OpenStack Object Storage (swift)

swift_auth should support ACL's with tenant_id:user_id

Bug #1020709 reported by Dan Prince
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Fix Released
Undecided
Kun Huang
OpenStack Object Storage (swift) 1.9.0

Bug Description

The swift_auth middleware should support individual user ACL's in the user_id:tenant_id format.

Swift_auth middleware currently supports:

username:tenant_id
username: tenant_name

I'd like to be able to use user_id:tenant_id as well (to avoid having hard coded usernames in my Swift object permissions).

Dan Prince (dan-prince)
Changed in keystone:
assignee: nobody → Dan Prince (dan-prince)
importance: Undecided → High
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/9289

Dan Prince (dan-prince)
summary: - swift_auth should support access with tenant_id:user_id
+ swift_auth should support ACL's with tenant_id:user_id
Dan Prince (dan-prince)
Changed in swift:
assignee: nobody → Dan Prince (dan-prince)
status: New → In Progress
Dan Prince (dan-prince)
no longer affects: keystone
Revision history for this message
Kun Huang (academicgareth) wrote :

tenant_name:user_name ok
tenant_name:user_id bad
tenant_id:user_name ok
tenant_id:user_id you want to fix

This is more simple

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to swift (master)

Fix proposed to branch: master
Review: https://review.openstack.org/22820

Changed in swift:
assignee: Dan Prince (dan-prince) → Kun Huang (academicgareth)
John Dickinson (notmyname)
Changed in swift:
milestone: none → 1.9.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.openstack.org/22820
Committed: http://github.com/openstack/swift/commit/58a095b93e1e6f742e619a100e8cec693bc41dad
Submitter: Jenkins
Branch: master

commit 58a095b93e1e6f742e619a100e8cec693bc41dad
Author: Kun Huang <email address hidden>
Date: Tue Mar 26 13:20:09 2013 +0800

    Improve swift's keystoneauth ACL support

    Below three bug reports talk about one thing.
    Current keystoneauth ACL supports as:

    tenant_name:user_id ok
    tenant_name:user_name no
    tenant_name:* no
    tenant_id:user_id ok
    tenant_id:user_name no
    tenant_id:* no
    *:user_id ok
    *:user_name no
    *:* no

    This patch will make all of above work fine.
    Applying (tenant/user)name could let user put or get their data in a
    more readable way. The tenant_name:* and *:user_name is suitable for
    many usage.

    note: to keep compatibility here add a new keystone.identity just for
    authorize() itself and leave env['keystone.identity'] to other
    middlerwares.

    Fixes: bug #1020709
    Fixes: bug #1075362
    Fixes: bug #1155389
    Change-Id: I9354dedaad875117f6a9072c67e9ecf69bfca77e

Changed in swift:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in swift:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.