Home > openstack > Download from swift container as anonymous user

Download from swift container as anonymous user

Whenever, we interact with openstack swift, we need a token  from keystone (or other auth mechanism) to communiate with swift. When we use python swift client (swift command), swiftclient do this this for us.

 

Essentially, the following two command are equivalent whereas in the 2nd command, some env variable values are explicitly used.

 

swift list

swift –os-username=admin –os-password=nova –os-auth-url=http://10.0.2.15:5000/v2.0 list

So, when ever, we are using swift command (ex. swift list), these values must be set.

 

Downloading a object from swift as anonymous user:

whenever, we want to download an object stored in swift (say object url is $URL) and issue command like

wget $URL

or browse by a browser

The user in this case is anonymous  and if  swift container (the object you are trying to access lives) is not set to be readable by all, you will get a authorization error like the following:

 

 

 wget http://10.0.2.15:8080/v1/AUTH_d2fe89700187466788254040424961e3/zeropy/index.html
 --2014-06-21 07:41:21--  http://10.0.2.15:8080/v1/AUTH_d2fe89700187466788254040424961e3/zeropy/index.html
 Connecting to 10.0.2.15:8080... connected.
 HTTP request sent, awaiting response... 401 Unauthorized
 Authorization failed.</p>
 

If we see the container stat, we can see the ACL associated with the container.

 stack@precise64:~/zebra/helloworld/helloworld$ swift stat zeropy
        Account: AUTH_d2fe89700187466788254040424961e3
     Container: zeropy
    Objects: 11
       Bytes: 56373
     Read ACL: 
     Write ACL:
       Sync To:
      Sync Key:
  Accept-Ranges: bytes
 X-Storage-Policy: Policy-0
    X-Timestamp: 1403326759.56491
    X-Trans-Id: tx2478c8bb7f354dd184526-0053a5380e
   Content-Type: text/plain; charset=utf-8 

  

 

Note that, nothing is set for Read ACL  (line 6)  / and     Write ACL (line 7).

 

In order to set the read ACL so that everyone can read the container ‘zeropy’ use the following command:

swift post -r “.r:*” zeropy

This time, if we check, swift stat zeropy, it looks like

 stack@precise64:~/zebra/helloworld/helloworld$ swift stat zeropy
 Account: AUTH_d2fe89700187466788254040424961e3
 Container: zeropy
 Objects: 11
 Bytes: 56373
       Read ACL: .r:* 
   Write ACL:
     Sync To:
     Sync Key:
  Accept-Ranges: bytes
    X-Trans-Id: tx658862dbb9d0464781c83-0053a53ab0
 X-Storage-Policy: Policy-0
  X-Timestamp: 1403326759.56491
  Content-Type: text/plain; charset=utf-8 

 

Note the Read ACL (line 6)

now, if you do, wget $URL

You will get the file without authorization error.

Advertisements
Categories: openstack
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: