On 7/12/18 4:27 AM, Florian Haas wrote: > On 05/12/2018 23:08, Mark Kirkwood wrote: >> Hi, another question relating to multi tenanted RGW. >> >> Let's do the working case 1st. For a user that still uses the global >> namespace, if I set a bucket as world readable (header >> "X-Container-Read: .r:*") then I can fetch objects from the bucket via a >> url like (e.g bucket0, object0): >> >> http://host/swift/v1/bucket0/object0 >> >> Now suppose I do the same for a bucket (bucket1) that is in a private >> namespace (i.e set the header again). Now there appears to be no way to >> access the bucket w/o authentication. i.e: >> >> http://host/swift/v1/bucket1/object1 >> >> Gets a no-such-bucket (if tried w/o auth). Now I can see the actual path >> via radosgw-admin: >> >> $ sudo radosgw-admin bucket list >> [ >> "bucket0", >> "195b20a3f8264ac38e7d917f605476fa/bucket1" >> ] >> >> However attempting the obvious guessed url of: >> >> http://host/swift/v1/195b20a3f8264ac38e7d917f605476fa/bucket1/object1 >> >> gets a no-such-bucket as well. Is there are way to get public access of >> objects in private namespaces - or is the private designation intended >> to make this impossible? > This is part of my pending doc PR that I really, really hope to get > merged some time soon: > > http://docs.ceph.com/ceph-prs/25056/radosgw/swift/containerops/#update-a-container-s-acls > > See the note about "rgw swift account in url = true" and Keystone > endpoints there. > > Same applies to temp URLs, by the way: > > http://docs.ceph.com/ceph-prs/25056/radosgw/swift/tempurl/#temp-url-operations > Thanks Florian - immediately after sending that email, I wondered about dicking with the Keystone endpoints.... Cheers Mark _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |