OpenStack Object Storage (Swift)

World readable access to segmented object produces 401, even if _segments is also world readable.

Reported by Byron McCollum on 2012-11-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
High
Unassigned

Bug Description

So, seems I've stumbled across something that used to work in Essex, but is no longer working in Folsom. Using the swift tool, upload a segmented object to a container with a `.r:*` read ACL. Accessing the object anonymously produces a 401 as expected, as the segments are in the companion _segments container. After giving `.r:*` access to the _segments container, anonymous access to the segmented object used to work. In Folsom, it continues to produce a 401.

John Dickinson (notmyname) wrote :

For the time being (ie until this bug is resolved either through a change in behavior or an update to the docs), enable .rlistings on the _segements container. This will allow the anonymous manifest requests to work.

Changed in swift:
status: New → Confirmed
importance: Undecided → High
Dae S. Kim (daeskp) wrote :

As far as I've seen, this "bug" is present on TempAuth, if it is a bug at all. The problem is that a GET request on a manifest file in turn gets a listing of the _segments container. Of course, this is to guess which segments compose the requested object. However, without setting '.rlisting' on the _segments container, the listing cannot be retrieved anonymously.

One way to address this could be to allow the segments to inherit the read permissions of the manifest file. That is, if we have read permissions on the manifest file, we should be able to list and get the segments. I exemplify this behavior in the attached patch.

Perhaps a less radical solution is to make the swift tool set '.rlisting' on _segments by default.

Dae S. Kim (daeskp) wrote :

'.rlistings', not '.rlisting'. Sorry about that :D

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers