Skip to content

chmouel/swift-keystone2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
swiftkeystone2
swiftkeystone2
 
 
.gitignore
.gitignore
 
 
README
README
 
 
setup.py
setup.py
 
 

Repository files navigation

* proxy-server.conf

[pipeline:main]
pipeline = catch_errors healthcheck cache keystone2 proxy-server

[....]

[filter:keystone2]
use = egg:swiftkeystone2#keystone2
keystone_admin_token = token_admin_set_in_your_keystone
keystone_url = http://host:port/v2.0

* keystone users:

    # user1 in group admin -- can manage the Account
    # user2 in group lovers
    # user3 in no groups
    keystone-manage tenant add users
    keystone-manage role add lovers
    keystone-manage user add user1 secrete users
    keystone-manage user add user2 secrete users
    keystone-manage user add user3 secrete users
    keystone-manage role grant Admin user1
    keystone-manage role grant lovers user2

* Create container with user2 == denied

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user2 -K secrete post testcontainer                  
Container POST failed: http://proxy01:8080/v1/AUTH_2/testcontainer 403 Forbidden

* Create container with user1 == accepted (since in group admin)

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user1 -K secrete post testcontainer

* Set acl of the container to lovers :

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user1 -K secrete post testcontainer -r 'lovers'

* Read ACL:

-$  /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user1 -K secrete stat testcontainer            
  Account: AUTH_2
Container: testcontainer
  Objects: 0
    Bytes: 0
 Read ACL: lovers
Write ACL: 
  Sync To: 
 Sync Key: 
Accept-Ranges: bytes
X-Trans-Id: txd0bdc6968a144f8a9a525628d4fe5dfc

* Upload object with user1

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user1 -K secrete upload testcontainer  /etc/issue

* Read it with user2 (accepted since in group lovers)

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user2 -K secrete download testcontainer etc/issue -o-
Ubuntu 11.04 \n \l

* Read it with user3 (not acccepted since not in group lovers) :

-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user3 -K secrete download testcontainer etc/issue -o-
Object GET failed: http://proxy01:8080/v1/AUTH_2/testcontainer/etc/issue 403 Forbidden

* Set Write ACL to group lovers
-$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user1 -K secrete post testcontainer -w 'lovers'

* Upload with user2 (allowed since in group lovers)
$ /usr/local/bin/swift -A http://localhost:5000/v1.0 -U user2 -K secrete upload testcontainer /etc/issue.net 
etc/issue.net

About

swift keystone middleware

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published