Re: (keystone + radosgw ) users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Can you try using 'HTTP-X-Container-Read' instead?

On Mon, Jul 8, 2013 at 11:31 PM, Alvaro Izquierdo Jimeno
<aizquierdo@xxxxxxxx> wrote:
> Hi,
>
> I´m using RedHat 6.4.
> Attached two files: one with the log output from GET bucket1 from ytenant and the other with the log output from GET object1 from ytenant (both with 401 response)
>
> When I get the bucket (after the Put request with X-Container-Read header) from xtenant, I can see
>
> < HTTP/1.1 200
> < Date: Tue, 09 Jul 2013 06:24:27 GMT
> < Server: Apache/2.2.15 (Red Hat)
> < Connection: close
> < Transfer-Encoding: chunked
> < Content-Type: text/plain; charset=utf-8
> <
> Object1
> * Closing connection #0
>
> But, where is the X-Container-Read header? it should appear? Maybe the problem is saving the metadata header....
>
> Thanks a lot,
> Álvaro
>
>
>
> -----Mensaje original-----
> De: Yehuda Sadeh [mailto:yehuda@xxxxxxxxxxx]
> Enviado el: martes, 09 de julio de 2013 7:53
> Para: Alvaro Izquierdo Jimeno
> CC: ceph-users@xxxxxxxxxxxxxx
> Asunto: Re:  (keystone + radosgw ) users
>
> From what I can tell, this should be enough. I'll need to see more concrete logs to figure out what went wrong though.
>
> Yehuda
>
> On Mon, Jul 8, 2013 at 10:47 PM, Alvaro Izquierdo Jimeno <aizquierdo@xxxxxxxx> wrote:
>> Any idea?
>>
>> Thanks a lot,
>> Álvaro.
>>
>> -----Mensaje original-----
>> De: ceph-users-bounces@xxxxxxxxxxxxxx
>> [mailto:ceph-users-bounces@xxxxxxxxxxxxxxx] En nombre de Alvaro
>> Izquierdo Jimeno Enviado el: viernes, 05 de julio de 2013 11:58
>> Para: Yehuda Sadeh
>> CC: ceph-users@xxxxxxxxxxxxxx
>> Asunto: Re:  (keystone + radosgw ) users
>>
>> Hi,
>>
>> Maybe i forgot something but i can't use this behavior:
>>
>> I will try to explain my setting:
>>
>> I have two keystone users: 'x' and 'y'
>> And two keystone tenants: 'xtenant' and 'ytenant'
>>
>> In ceph.conf I have the option:
>> rgw enforce swift acls = true
>>
>> I have got the token for x and xtenant with curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json'
>>
>> Create a container (with permissions to ytenant) and an object curl -v
>> -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token:
>> x_token' http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H
>> 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1
>>
>> I can get the container and object with x_token:
>> curl -v -X GET -H 'X-Auth-Token: x_token'
>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token:
>> x_token' http://myradosgw/swift/v1/bucket1/object1
>>
>> until this moment, all ok.
>>
>> I have got the token for y and ytenant with
>>
>> curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json'
>>
>> But, radosgw returns a 401 when I try to get the container or the bucket:
>> curl -v -X GET -H 'X-Auth-Token: y_token'
>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token:
>> y_token' http://myradosgw/swift/v1/bucket1/object1
>>
>>
>> What have I forgotten?
>>
>> Thanks and regards,
>> Álvaro.
>>
>> -----Mensaje original-----
>> De: Yehuda Sadeh [mailto:yehuda@xxxxxxxxxxx] Enviado el: viernes, 05
>> de julio de 2013 8:39
>> Para: Alvaro Izquierdo Jimeno
>> CC: ceph-users@xxxxxxxxxxxxxx
>> Asunto: Re:  (keystone + radosgw ) users
>>
>> The rados gateway supports swift form of ACLs on buckets in which it is possible to set read/write permissions for each bucket to allow access for its objects. This can be done by setting the X-Container-Read, and X-Container-Write attributes on the containers.
>> Each attribute is a comma delimited list of permitted users that are given the specific permission. Note that when using the keystone backed, the permissions are given at the tenant level, so they should be referred as such (using the tenant hex id).
>>
>> On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno <aizquierdo@xxxxxxxx> wrote:
>>> May anybody help me?
>>>
>>>
>>>
>>> Many thanks and regards,
>>>
>>> Álvaro.
>>>
>>>
>>>
>>>
>>>
>>> De: ceph-users-bounces@xxxxxxxxxxxxxx
>>> [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Alvaro
>>> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30
>>> Para: ceph-users@xxxxxxxxxxxxxx
>>> Asunto:  (keystone + radosgw ) users
>>>
>>>
>>>
>>> Hi all,
>>>
>>>
>>>
>>> I have been able to bind openstack keystone and radosgw and have
>>> checked users created from keystone can make requests on radosgw.
>>>
>>>
>>>
>>> But, how can we handle several tenants and users from keystone? In
>>> swift, we have the option of  setting up ACLs in the config file and
>>> headers to mark which user can make an operation in each container in
>>> a specific tenant (for example). Does it exist that option with radosgw instead of swift?
>>>
>>>
>>>
>>> Many thanks in advanced and best regards,
>>>
>>> Álvaro.
>>>
>>>
>>>
>>>
>>>
>>>
>>> ____________
>>> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA
>>> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com
>>>
>>>
>>> _______________________________________________
>>> ceph-users mailing list
>>> ceph-users@xxxxxxxxxxxxxx
>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>>
>> ____________
>> Verificada la ausencia de virus por G Data AntiVirus
>> Versión: AVA 22.10718 del 05.07.2013
>> Noticias de virus: www.antiviruslab.com
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>> ____________
>> Verificada la ausencia de virus por G Data AntiVirus
>> Versión: AVA 22.10827 del 09.07.2013
>> Noticias de virus: www.antiviruslab.com
>
> ____________
> Verificada la ausencia de virus por G Data AntiVirus
> Versión: AVA 22.10829 del 09.07.2013
> Noticias de virus: www.antiviruslab.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com





[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux