Re: (keystone + radosgw ) users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Any idea?

Thanks a lot,
Álvaro.

-----Mensaje original-----
De: ceph-users-bounces@xxxxxxxxxxxxxx [mailto:ceph-users-bounces@xxxxxxxxxxxxxxx] En nombre de Alvaro Izquierdo Jimeno
Enviado el: viernes, 05 de julio de 2013 11:58
Para: Yehuda Sadeh
CC: ceph-users@xxxxxxxxxxxxxx
Asunto: Re:  (keystone + radosgw ) users

Hi,

Maybe i forgot something but i can't use this behavior:

I will try to explain my setting:

I have two keystone users: 'x' and 'y'
And two keystone tenants: 'xtenant' and 'ytenant'

In ceph.conf I have the option:
rgw enforce swift acls = true

I have got the token for x and xtenant with curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json'

Create a container (with permissions to ytenant) and an object curl -v -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1

I can get the container and object with x_token:
curl -v -X GET -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1

until this moment, all ok.

I have got the token for y and ytenant with 

curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json'

But, radosgw returns a 401 when I try to get the container or the bucket:
curl -v -X GET -H 'X-Auth-Token: y_token' http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: y_token' http://myradosgw/swift/v1/bucket1/object1


What have I forgotten?

Thanks and regards,
Álvaro.

-----Mensaje original-----
De: Yehuda Sadeh [mailto:yehuda@xxxxxxxxxxx] Enviado el: viernes, 05 de julio de 2013 8:39
Para: Alvaro Izquierdo Jimeno
CC: ceph-users@xxxxxxxxxxxxxx
Asunto: Re:  (keystone + radosgw ) users

The rados gateway supports swift form of ACLs on buckets in which it is possible to set read/write permissions for each bucket to allow access for its objects. This can be done by setting the X-Container-Read, and X-Container-Write attributes on the containers.
Each attribute is a comma delimited list of permitted users that are given the specific permission. Note that when using the keystone backed, the permissions are given at the tenant level, so they should be referred as such (using the tenant hex id).

On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno <aizquierdo@xxxxxxxx> wrote:
> May anybody help me?
>
>
>
> Many thanks and regards,
>
> Álvaro.
>
>
>
>
>
> De: ceph-users-bounces@xxxxxxxxxxxxxx
> [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Alvaro 
> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30
> Para: ceph-users@xxxxxxxxxxxxxx
> Asunto:  (keystone + radosgw ) users
>
>
>
> Hi all,
>
>
>
> I have been able to bind openstack keystone and radosgw and have 
> checked users created from keystone can make requests on radosgw.
>
>
>
> But, how can we handle several tenants and users from keystone? In 
> swift, we have the option of  setting up ACLs in the config file and 
> headers to mark which user can make an operation in each container in 
> a specific tenant (for example). Does it exist that option with radosgw instead of swift?
>
>
>
> Many thanks in advanced and best regards,
>
> Álvaro.
>
>
>
>
>
>
> ____________
> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA
> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
____________
Verificada la ausencia de virus por G Data AntiVirus
Versión: AVA 22.10718 del 05.07.2013
Noticias de virus: www.antiviruslab.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
____________
Verificada la ausencia de virus por G Data AntiVirus 
Versión: AVA 22.10827 del 09.07.2013 
Noticias de virus: www.antiviruslab.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com





[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux