I've reproduced an eventual consistency issue with container on swift 1.4.3, that may present a swcurity concern,
I think reidrac (see #openstack-dev @ ~ 2011-08-26T11) has used a newer version to also repro it.
If a container with ACLS is deleted and promptly recreated, it retains its ACL settings.
orrigac@corrigac-z400:~/swiftcmds$ swift list
backup
id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
Container: id
Objects: 1
Bytes: 91
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx021ecbb6ad10465ca6104f77546eb27a
corrigac@corrigac-z400:~/swiftcmds$ swift post -r* id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
Container: id
Objects: 1
Bytes: 91
Read ACL: *
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx2603dee3abb944fd8b5b946e81f26958
corrigac@corrigac-z400:~/swiftcmds$ swift delete id
tmp/myid
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Container 'id' not found
corrigac@corrigac-z400:~/swiftcmds$ swift upload id myid
myid
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
Container: id
Objects: 1
Bytes: 172
Read ACL: *
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx4abdf56ec54e4fad9cdc8b6efd9b0f75
corrigac@corrigac-z400:~/swiftcmds$ swift post "-r " id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
Container: id
Objects: 0
Bytes: 0
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx4addacc688f24f44b6292c81393b34d3
corrigac@corrigac-z400:~/swiftcmds$ swift delete id
corrigac@corrigac-z400:~/swiftcmds$ swift post id
corrigac@corrigac-z400:~/swiftcmds$ swift stat id
Account: AUTH_0be52345-32cc-4bab-bbf6-38b30d7a0f82
Container: id
Objects: 0
Bytes: 0
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Trans-Id: tx6bcf137363004eccabfe2cd23c636f1c
This is actually a bug, not a consistency issue. The bug is that the metadata isn't explicitly cleared when the container is marked deleted. So if a PUT comes in before the reclaimer deletes the db, all of the container metadata gets resurrected.