OpenStack Object Storage (Swift)

Account ACLs support

Registered by David Hadas on 2013-04-17

Swift today can be extended using authorization middleware offering access control using container level ACLs, which control object manipulation and listing.

Swift deviates from this approach when it comes to container manipulation and listing, where account level ACLs are not supported.
Instead Swift offers limited support using a concept of account ownership.
Swift should be extended to allow the development of authorization middleware offering access control using account level ACLs.

ACLs suggested way forward:
1. Complete the info work - to have a more unified path to getting and retriving a/c info from a/c DBs
2. Add support for Account ACLs along the line of Container ACLs (look for code reuse)

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
David Hadas
Definition:
Approved
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
John Dickinson on 2013-09-10
Completed by
John Dickinson on 2014-04-03

Related branches

Sprints

Whiteboard

Steps in the implementation of this feature included:
1. Refactoring account autocreate
2. Refactoring the way info is collected and cached for containers and accounts
3. Adding the actual account acls to the account info and propagating them to the authorization middleware in the same way done today to containers.

Gerrit topic: https://review.openstack.org/#q,topic:bp/account-acls,n,z

Addressed by: https://review.openstack.org/32808
    Account ACLs

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.