces@xxxxxxxxxxxxxx
> [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Alvaro 
> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30
> Para: ceph-users@xxxxxxxxxxxxxx
> Asunto:  (keystone + radosgw ) users
>
>
>
> Hi all,
>
>
>
> I have been able to bind openstack keystone and radosgw and have 
> checked users created from keystone can make requests on radosgw.
>
>
>
> But, how can we handle several tenants and users from keystone? In 
> swift, we have the option of  setting up ACLs in the config file and 
> headers to mark which user can make an operation in each container in 
> a specific tenant (for example). Does it exist that option with radosgw instead of swift?
>
>
>
> Many thanks in advanced and best regards,
>
> Álvaro.
>
>
>
>
>
>
> ____________
> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA 
> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
____________
Verificada la ausencia de virus por G Data AntiVirus 
Versión: AVA 22.10718 del 05.07.2013 
Noticias de virus: www.antiviruslab.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com





[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux