ACL not automatically replicated to _segments container
Bug #1581454 reported by
Alberto Colla
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Object Storage (swift) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
I have noticed that ACLs set on a container are not replicated to the container_segments container where files > 5GB are stored. So it happens that a user/tenant which has read access to the container cannot list or download big files until I post the same ACLs to _segments. Is it possible to have this feature enabled?
Revision history for this message
| Saverio Proto (zioproto) wrote | #1 |
Revision history for this message
| Matthew Oliver (matt-0) wrote | #2 |
| Changed in swift: | |
| status: | New → Won't Fix |
To post a comment you must log in.
Steps to reproduce the bug.
Create a container and give read permission to another tenant:
swift post mycontainer -r 'ext_tenant:*'
At this point the user from ext_tenant is able to list objects and download them, but only the objects stored in a single part. SLO objects will fail with 403.
swift --os-project-name ext_tenant \
--os-storage-url http://
After giving this additional read permission:
swift post mycontainer_
The user is able to read also objects that are segmented because larger than 5GB.
The user should not know about the existence of the mycontainer_