OpenStack Object Storage (swift)

How to enumerate and access public containers

Asked by Travis W Kiel

I get how to set the ACL, but I dont get how one user would access a public container of another user, with or without auth. Could somebody give an example as to how to enumerate or just access an object in a public container directly?

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Solved by:
gholt
Solved:
Last query:
Last reply:
Revision history for this message
Best gholt (gholt) said : 		#1

Normally a user of a Swift cluster would authenticate with an external auth server, obtain a token, and use that token with their Swift requests. But, with a fully public container, no auth token is required; the user just needs to know the URL to the container/object.

Here's an example using curl:

User 1 creates a public container and object:

  Create public container:
  curl -X PUT -H 'X-Auth-Token: AUTH_tk3439b9c56c5447c3990e4fe3cf2ad416' -H 'X-Container-Read: .r:*' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container

  Upload object to the container:
  curl -X PUT -H 'X-Auth-Token: AUTH_tk3439b9c56c5447c3990e4fe3cf2ad416' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object --data-binary 'test'

User 1 gives User 2 the URL to the object: http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object and so User 2 can just download that:

  Download object with no auth token:
  curl http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object

Here's another user grabbing the same URL, but using their auth token though they don't have to:

  curl -H 'X-Auth-Token: AUTH_tkc93093898d4742778f48bcfb3ee9ad99' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object

Revision history for this message
gholt (gholt) said : 		#2

Ah, I just noticed now that you specified "enumerate ... public containers" as well. Currently there is no way to do that. A user that is sharing their container(s) must give you the URLs for those containers themselves.

Revision history for this message
Travis W Kiel (twkiel) said : 		#3

Thanks gholt, that solved my question.

Revision history for this message
sujay (sujay-m17) said : 		#4

Hi ghlot, thanks for the info.

I have a
Host - Ubuntu Desktop
Guest - Ubuntu 12.04 server inside the Host as a VM with IP 192.168.56.10

I tried to access the above URL from the Host

curl http://192.168.56.10:8080/v1/AUTH_test/public_container/public_object

but it is giving curl: (7) couldn't connect to host error.

Should i make any configuration changes? Please correct me and why is it not connecting