Project

General

Profile

Bug #16694

Radosgw use swift API create container ACL failed

Added by chen bob about 4 years ago. Updated about 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
other
Tags:
swift ACL
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
rgw
Pull request ID:
Crash signature:

Description

radosgw support swift API, and I try to use swiftclient update a container's ACL with X-Container-Read: * (allows anonymous requests) , unfortunately, when I curl the object location under the container, result tell me AccessDenied!

How can I make container’s access control as publicyly accessible by swift API?

here is my swift command:

[root@CONTROL-1 ~]# swift post -r '.r:*,.rlistings'                                                                                                                                                              CIT-LTTE-BUCKET01
[root@CONTROL-1 ~]# swift stat -v CIT-LTTE-BUCKET01
                          URL: http://10.19.3.206:8080/swift/v1/CIT-LTTE-BUCKET0                                                                                                                                                             1
                   Auth Token: d250b58da1a84a7b8dc497b977fe1759
                      Account: v1
                    Container: CIT-LTTE-BUCKET01
                      Objects: 4
                        Bytes: 42031
                     Read ACL:
                    Write ACL:
                      Sync To:
                     Sync Key:
                Accept-Ranges: bytes
             X-Storage-Policy: default-placement
X-Container-Bytes-Used-Actual: 49152
                  X-Timestamp: 0.00000
                   X-Trans-Id: tx000000000000000000017-0057887f53-87e2c-default
                 Content-Type: text/plain; charset=utf-8

here is radosgw's log:

2016-07-15 11:37:24.829562 7fab94fd9700 20 RGWEnv::set(): HTTP_HOST: 10.19.3.206:8080
2016-07-15 11:37:24.829585 7fab94fd9700 20 RGWEnv::set(): CONTENT_LENGTH: 0
2016-07-15 11:37:24.829589 7fab94fd9700 20 RGWEnv::set(): HTTP_ACCEPT_ENCODING: gzip, deflate, compress
2016-07-15 11:37:24.829592 7fab94fd9700 20 RGWEnv::set(): HTTP_X_CONTAINER_READ: .r:*
2016-07-15 11:37:24.829594 7fab94fd9700 20 RGWEnv::set(): HTTP_USER_AGENT: python-swiftclient-2.3.1
2016-07-15 11:37:24.829597 7fab94fd9700 20 RGWEnv::set(): CONTENT_LENGTH: 0
2016-07-15 11:37:24.829599 7fab94fd9700 20 RGWEnv::set(): HTTP_ACCEPT: */*
2016-07-15 11:37:24.829601 7fab94fd9700 20 RGWEnv::set(): HTTP_X_AUTH_TOKEN: b1d9cfb40af64930ac428863aa467078
2016-07-15 11:37:24.829603 7fab94fd9700 20 RGWEnv::set(): REQUEST_METHOD: POST
2016-07-15 11:37:24.829605 7fab94fd9700 20 RGWEnv::set(): REQUEST_URI: /swift/v1/CIT-LTTE-BUCKET01
2016-07-15 11:37:24.829607 7fab94fd9700 20 RGWEnv::set(): QUERY_STRING:
2016-07-15 11:37:24.829609 7fab94fd9700 20 RGWEnv::set(): REMOTE_USER:
2016-07-15 11:37:24.829611 7fab94fd9700 20 RGWEnv::set(): SCRIPT_URI: /swift/v1/CIT-LTTE-BUCKET01
2016-07-15 11:37:24.829615 7fab94fd9700 20 RGWEnv::set(): SERVER_PORT: 8080
2016-07-15 11:37:24.829616 7fab94fd9700 20 CONTENT_LENGTH=0
2016-07-15 11:37:24.829617 7fab94fd9700 20 HTTP_ACCEPT=*/*
2016-07-15 11:37:24.829619 7fab94fd9700 20 HTTP_ACCEPT_ENCODING=gzip, deflate, compress
2016-07-15 11:37:24.829620 7fab94fd9700 20 HTTP_HOST=10.19.3.206:8080
2016-07-15 11:37:24.829621 7fab94fd9700 20 HTTP_USER_AGENT=python-swiftclient-2.3.1
2016-07-15 11:37:24.829622 7fab94fd9700 20 HTTP_X_AUTH_TOKEN=b1d9cfb40af64930ac428863aa467078
2016-07-15 11:37:24.829622 7fab94fd9700 20 HTTP_X_CONTAINER_READ=.r:*
2016-07-15 11:37:24.829623 7fab94fd9700 20 QUERY_STRING=
2016-07-15 11:37:24.829624 7fab94fd9700 20 REMOTE_USER=
2016-07-15 11:37:24.829624 7fab94fd9700 20 REQUEST_METHOD=POST
2016-07-15 11:37:24.829625 7fab94fd9700 20 REQUEST_URI=/swift/v1/CIT-LTTE-BUCKET01
2016-07-15 11:37:24.829626 7fab94fd9700 20 SCRIPT_URI=/swift/v1/CIT-LTTE-BUCKET01
2016-07-15 11:37:24.829627 7fab94fd9700 20 SERVER_PORT=8080
2016-07-15 11:37:24.829630 7fab94fd9700  1 ====== starting new request req=0x7fab94fd3690 =====
2016-07-15 11:37:24.829650 7fab94fd9700  2 req 15:0.000021::POST /swift/v1/CIT-LTTE-BUCKET01::initializing for trans_id = tx00000000000000000000f-0057885a74-a00f0-default
2016-07-15 11:37:24.829656 7fab94fd9700 10 host=10.19.3.206
2016-07-15 11:37:24.829659 7fab94fd9700 20 subdomain= domain= in_hosted_domain=0 in_hosted_domain_s3website=0
2016-07-15 11:37:24.829671 7fab94fd9700 10 meta>> HTTP_X_CONTAINER_READ
2016-07-15 11:37:24.829676 7fab94fd9700 10 x>> x-amz-read:.r:*
2016-07-15 11:37:24.829691 7fab94fd9700 10 ver=v1 first=CIT-LTTE-BUCKET01 req=
2016-07-15 11:37:24.829696 7fab94fd9700 10 handler=28RGWHandler_REST_Bucket_SWIFT
2016-07-15 11:37:24.829698 7fab94fd9700  2 req 15:0.000069:swift:POST /swift/v1/CIT-LTTE-BUCKET01::getting op 4
2016-07-15 11:37:24.829702 7fab94fd9700 10 op=35RGWPutMetadataBucket_ObjStore_SWIFT
2016-07-15 11:37:24.829703 7fab94fd9700  2 req 15:0.000074:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:authorizing
2016-07-15 11:37:24.829709 7fab94fd9700 20 token_id=b1d9cfb40af64930ac428863aa467078
2016-07-15 11:37:24.829715 7fab94fd9700 20 cached token.project.id=cefdcc1cb6de4079a2d2623197ef197b
2016-07-15 11:37:24.829717 7fab94fd9700 20 updating user=cefdcc1cb6de4079a2d2623197ef197b
2016-07-15 11:37:24.829748 7fab94fd9700 20 get_system_obj_state: rctx=0x7fab94fd1ef0 obj=default.rgw.users.uid:cefdcc1cb6de4079a2d2623197ef197b$cefdcc1cb6de4079a2d2623197ef197b state=0x7fac7801c308 s->prefetch_data=0
2016-07-15 11:37:24.829756 7fab94fd9700 10 cache get: name=default.rgw.users.uid+cefdcc1cb6de4079a2d2623197ef197b$cefdcc1cb6de4079a2d2623197ef197b : type miss (requested=6, cached=0)
2016-07-15 11:37:24.830756 7fab94fd9700 10 cache put: name=default.rgw.users.uid+cefdcc1cb6de4079a2d2623197ef197b$cefdcc1cb6de4079a2d2623197ef197b info.flags=0
2016-07-15 11:37:24.830772 7fab94fd9700 10 moving default.rgw.users.uid+cefdcc1cb6de4079a2d2623197ef197b$cefdcc1cb6de4079a2d2623197ef197b to cache LRU end
2016-07-15 11:37:24.830793 7fab94fd9700 20 get_system_obj_state: rctx=0x7fab94fd1ef0 obj=default.rgw.users.uid:cefdcc1cb6de4079a2d2623197ef197b state=0x7fac7801c308 s->prefetch_data=0
2016-07-15 11:37:24.830800 7fab94fd9700 10 cache get: name=default.rgw.users.uid+cefdcc1cb6de4079a2d2623197ef197b : hit (requested=6, cached=7)
2016-07-15 11:37:24.830806 7fab94fd9700 20 get_system_obj_state: s->obj_tag was set empty
2016-07-15 11:37:24.830809 7fab94fd9700 10 cache get: name=default.rgw.users.uid+cefdcc1cb6de4079a2d2623197ef197b : hit (requested=1, cached=7)
2016-07-15 11:37:24.830826 7fab94fd9700  2 req 15:0.001195:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:normalizing buckets and tenants
2016-07-15 11:37:24.830830 7fab94fd9700 10 s->object=<NULL> s->bucket=CIT-LTTE-BUCKET01
2016-07-15 11:37:24.830833 7fab94fd9700  2 req 15:0.001204:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:init permissions
2016-07-15 11:37:24.830843 7fab94fd9700 20 get_system_obj_state: rctx=0x7fab94fd2dd0 obj=default.rgw.data.root:CIT-LTTE-BUCKET01 state=0x7fac7802f668 s->prefetch_data=0
2016-07-15 11:37:24.830846 7fab94fd9700 10 cache get: name=default.rgw.data.root+CIT-LTTE-BUCKET01 : hit (requested=22, cached=23)
2016-07-15 11:37:24.830849 7fab94fd9700 20 get_system_obj_state: s->obj_tag was set empty
2016-07-15 11:37:24.830851 7fab94fd9700 20 Read xattr: user.rgw.idtag
2016-07-15 11:37:24.830852 7fab94fd9700 20 Read xattr: user.rgw.manifest
2016-07-15 11:37:24.830853 7fab94fd9700 10 cache get: name=default.rgw.data.root+CIT-LTTE-BUCKET01 : hit (requested=17, cached=23)
2016-07-15 11:37:24.830859 7fab94fd9700 20 rgw_get_bucket_info: bucket instance: CIT-LTTE-BUCKET01(@{i=default.rgw.buckets.index,e=default.rgw.buckets.non-ec}default.rgw.buckets.data[860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27])
2016-07-15 11:37:24.830865 7fab94fd9700 20 reading from default.rgw.data.root:.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27
2016-07-15 11:37:24.830869 7fab94fd9700 20 get_system_obj_state: rctx=0x7fab94fd2dd0 obj=default.rgw.data.root:.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 state=0x7fac7800f7d8 s->prefetch_data=0
2016-07-15 11:37:24.830872 7fab94fd9700 10 cache get: name=default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 : hit (requested=22, cached=23)
2016-07-15 11:37:24.830880 7fab94fd9700 20 get_system_obj_state: s->obj_tag was set empty
2016-07-15 11:37:24.830882 7fab94fd9700 20 Read xattr: user.rgw.acl
2016-07-15 11:37:24.830882 7fab94fd9700 20 Read xattr: user.rgw.idtag
2016-07-15 11:37:24.830883 7fab94fd9700 20 Read xattr: user.rgw.manifest
2016-07-15 11:37:24.830883 7fab94fd9700 20 Read xattr: user.rgw.x-amz-read
2016-07-15 11:37:24.830884 7fab94fd9700 20 Read xattr: user.rgw.x-amz-write
2016-07-15 11:37:24.830886 7fab94fd9700 10 cache get: name=default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 : hit (requested=17, cached=23)
2016-07-15 11:37:24.830899 7fab94fd9700 10 chain_cache_entry: cache_locator=default.rgw.data.root+CIT-LTTE-BUCKET01
2016-07-15 11:37:24.830900 7fab94fd9700 10 chain_cache_entry: cache_locator=default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27
2016-07-15 11:37:24.830919 7fab94fd9700 15 decode_policy Read AccessControlPolicy<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>cefdcc1cb6de4079a2d2623197ef197b</ID><DisplayName>CIT-LTTE</DisplayName></Owner><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID>cefdcc1cb6de4079a2d2623197ef197b</ID><DisplayName>CIT-LTTE</DisplayName></Grantee><Permission>FULL_CONTROL</Permission></Grant></AccessControlList></AccessControlPolicy>
2016-07-15 11:37:24.830930 7fab94fd9700  2 req 15:0.001300:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:recalculating target
2016-07-15 11:37:24.830932 7fab94fd9700  2 req 15:0.001302:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:reading permissions
2016-07-15 11:37:24.830934 7fab94fd9700  2 req 15:0.001305:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:init op
2016-07-15 11:37:24.830936 7fab94fd9700  2 req 15:0.001307:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:verifying op mask
2016-07-15 11:37:24.830938 7fab94fd9700 20 required_mask= 2 user.op_mask=7
2016-07-15 11:37:24.830939 7fab94fd9700  2 req 15:0.001310:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:verifying op permissions
2016-07-15 11:37:24.830943 7fab94fd9700  5 Searching permissions for uid=cefdcc1cb6de4079a2d2623197ef197b mask=50
2016-07-15 11:37:24.830944 7fab94fd9700  5 Found permission: 15
2016-07-15 11:37:24.830945 7fab94fd9700  5 Searching permissions for group=1 mask=50
2016-07-15 11:37:24.830946 7fab94fd9700  5 Permissions for group not found
2016-07-15 11:37:24.830947 7fab94fd9700  5 Searching permissions for group=2 mask=50
2016-07-15 11:37:24.830948 7fab94fd9700  5 Permissions for group not found
2016-07-15 11:37:24.830949 7fab94fd9700  5 Getting permissions id=cefdcc1cb6de4079a2d2623197ef197b owner=cefdcc1cb6de4079a2d2623197ef197b perm=2
2016-07-15 11:37:24.830950 7fab94fd9700 10  uid=cefdcc1cb6de4079a2d2623197ef197b requested perm (type)=2, policy perm=2, user_perm_mask=2, acl perm=2
2016-07-15 11:37:24.830952 7fab94fd9700  2 req 15:0.001322:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:verifying op params
2016-07-15 11:37:24.830953 7fab94fd9700  2 req 15:0.001324:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:pre-executing
2016-07-15 11:37:24.830955 7fab94fd9700  2 req 15:0.001326:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:executing
2016-07-15 11:37:24.830973 7fab94fd9700 10 x>> x-amz-read:.r:*
2016-07-15 11:37:24.835439 7fab94fd9700 10 cache put: name=default.rgw.meta+.meta:bucket.instance:CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27:_CY8BwSempRf3VFhOu3LYxmo:20 info.flags=23
2016-07-15 11:37:24.835455 7fab94fd9700 10 adding default.rgw.meta+.meta:bucket.instance:CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27:_CY8BwSempRf3VFhOu3LYxmo:20 to cache LRU end
2016-07-15 11:37:24.835457 7fab94fd9700 10 updating xattr: name=user.rgw.acl bl.length()=241
2016-07-15 11:37:24.835458 7fab94fd9700 10 updating xattr: name=user.rgw.idtag bl.length()=0
2016-07-15 11:37:24.835459 7fab94fd9700 10 updating xattr: name=user.rgw.manifest bl.length()=0
2016-07-15 11:37:24.835459 7fab94fd9700 10 updating xattr: name=user.rgw.x-amz-read bl.length()=5
2016-07-15 11:37:24.835460 7fab94fd9700 10 updating xattr: name=user.rgw.x-amz-write bl.length()=2
2016-07-15 11:37:24.835475 7fab94fd9700 10 distributing notification oid=notify.0 bl.length()=1109
2016-07-15 11:37:24.836432 7facc17fa700 10 RGWWatcher::handle_notify()  notify_id 4702989189210 cookie 140380603603248 notifier 655600 bl.length()=1109
2016-07-15 11:37:24.836485 7facc17fa700 10 cache put: name=default.rgw.meta+.meta:bucket.instance:CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27:_CY8BwSempRf3VFhOu3LYxmo:20 info.flags=23
2016-07-15 11:37:24.836491 7facc17fa700 10 moving default.rgw.meta+.meta:bucket.instance:CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27:_CY8BwSempRf3VFhOu3LYxmo:20 to cache LRU end
2016-07-15 11:37:24.836501 7facc17fa700 10 updating xattr: name=user.rgw.acl bl.length()=241
2016-07-15 11:37:24.836503 7facc17fa700 10 updating xattr: name=user.rgw.idtag bl.length()=0
2016-07-15 11:37:24.836504 7facc17fa700 10 updating xattr: name=user.rgw.manifest bl.length()=0
2016-07-15 11:37:24.836505 7facc17fa700 10 updating xattr: name=user.rgw.x-amz-read bl.length()=5
2016-07-15 11:37:24.836507 7facc17fa700 10 updating xattr: name=user.rgw.x-amz-write bl.length()=2
2016-07-15 11:37:24.843157 7fab94fd9700 10 cache put: name=default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 info.flags=23
2016-07-15 11:37:24.843172 7fab94fd9700 10 moving default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 to cache LRU end
2016-07-15 11:37:24.843177 7fab94fd9700 10 updating xattr: name=user.rgw.acl bl.length()=241
2016-07-15 11:37:24.843178 7fab94fd9700 10 updating xattr: name=user.rgw.idtag bl.length()=0
2016-07-15 11:37:24.843178 7fab94fd9700 10 updating xattr: name=user.rgw.manifest bl.length()=0
2016-07-15 11:37:24.843179 7fab94fd9700 10 updating xattr: name=user.rgw.x-amz-read bl.length()=5
2016-07-15 11:37:24.843180 7fab94fd9700 10 updating xattr: name=user.rgw.x-amz-write bl.length()=2
2016-07-15 11:37:24.843198 7fab94fd9700 10 distributing notification oid=notify.1 bl.length()=1092
2016-07-15 11:37:24.843918 7facc17fa700 10 RGWWatcher::handle_notify()  notify_id 4702989189223 cookie 140380603605232 notifier 655600 bl.length()=1092
2016-07-15 11:37:24.843952 7facc17fa700 10 cache put: name=default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 info.flags=23
2016-07-15 11:37:24.843956 7facc17fa700 10 moving default.rgw.data.root+.bucket.meta.CIT-LTTE-BUCKET01:860f18d7-bf55-4339-8ed0-5733fadf24b7.554698.27 to cache LRU end
2016-07-15 11:37:24.843962 7facc17fa700 10 updating xattr: name=user.rgw.acl bl.length()=241
2016-07-15 11:37:24.843963 7facc17fa700 10 updating xattr: name=user.rgw.idtag bl.length()=0
2016-07-15 11:37:24.843964 7facc17fa700 10 updating xattr: name=user.rgw.manifest bl.length()=0
2016-07-15 11:37:24.843965 7facc17fa700 10 updating xattr: name=user.rgw.x-amz-read bl.length()=5
2016-07-15 11:37:24.843966 7facc17fa700 10 updating xattr: name=user.rgw.x-amz-write bl.length()=2
2016-07-15 11:37:24.844859 7fab94fd9700  2 req 15:0.015229:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:completing
2016-07-15 11:37:24.844909 7fab94fd9700  2 req 15:0.015280:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:op status=1902
2016-07-15 11:37:24.844916 7fab94fd9700  2 req 15:0.015287:swift:POST /swift/v1/CIT-LTTE-BUCKET01:put_bucket_metadata:http status=204
2016-07-15 11:37:24.844921 7fab94fd9700  1 ====== req done req=0x7fab94fd3690 op status=1902 http_status=204 ======
2016-07-15 11:37:24.844934 7fab94fd9700 20 process_request() returned -1902
2016-07-15 11:37:24.844960 7fab94fd9700  1 civetweb: 0x7fac78049d80: 10.19.3.204 - - [15/Jul/2016:11:37:24 +0800] "POST /swift/v1/CIT-LTTE-BUCKET01 HTTP/1.1" 204 0 - python-swiftclient-2.3.1

here is bucket's policy:

[root@AIBJ-ITC-RADOSGW-2 ~]# radosgw-admin policy --bucket CIT-LTTE-BUCKET01
2016-07-15 13:29:25.610636 7fb921630a40  0 RGWZoneParams::create(): error creating default zone params: (17) File exists
{
    "acl": {
        "acl_user_map": [
            {
                "user": "cefdcc1cb6de4079a2d2623197ef197b",
                "acl": 15
            }
        ],
        "acl_group_map": [],
        "grant_map": [
            {
                "id": "cefdcc1cb6de4079a2d2623197ef197b",
                "grant": {
                    "type": {
                        "type": 0
                    },
                    "id": "cefdcc1cb6de4079a2d2623197ef197b",
                    "email": "",
                    "permission": {
                        "flags": 15
                    },
                    "name": "CIT-LTTE",
                    "group": 0
                }
            }
        ]
    },
    "owner": {
        "id": "cefdcc1cb6de4079a2d2623197ef197b",
        "display_name": "CIT-LTTE" 
    }
}

curl:

[root@CONTROL-1 ~]# curl -X GET -i -H "X-Auth-Token: 89891c55bbd54f63abe4aae8564f0d8e"  http://10.19.3.206:8080/swift/v1/CIT-LTTE-BUCKET01
HTTP/1.1 200 OK
X-Timestamp: 0.00000
X-Container-Object-Count: 4
X-Container-Bytes-Used: 42031
X-Container-Bytes-Used-Actual: 49152
X-Storage-Policy: default-placement
X-Trans-Id: tx000000000000000000025-00578860a8-a00f0-default
Content-Length: 69
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Fri, 15 Jul 2016 04:03:52 GMT

8138AAC59E222A76273EB5541E4DE080.png
feixing.png
test1.png
test12.png
[root@CONTROL-1 ~]# curl -X GET http://10.19.3.206:8080/swift/v1/CIT-LTTE-BUCKET01/8138AAC59E222A76273EB5541E4DE080.png
AccessDenied
[root@CONTROL-1 ~(keystone_CIT-LTTE)]#

Dose radosgw support swift ACL API? thanks!!


Related issues

Duplicates rgw - Bug #15976: rgw: updating CORS/ACLs might not work in some circumstances Resolved 05/21/2016

History

#1 Updated by Sirisha Guduru about 4 years ago

Firstly, in the command mentioned, "swift post -r '.r:*,.rlistings'", i don't see any container name mentioned. If its a new container, specify the name and check.

In ceph version 10.2.1, ACLs cannot be set on the containers already created(i.e., POST), as tested. They can be set only while the creation of the container(which is a PUT request). Its apparently fixed in later versions of 10.2.2, as we tested.

So just look at this, I have created a new container with read permissions:

  • swift post newtestbucket -r '.r:*,.rlistings'
  • swift stat newtestbucket
    Account: v1
    Container: newtestbucket
    Objects: 0
    Bytes: 0
    Read ACL: .r:*
    Write ACL:
    Sync To:
    Sync Key:
    Accept-Ranges: bytes
    X-Trans-Id: tx00000000000000000674b-005788b0bd-121a8-default
    X-Storage-Policy: default-placement
    X-Container-Bytes-Used-Actual: 0
    Connection: Keep-Alive
    X-Timestamp: 0.00000
    Content-Type: text/plain; charset=utf-8
  • curl -i http://X.X.X.X:8080/swift/v1/newtestbucket -X GET -H "X-Auth-Token: f5d39a4d03224d7a9c73177ba9c8218e"
    HTTP/1.1 204 No Content
    X-Timestamp: 0.00000
    X-Container-Object-Count: 0
    X-Container-Bytes-Used: 0
    X-Container-Bytes-Used-Actual: 0
    X-Container-Read: .r:*
    X-Storage-Policy: default-placement
    X-Trans-Id: tx00000000000000000674e-005788b1a1-121a8-default
    Content-Length: 0
    Accept-Ranges: bytes
    Content-Type: text/plain; charset=utf-8
    Date: Fri, 15 Jul 2016 09:49:21 GMT

#2 Updated by Sirisha Guduru about 4 years ago

Sirisha Guduru wrote:

Firstly, in the command mentioned, "swift post -r '.r:*,.rlistings'", i don't see any container name mentioned. If its a new container, specify the name and check.

In ceph version 10.2.1, ACLs cannot be set on the containers already created(i.e., POST), as tested. They can be set only while the creation of the container(which is a PUT request). Its apparently fixed in master, as we tested.

So just look at this, I have created a new container with read permissions:

  • swift post newtestbucket -r '.r:*,.rlistings'
  • swift stat newtestbucket
    Account: v1
    Container: newtestbucket
    Objects: 0
    Bytes: 0
    Read ACL: .r:*
    Write ACL:
    Sync To:
    Sync Key:
    Accept-Ranges: bytes
    X-Trans-Id: tx00000000000000000674b-005788b0bd-121a8-default
    X-Storage-Policy: default-placement
    X-Container-Bytes-Used-Actual: 0
    Connection: Keep-Alive
    X-Timestamp: 0.00000
    Content-Type: text/plain; charset=utf-8
  • curl -i http://X.X.X.X:8080/swift/v1/newtestbucket -X GET -H "X-Auth-Token: f5d39a4d03224d7a9c73177ba9c8218e"
    HTTP/1.1 204 No Content
    X-Timestamp: 0.00000
    X-Container-Object-Count: 0
    X-Container-Bytes-Used: 0
    X-Container-Bytes-Used-Actual: 0
    X-Container-Read: .r:*
    X-Storage-Policy: default-placement
    X-Trans-Id: tx00000000000000000674e-005788b1a1-121a8-default
    Content-Length: 0
    Accept-Ranges: bytes
    Content-Type: text/plain; charset=utf-8
    Date: Fri, 15 Jul 2016 09:49:21 GMT

#3 Updated by Radoslaw Zarzynski about 4 years ago

  • Duplicates Bug #15976: rgw: updating CORS/ACLs might not work in some circumstances added

#4 Updated by Radoslaw Zarzynski about 4 years ago

  • Status changed from New to Resolved

#5 Updated by Radoslaw Zarzynski about 4 years ago

  • Status changed from Resolved to Duplicate

Really looks like a duplicate of #15976. In the provided log we can see that POST method was used:

2016-07-15 11:37:24.829650 7fab94fd9700  2 req 15:0.000021::POST /swift/v1/CIT-LTTE-BUCKET01::initializing for trans_id = tx00000000000000000000f-0057885a74-a00f0-default

Also available in: Atom PDF