Hello, I am just beginning to learn Swift, and had a question about how access control using keystoneauth works. I noticed that the documentation here [1] says that:
"By default the only users able to perform operations (e.g. create a container) on an account are those having a Keystone role for the corresponding Keystone project that matches one of the roles specified in the operator_roles option." However I have built two Swift test clusters using Swift 2.2.0, one using Icehouse Keystone and one with Juno Keystone, and in both cases I can create a new user and tenant with no special role, and this new user and tenant is able to create new containers by default. Do I have things configured incorrectly? Here is the keystone section of /etc/swift/proxy-server.conf: [filter:keystone] use = egg:swift#keystoneauth operator_roles = admin, SwiftOperator is_admin = true cache = swift.cache -Jake [1] http://docs.openstack.org/developer/swift/overview_auth.html _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
