X-Account-Read

asked 2014-06-23 14:05:44 -0600

Greetings,

I have a readonly account in a tenant. That readonly account can read/list/stat a specific container based on the following container ACL:

[root@myhostname ~]# swift stat imageserver
       Account: AUTH_ab8bb98436294dd9b13fe0f252806cd7
     Container: imageserver
       Objects: 1034662
         Bytes: 214367142398
      Read ACL: mytenant:myreaduser
     Write ACL: mytenant:myloaduser
       Sync To:
      Sync Key:
    X-Cnection: close
           Via: 1.1 myhostname:8443
 Accept-Ranges: bytes
          Vary: Accept-Encoding
   X-Timestamp: 1403165800.37900
  Content-Type: text/plain; charset=utf-8
[root@myhostname ~]#

Problem is that the read only account cannot list containers in the account to get to it. So I tried setting the following account level ACL:

[root@myhostname ~]# swift post  'X-Account-Read: mytenant:myreaduser'
[root@myhostname ~]# swift stat
       Account: AUTH_ab8bb98436294dd9b13fe0f252806cd7
    Containers: 2
       Objects: 1002686
         Bytes: 209879720679
Meta X-Account-Read: mytenant:myreaduser
    X-Cnection: close
           Via: 1.1 myhostname:8443
          Vary: Accept-Encoding
   X-Timestamp: 1403165800.23848
  Content-Type: text/plain; charset=utf-8
 Accept-Ranges: bytes
[root@myhostname ~]#

This does not work, returning a 503 forbidden. Any advice on how to set read-only ACLs at the account level?

TIA

edit retag flag offensive close merge delete

Comments

Found any solutions yet? I have the same problem.

Campos gravatar imageCampos ( 2015-03-03 08:32:14 -0600 )edit