OpenStack-Ansible

Bug #1800637
Comment #3

Comment 3 for bug 1800637

Revision history for this message

Florian Haas (fghaas) wrote on 2018-10-30:

Quick before/after illustration using public read ACLs as an example:

Failure before applying patch:

$ swift post foobar
$ touch test
$ swift upload foobar test
test
$ swift post -r ".r:*" foobar
$ curl -i 'http://192.168.122.101:8080/swift/v1/foobar/test'
HTTP/1.1 403 Forbidden
Content-Length: 12
X-Trans-Id: tx00000000000000000001d-005bd8cd7d-4e0b-default
X-Openstack-Request-Id: tx00000000000000000001d-005bd8cd7d-4e0b-default
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 30 Oct 2018 21:30:37 GMT

AccessDenied

Apply patch:

$ git checkout bug-1800637-rocky
$ sudo openstack-ansible playbooks/ceph-rgw-install.yml
[...]

Repeat curl command, now with the AUTH_<tenant_id>:

$ curl -i 'http://192.168.122.101:8080/swift/v1/AUTH_efa36c21034144948ef39964a9d887e2/foobar/test'
HTTP/1.1 200 OK
Content-Length: 0
Accept-Ranges: bytes
Last-Modified: Tue, 30 Oct 2018 21:29:36 GMT
X-Timestamp: 1540934976.93130
etag: d41d8cd98f00b204e9800998ecf8427e
X-Trans-Id: tx00000000000000000000e-005bd8cea0-4e2b-default
X-Openstack-Request-Id: tx00000000000000000000e-005bd8cea0-4e2b-default
Content-Type: binary/octet-stream
Date: Tue, 30 Oct 2018 21:35:28 GMT