swift_auth middleware disallows access to public Swift URLs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
High
|
Chmouel Boudjnah |
Bug Description
When using swift_auth middleware tenants are prevented from accessing URL's from outside there account even if they have been granted access via ACL or the access is public.
This should be a supported use case for using Swift with Keystone.
To reproduce:
Make a swift URL public:
swift post -r ".r:*" foo
And then try to access that URL with a different tenants auth code.
curl -i http://
Note: The URL above contains the initial tenants ID in the URL (40467cf149ac42
Changed in keystone: | |
assignee: | nobody → Dan Prince (dan-prince) |
importance: | Undecided → High |
status: | New → In Progress |
tags: | added: tempest |
Changed in swift: | |
status: | In Progress → Triaged |
Changed in swift: | |
assignee: | Dan Prince (dan-prince) → Chmouel Boudjnah (chmouel) |
Changed in swift: | |
milestone: | none → 1.8.0-rc1 |
status: | Fix Committed → Fix Released |
Changed in swift: | |
milestone: | 1.8.0-rc1 → 1.8.0 |
Fix proposed to branch: master /review. openstack. org/9290
Review: https:/