I looked at the code and it seems that the HTTP-X-Container-Read is only expected when updating the object / container metadata. Therefore, try to do a POST operation after the container's creation with that specific field.
On Tue, Jul 9, 2013 at 12:04 AM, Alvaro Izquierdo Jimeno <[email protected]> wrote: > And now attached the log from creating bucket with the header > X-Container-read (without http). > > > > -----Mensaje original----- > De: [email protected] > [mailto:[email protected]] En nombre de Alvaro Izquierdo > Jimeno > Enviado el: martes, 09 de julio de 2013 8:55 > Para: Yehuda Sadeh > CC: [email protected] > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > The same result. > > Attached the log from creating bucket with the header 'HTTP-X-Container-Read' > > Response of HEAD of the bucket1 > < HTTP/1.1 204 > < Date: Tue, 09 Jul 2013 06:53:55 GMT > < Server: Apache/2.2.15 (Red Hat) > < X-Container-Object-Count: 1 > < X-Container-Bytes-Used: 6163 > < X-Container-Bytes-Used-Actual: 8192 > < Connection: close > < Content-Type: text/plain; charset=utf-8 > > > > -----Mensaje original----- > De: Yehuda Sadeh [mailto:[email protected]] Enviado el: martes, 09 de julio > de 2013 8:37 > Para: Alvaro Izquierdo Jimeno > CC: [email protected] > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > Can you try using 'HTTP-X-Container-Read' instead? > > On Mon, Jul 8, 2013 at 11:31 PM, Alvaro Izquierdo Jimeno > <[email protected]> wrote: >> Hi, >> >> I´m using RedHat 6.4. >> Attached two files: one with the log output from GET bucket1 from >> ytenant and the other with the log output from GET object1 from >> ytenant (both with 401 response) >> >> When I get the bucket (after the Put request with X-Container-Read >> header) from xtenant, I can see >> >> < HTTP/1.1 200 >> < Date: Tue, 09 Jul 2013 06:24:27 GMT >> < Server: Apache/2.2.15 (Red Hat) >> < Connection: close >> < Transfer-Encoding: chunked >> < Content-Type: text/plain; charset=utf-8 < >> Object1 >> * Closing connection #0 >> >> But, where is the X-Container-Read header? it should appear? Maybe the >> problem is saving the metadata header.... >> >> Thanks a lot, >> Álvaro >> >> >> >> -----Mensaje original----- >> De: Yehuda Sadeh [mailto:[email protected]] Enviado el: martes, 09 de >> julio de 2013 7:53 >> Para: Alvaro Izquierdo Jimeno >> CC: [email protected] >> Asunto: Re: [ceph-users] (keystone + radosgw ) users >> >> From what I can tell, this should be enough. I'll need to see more concrete >> logs to figure out what went wrong though. >> >> Yehuda >> >> On Mon, Jul 8, 2013 at 10:47 PM, Alvaro Izquierdo Jimeno >> <[email protected]> wrote: >>> Any idea? >>> >>> Thanks a lot, >>> Álvaro. >>> >>> -----Mensaje original----- >>> De: [email protected] >>> [mailto:[email protected]] En nombre de Alvaro >>> Izquierdo Jimeno Enviado el: viernes, 05 de julio de 2013 11:58 >>> Para: Yehuda Sadeh >>> CC: [email protected] >>> Asunto: Re: [ceph-users] (keystone + radosgw ) users >>> >>> Hi, >>> >>> Maybe i forgot something but i can't use this behavior: >>> >>> I will try to explain my setting: >>> >>> I have two keystone users: 'x' and 'y' >>> And two keystone tenants: 'xtenant' and 'ytenant' >>> >>> In ceph.conf I have the option: >>> rgw enforce swift acls = true >>> >>> I have got the token for x and xtenant with curl -k -X 'POST' -v >>> http://mykeystone:5000/v2.0/tokens -d >>> '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, >>> "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json' >>> >>> Create a container (with permissions to ytenant) and an object curl >>> -v -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: >>> x_token' http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H >>> 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> I can get the container and object with x_token: >>> curl -v -X GET -H 'X-Auth-Token: x_token' >>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >>> x_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> until this moment, all ok. >>> >>> I have got the token for y and ytenant with >>> >>> curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d >>> '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, >>> "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json' >>> >>> But, radosgw returns a 401 when I try to get the container or the bucket: >>> curl -v -X GET -H 'X-Auth-Token: y_token' >>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >>> y_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> >>> What have I forgotten? >>> >>> Thanks and regards, >>> Álvaro. >>> >>> -----Mensaje original----- >>> De: Yehuda Sadeh [mailto:[email protected]] Enviado el: viernes, 05 >>> de julio de 2013 8:39 >>> Para: Alvaro Izquierdo Jimeno >>> CC: [email protected] >>> Asunto: Re: [ceph-users] (keystone + radosgw ) users >>> >>> The rados gateway supports swift form of ACLs on buckets in which it is >>> possible to set read/write permissions for each bucket to allow access for >>> its objects. This can be done by setting the X-Container-Read, and >>> X-Container-Write attributes on the containers. >>> Each attribute is a comma delimited list of permitted users that are given >>> the specific permission. Note that when using the keystone backed, the >>> permissions are given at the tenant level, so they should be referred as >>> such (using the tenant hex id). >>> >>> On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno >>> <[email protected]> wrote: >>>> May anybody help me? >>>> >>>> >>>> >>>> Many thanks and regards, >>>> >>>> Álvaro. >>>> >>>> >>>> >>>> >>>> >>>> De: [email protected] >>>> [mailto:[email protected]] En nombre de Alvaro >>>> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30 >>>> Para: [email protected] >>>> Asunto: [ceph-users] (keystone + radosgw ) users >>>> >>>> >>>> >>>> Hi all, >>>> >>>> >>>> >>>> I have been able to bind openstack keystone and radosgw and have >>>> checked users created from keystone can make requests on radosgw. >>>> >>>> >>>> >>>> But, how can we handle several tenants and users from keystone? In >>>> swift, we have the option of setting up ACLs in the config file and >>>> headers to mark which user can make an operation in each container >>>> in a specific tenant (for example). Does it exist that option with radosgw >>>> instead of swift? >>>> >>>> >>>> >>>> Many thanks in advanced and best regards, >>>> >>>> Álvaro. >>>> >>>> >>>> >>>> >>>> >>>> >>>> ____________ >>>> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA >>>> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com >>>> >>>> >>>> _______________________________________________ >>>> ceph-users mailing list >>>> [email protected] >>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>>> >>> ____________ >>> Verificada la ausencia de virus por G Data AntiVirus >>> Versión: AVA 22.10718 del 05.07.2013 >>> Noticias de virus: www.antiviruslab.com >>> _______________________________________________ >>> ceph-users mailing list >>> [email protected] >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> ____________ >>> Verificada la ausencia de virus por G Data AntiVirus >>> Versión: AVA 22.10827 del 09.07.2013 >>> Noticias de virus: www.antiviruslab.com >> >> ____________ >> Verificada la ausencia de virus por G Data AntiVirus >> Versión: AVA 22.10829 del 09.07.2013 >> Noticias de virus: www.antiviruslab.com > > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10829 del 09.07.2013 > Noticias de virus: www.antiviruslab.com > > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10829 del 09.07.2013 > Noticias de virus: www.antiviruslab.com _______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
