privileged metadata access for cross-project ACL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
New
|
Undecided
|
Unassigned |
Bug Description
https:/
states that "a container ACL does not allow access to privileged metadata (such as X-Container-
This is understandable since sensitive things are stored using "privileged" metadata (including ACL themselves IIUC).
But one useful use of "privileged metadata" is "Temp-Url-Key". The fact that we can use them using an application credentials (or any means relying upon container ACL) is really limiting.
I strongly suggest that cross-project ACL read-access may **conditionally** allow for **some** privileged metadata (Temp-Url-Key" in mind).
https:/
An intermediary permission between "admin" and "read" would be adequate here: Allow some privileged metadata to be available as part of the read access.