Description: Make container public-readable, and access the object anonymously, e.g. using another user credentials is raising 403(forbidden) exception while trying to GET the object after making the container public-readable.
Steps followed:
1. Create container
2. Update Container metadata, providing this --> contHeaders = {'X-Container-Read': '.r:*,.rlistings'}
3. Creating object in the above container
4. Trying to Get Object with another user authToken as it is public readable, following is the data to GET
headers = {'X-Auth-Token': self.otherUserToken}
resp, body = self.custom_object_client.get_object(self.container_name, object_name, metadata=headers)
Result:
response
{'date': 'Tue, 18 Dec 2012 16:18:35 GMT', 'status': '403', 'content-length': '73', 'content-type': 'text/html; charset=UTF-8', 'x-trans-id': 'tx73ef5e1cbb3344e6b56d8722156c1644'}
content
<html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>
The same procedure using a swift command
Default creds.
root@Grizzly-machine2:/opt/stack/devstack# env | grep OS
OS_PASSWORD=root
OS_AUTH_URL=http://127.0.0.1:5000/v2.0
OS_USERNAME=demo
OS_TENANT_NAME=demo
OS_NO_CACHE=1
1. Create container with admin creds
swift post -r '.r:*' ACLContainer
2. Verifying the meatadata
swift stat ACLContainer1 -v
Account: AUTH_4109e789e0314fff84426c47ac36c34a
Container: ACLContainer
Objects: 0
Bytes: 0
Read ACL: .r:*
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Timestamp: 1355856841.98756
X-Trans-Id: tx76234dbbca7e41b5bba2539498deb4a9
Content-Type: text/plain; charset=utf-8
3.Object creation in the above container with same creds
swift upload ACLContainer /home/raj/.profile
4. Trying to GET object with another user auth token
curl -i http://10.233.52.230:8080/v1/AUTH_e6cfc64351a945fb98d874e9395d0a32?format=json -X GET -H "X-Auth-Token: MIIMCQYJKoZIhvcNAQcCoIIL+jCCC-YCAQExCTAHBgUrDgMCGjCCCuIGCSqGSIb3DQEHAaCCCtMEggrPeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMi0xMi0xOFQxODoxNTo1Ni41NTkxNTkiLCAiZXhwaXJlcyI6ICIyMDEyLTEyLTE5VDE4OjE1OjU2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImVuYWJsZWQiOiB0cnVlLCAiZGVzY3JpcHRpb24iOiBudWxsLCAibmFtZSI6ICJkZW1vIiwgImlkIjogIjM4OWUwMWM3NWM5YjQyYTNiNjk4NDljZmViYzkzZGE2In19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4Nzc0L3YyLzM4OWUwMWM3NWM5YjQyYTNiNjk4NDljZmViYzkzZGE2IiwgInJlZ2lvbiI6ICJSZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEwLjIzMy41Mi4yMzA6ODc3NC92Mi8zODllMDFjNzVjOWI0MmEzYjY5ODQ5Y2ZlYmM5M2RhNiIsICJpZCI6ICI2ZmE2YjIwYWM2NzM0ZTYxOTBmZGZjM2QyMjQ4YjhlYiIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzEwLjIzMy41Mi4yMzA6ODc3NC92Mi8zODllMDFjNzVjOWI0MmEzYjY5ODQ5Y2ZlYmM5M2RhNiJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAibm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjMzMzMiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDozMzMzIiwgImlkIjogImVhMzVkZGM5ZjI5YTQwMzZhY2Y5NTc1NzFkMDFiMjQ5IiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDozMzMzIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogInMzIiwgIm5hbWUiOiAiczMifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo5MjkyIiwgInJlZ2lvbiI6ICJSZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEwLjIzMy41Mi4yMzA6OTI5MiIsICJpZCI6ICIyMWY4ZjdkODIxZDY0MjcxODkyZjY0NDM2OGQ3MGI5ZSIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzEwLjIzMy41Mi4yMzA6OTI5MiJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJpbWFnZSIsICJuYW1lIjogImdsYW5jZSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjg3NzYvdjEvMzg5ZTAxYzc1YzliNDJhM2I2OTg0OWNmZWJjOTNkYTYiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4Nzc2L3YxLzM4OWUwMWM3NWM5YjQyYTNiNjk4NDljZmViYzkzZGE2IiwgImlkIjogIjM3NTlkYzM2NmJmNjRiNzc4MTUxNTBjYTU3OTY4ZGE3IiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4Nzc2L3YxLzM4OWUwMWM3NWM5YjQyYTNiNjk4NDljZmViYzkzZGE2In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogInZvbHVtZSIsICJuYW1lIjogImNpbmRlciJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjg3NzMvc2VydmljZXMvQWRtaW4iLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4NzczL3NlcnZpY2VzL0Nsb3VkIiwgImlkIjogIjRmN2Y2Y2IzYTczZTQwMjViZTZiMjgzOTZlNGFiMjA1IiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4NzczL3NlcnZpY2VzL0Nsb3VkIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImVjMiIsICJuYW1lIjogImVjMiJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjgwODAiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo4MDgwL3YxL0FVVEhfMzg5ZTAxYzc1YzliNDJhM2I2OTg0OWNmZWJjOTNkYTYiLCAiaWQiOiAiMzFlMTU1ZTVlZTc2NDkwNjhmZTA3OGM5MzBlODRkNTgiLCAicHVibGljVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjgwODAvdjEvQVVUSF8zODllMDFjNzVjOWI0MmEzYjY5ODQ5Y2ZlYmM5M2RhNiJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJvYmplY3Qtc3RvcmUiLCAibmFtZSI6ICJzd2lmdCJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjM1MzU3L3YyLjAiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8vMTAuMjMzLjUyLjIzMDo1MDAwL3YyLjAiLCAiaWQiOiAiOTQwOGE3OWJhMDBiNDBlYWJmNjdhNTY1NzJlZjg0N2MiLCAicHVibGljVVJMIjogImh0dHA6Ly8xMC4yMzMuNTIuMjMwOjUwMDAvdjIuMCJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJpZGVudGl0eSIsICJuYW1lIjogImtleXN0b25lIn1dLCAidXNlciI6IHsidXNlcm5hbWUiOiAiZGVtbyIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiY2I0YzFiZWRhMzhlNGRjMDgzMGVlYTYxM2VhOGQxNWMiLCAicm9sZXMiOiBbeyJuYW1lIjogIk1lbWJlciJ9LCB7Im5hbWUiOiAiYW5vdGhlcnJvbGUifV0sICJuYW1lIjogImRlbW8ifSwgIm1ldGFkYXRhIjogeyJpc19hZG1pbiI6IDAsICJyb2xlcyI6IFsiZDRmMzNhZmU3NDlkNDNhN2IzZTVkNjFmYThhOWExZWQiLCAiYjVhNDcxYmM3YWI4NDE0N2EwNzk3YTY0MjY1NjJhZWIiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCg-dWgO7e-IW7v0tK+eAqw24lFTxv2GyCYpyTOixcZeORADFPSMIvNkC7X8fqnvtgPJ03YFcrXfFSqpHWQpmpkJ0+k63Yw3BMc+CJaiusg0qJp8vecGlIDskqHZkIX1kf0Progov7tiDJ5PbIyTCqidYamBNWj2xX25JfHBweagw=="
HTTP/1.1 403 Forbidden
Via: 1.1 HYSPROXY1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 73
Date: Tue, 18 Dec 2012 18:17:22 GMT
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txa30fe2e3adfb4db8b1b88c3bb95597e6
Thanks for the report! Please see the existing bug for more details.