I think what you want is container ACLs for a given user (e.g using
devstack Kilo):
$ openrc user1 project1
$ swift post -r 'project2:user2' con1
$ swift stat con1
Account: AUTH_f399252f66574ea58ab465b3f8a4a2aa
Container: con1
Objects: 1
Bytes: 483
Read ACL: project2:user2
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx911050b8b0d942438cafb-005671e319
X-Storage-Policy: Policy-0
Connection: keep-alive
X-Timestamp: 1450302870.18860
Content-Type: text/plain; charset=utf-8
$ swift list con1
file1
$ . openrc user2 project2
$ swift list con1
file2 <=== sees contents of own con1
$ swift list
--os-storage-url='http://localhost:8080/v1/AUTH_f399252f66574ea58ab465b3f8a4a2aa'
con1
file1 <=== sees contents of project1 con1
Note that we have to tweak the storage url to list project1's container.
Regards
Mark
On 09/12/15 08:13, LucyGe wrote:
Hi all,
I have a question about swift object storage. So I found out the container
creation is within the scope of a project, which means different projects can
have same container name created.
e.g.
Project 1 - user1 create “container1”
Project 2 - user2 create “container1”
this is allowed
So my question is, can user2 access user1’s container1 without making Project
1’s container1 “Public”, just user1 grant user2 permission for access to
Project 1’s container1. Is it supported in the current Openstack swift
implementation?
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
