Account ACL in Swift is not supported with keystoneauth. It is not described in the keystone auth section of [1]. You can probably achieve similar by assigning the appropriate roles to users in keystone.
[1] http://docs.openstack.org/developer/swift/overview_auth.html Alistair From: Sampath, Lakshmi Sent: 19 February 2016 18:29 To: OpenStack Development Mailing List Subject: [openstack-dev] [swift] Account ACL with keystone auth Account ACL for allowing other accounts administration access to create containers looks to be accepting the request but doesn't seem to be persisting the information with keystone auth. For example if admin:admin user allows demo:demo "admin" access on its account, the following request succeeds but later when I try creating a container, using demo account in admin account it fails. As admin:admin user curl -X POST -i -H "X-Auth-Token: 57eb097f3b8e4c9e8a927a71c7f18e9c" -H 'X-Account-Access-Control: {"admin":["AUTH_demo"]}' http://127.0.0.1:8080/v1/AUTH_admin HTTP/1.1 204 No Content Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Trans-Id: txefcd03a9b0ea4c2ab28a3-0056c75dae Date: Fri, 19 Feb 2016 18:23:42 GMT As demo:demo user curl -XPUT -i -H "X-Auth-Token: 9173236daaa3470886410934c467fd7e" http://127.0.0.1:8080/v1/AUTH_admin/container1 HTTP/1.1 403 Forbidden Content-Length: 73 Content-Type: text/html; charset=UTF-8 X-Trans-Id: txbd54e9b8f5c64419bf689-0056c75c25 Date: Fri, 19 Feb 2016 18:17:09 GMT Is Account ACL supported using keystone auth? Thanks Lakshmi.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
