OpenStack Object Storage (swift)

set accaunt quota in swift

Asked by Bellantuono Daniel

When I try to set the account-quota with reseller admin i have this error:

~ # swift -V 2 -A http://???:5000/v2.0 -U reseller:reseller -K passwd post -m quota-bytes:1024000

Account POST failed: http://xxxxx:8888/v1/AUTH_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 403 Forbidden [first 60 chars of response] <html><h1>Forbidden</h1><p>Access was denied to this resource

swift/common/middleware/account_quotas.py

77 if request.environ.get('reseller_request') is True:
78 if new_quota and not new_quota.isdigit():
79 return HTTPBadRequest()
80 return self.app 80 return self.app

I am sure that the user is a ResellerAdmin but this condition "request.environ.get('reseller_request')" is never True:

Can you help me?
Thanks

My proxy-server.conf --> http://paste.openstack.org/show/37388/

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Solved by:
Kevin Shao
Solved:
Last query:
Last reply:
Revision history for this message
Best Kevin Shao (dysj4099) said : 		#1

Hi Bellantuono, I have solved the same problem by modify the swift/common/middleware/account_quotas.py

##################################
new_quota = request.headers.get('X-Account-Meta-Quota-Bytes')

#Add by kevin start
eccp_roles = request.environ.get('HTTP_X_ROLES', '')
if isinstance(eccp_roles, basestring):
    if (set(eccp_roles.split(',')) & set({'reseller','reseller_admin','ResellerAdmin'})):
        request.environ['reseller_request'] = True
#Add by kevin end

if request.environ.get('reseller_request') is True:
    if new_quota and not new_quota.isdigit():
        return HTTPBadRequest()
    return self.app
#################################

It seems that this part is not used for keystone.

Good luck

Revision history for this message
Bellantuono Daniel (kelfen) said : 		#2

Hi Kevin, Thanks a lot!
Account Quotas working properly now.

Revision history for this message
Bellantuono Daniel (kelfen) said : 		#3

Thanks Kevin Shao, that solved my question.