Special Metadata: Container ACLs

A particularly important metadata element for containers is X-Container-Read, which establishes the ACL permissions on who can read objects in the container. Prior to being set, the ACL logic default to only be accessible to someone with a valid X-Auth-Token for the account in question. Doing a simple listing of a container shows us the absence of X-Container-Read in this default situation:

 

Example 3.14. cURL List Container Showing Lack of ACL

$ curl –X GET -i \
    -H "X-Auth-Token: fc81aaa6-98a1-9ab0-94ba-aba9a89aa9ae" \
    https://storage.swiftdrive.com/v1/CF_xer7_343/jerry
HTTP/1.1 204 No Content
X-Container-Object-Count: 0
X-Container-Bytes-Used: 0
Accept-Ranges: bytes
X-Trans-Id: tx3aa52e951fc64b63bc1fda27902b9bd3
Content-Length: 0
Date: Tue, 15 Nov 2011 03:29:22 GMT

Now we'll set the X-Container-Read. For a full explanation of valid values, see: http://swift.openstack.org/misc.html#acls but for our simple needs, we'll enable read access and listing access to anybody:

 

Example 3.15. cURL Setting an ACL on a Container

$ curl –X PUT -i \
    -H "X-Auth-Token: fc81aaa6-98a1-9ab0-94ba-aba9a89aa9ae" \
    -H "X-Container-Read: .r:*,.rlistings" \
    https://storage.swiftdrive.com/v1/CF_xer7_343/jerry
HTTP/1.1 202 Accepted
Content-Length: 58
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txf2befb56b1854a50995f710f2db48089
Date: Tue, 15 Nov 2011 03:33:16 GMT

202 Accepted

The request is accepted for processing.

To see the metadata change, do a listing again:

 

Example 3.16. cURL List Container Showing with an ACL

$ curl –X GET -i \
    -H "X-Auth-Token: fc81aaa6-98a1-9ab0-94ba-aba9a89aa9ae" \
    https://storage.swiftdrive.com/v1/CF_xer7_343/jerry
HTTP/1.1 204 No Content
X-Container-Object-Count: 0
X-Container-Read: .r:*,.rlistings
X-Container-Bytes-Used: 0
Accept-Ranges: bytes
X-Trans-Id: txb40eb86d949345f7bc66b01e8b63c3a5
Content-Length: 0
Date: Tue, 15 Nov 2011 03:33:36 GMT

The side effect of giving anybody read access is that any object in the container is now accessible from a browser simply by entering the X-Storage-URL used throughout the session and append the object name. For example:

https://storage.swiftdrive.com/v1/CF_xer7_343/jerry/cereal.jpg

would be the URL of an object named "cereal.jpg" in the container "jerry" that has been made publicly accessible using this method.

Log a bug against this page


loading table of contents...