How to add non-admin account in tempauth?

asked 2012-11-28 02:19:08 -0500

m9509201 gravatar image

Dear all, I have some question to add non-admin account in tempauth.

root@proxy:/etc/swift# swift -A https://172.16.150.60:8080/auth/v1.0 -U test:tester3 -K testing3 stat Account HEAD failed: https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...) 403 Forbidden

why test:tester3 account is forbidden ? Does anybody have the same problem? thanks all

This is my proxy-server.conf as follows: ============= [DEFAULT] cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key bind_port = 8080 workers = 8 user = swift

[pipeline:main] pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true

[filter:tempauth] use = egg:swift#tempauth user_system_root = testpass .admin https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...) user_test_tester = testing .admin https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...) user_test2_tester2 = testing2 .admin https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...) user_test_tester3 = testing3 https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...)

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

memcache_servers = 172.16.150.51:11211,172.16.150.52:11211

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2012-12-05 16:18:34 -0500

cthier gravatar image

Be default, non admin users have no access to the account. Access has to be granted by setting ACLs. See http://docs.openstack.org/developer/swift/misc.html#acls (http://docs.openstack.org/developer/s...) for more info.

edit flag offensive delete link more
0

answered 2012-12-06 01:06:39 -0500

m9509201 gravatar image

user_test_tester3 = testing3 .r:* https://172.16.150.60:8080/v1/AUTH_system (https://172.16.150.60:8080/v1/AUTH_sy...)

root@proxy:~# swift -A https://172.16.150.60:8080/auth/v1.0 -U test:tester3-K testing3 list Account GET failed: http://172.16.150.60:8080/v1/AUTH_system?format=json (http://172.16.150.60:8080/v1/AUTH_sys...) 403 Forbidden 403 Forbidden

how to add acl configuration in /etc/swift/proxy-server.conf

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-11-28 02:19:08 -0500

Seen: 120 times

Last updated: Dec 06 '12