Turns out, this is not expected. Thanks for filing this for us Matthew. https://bugs.launchpad.net/swift/+bug/1526575 -A
From: CTG User <[email protected]<mailto:[email protected]>> Date: Tuesday, December 15, 2015 at 6:07 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [Openstack-operators] [swift] private read ACL set on container_segments results in 401 Hello, I am looking for advice on an interesting case a customer of our swift cluster has come with. They have uploaded a large object (~5G) to a swift container "containerA". Swift broke this object into segments, creating a container for those segments "containerA_segments". If both containers are set to public, this object can be downloaded. They want this container to be private and only serve up content to a specific refer domain. So, they set the following ACL on "containerA" ".r:<secret-key>.example.com,.rlistings Where the secret-key is one their proxy re-directs requests to. Now, they can not get the object in containerA. Setting "containerA_segments" to the same ACL as containerA also does not work. We have found that the only way to access this object is to set the ACL on "containerA_segments" to public. This isn't desirable because it means the segments container is now public even though containerA is private. Is this expected? -Adam ________________________________ This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
