OpenStack Object Storage (swift)

How to add non-admin account in tempauth?

Asked by ken

Dear all,
  I have some question to add non-admin account in tempauth.

  root@proxy:/etc/swift# swift -A https://172.16.150.60:8080/auth/v1.0 -U test:tester3 -K testing3 stat
  Account HEAD failed: https://172.16.150.60:8080/v1/AUTH_system 403 Forbidden

 why test:tester3 account is forbidden ?
 Does anybody have the same problem?
 thanks all

  This is my proxy-server.conf as follows:
 =============
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:tempauth]
use = egg:swift#tempauth
user_system_root = testpass .admin https://172.16.150.60:8080/v1/AUTH_system
user_test_tester = testing .admin https://172.16.150.60:8080/v1/AUTH_system
user_test2_tester2 = testing2 .admin https://172.16.150.60:8080/v1/AUTH_system
user_test_tester3 = testing3 https://172.16.150.60:8080/v1/AUTH_system

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = 172.16.150.51:11211,172.16.150.52:11211
=================

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Chuck Thier (cthier) said : 		#1

Be default, non admin users have no access to the account. Access has to be granted by setting ACLs. See http://docs.openstack.org/developer/swift/misc.html#acls for more info.

Revision history for this message
ken (m9509201) said : 		#2

user_test_tester3 = testing3 .r:* https://172.16.150.60:8080/v1/AUTH_system

root@proxy:~# swift -A https://172.16.150.60:8080/auth/v1.0 -U test:tester3-K testing3 list
Account GET failed: http://172.16.150.60:8080/v1/AUTH_system?format=json 403 Forbidden 403 Forbidden

how to add acl configuration in /etc/swift/proxy-server.conf

Can you help with this problem?

Provide an answer of your own, or ask ken for more information if necessary.

To post a message you must log in.