On 05/12/2018 23:08, Mark Kirkwood wrote: > Hi, another question relating to multi tenanted RGW. > > Let's do the working case 1st. For a user that still uses the global > namespace, if I set a bucket as world readable (header > "X-Container-Read: .r:*") then I can fetch objects from the bucket via a > url like (e.g bucket0, object0): > > http://host/swift/v1/bucket0/object0 > > Now suppose I do the same for a bucket (bucket1) that is in a private > namespace (i.e set the header again). Now there appears to be no way to > access the bucket w/o authentication. i.e: > > http://host/swift/v1/bucket1/object1 > > Gets a no-such-bucket (if tried w/o auth). Now I can see the actual path > via radosgw-admin: > > $ sudo radosgw-admin bucket list > [ > "bucket0", > "195b20a3f8264ac38e7d917f605476fa/bucket1" > ] > > However attempting the obvious guessed url of: > > http://host/swift/v1/195b20a3f8264ac38e7d917f605476fa/bucket1/object1 > > gets a no-such-bucket as well. Is there are way to get public access of > objects in private namespaces - or is the private designation intended > to make this impossible? This is part of my pending doc PR that I really, really hope to get merged some time soon: http://docs.ceph.com/ceph-prs/25056/radosgw/swift/containerops/#update-a-container-s-acls See the note about "rgw swift account in url = true" and Keystone endpoints there. Same applies to temp URLs, by the way: http://docs.ceph.com/ceph-prs/25056/radosgw/swift/tempurl/#temp-url-operations Cheers, Florian _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |