ACLs
You can set ACL on your containers to share some objects with other projects, users or set them public.
By default all containers are private.
Note
Contrary to Compute Service, Access Rules based on METHOD (GET/POST/...) and PATH (/mycontainer_path) isn't supported by the Object Storage yet. s3.pub1.infomaniak.cloud doesn't support S3 Bucket policy.
Public access (read)
To set a container available without authentication (public) you need to add read acls:
taylor@laptop:~ (pub1|taylor)$ swift post -r '.r:*,.rlistings' public
We can verify acls with stat command:
taylor@laptop:~ (pub1|taylor)$ swift stat --lh public
Account: AUTH_f3bf1cfd60fd405dae6a4392c8a91746
Container: public
Objects: 1
Bytes: 8.7M
Read ACL: .r:*,.rlistings
Write ACL:
You can now access to your objects without authentication, and also list files into your container:
$ curl "https://s3.pub1.infomaniak.cloud/object/v1/AUTH_f3bf1cfd60fd405dae6a4392c8a91746/public/"
eBooks/Cuisine/Les Crêpes du Monde.pdf
Sharing a container with another user (read)
User1 wants to share a container with User2:
User1 creates a container mycontainer
and upload myobject
taylor@laptop:~$ swift post mycontainer
taylor@laptop:~$ swift upload mycontainer myobject
There's no Read/Write ACLs yet :
taylor@laptop:~$ swift stat mycontainer
Account: AUTH_d1440aa24a65411fb9bac2b842c8defa
Container: mycontainer
Objects: 0
Bytes: 0
Read ACL:
Write ACL:
Sync To:
Sync Key:
Content-Type: text/plain; charset=utf-8
X-Timestamp: 1700554155.93823
Last-Modified: Tue, 21 Nov 2023 08:09:16 GMT
Accept-Ranges: bytes
X-Storage-Policy: Policy-0
Vary: Accept
X-Trans-Id: txb375f43bb39647c6afb0d-00655c65b6
X-Openstack-Request-Id: txb375f43bb39647c6afb0d-00655c65b6
Strict-Transport-Security: max-age=63072000
User1 allows User2 to list mycontainer
using User2 ID:
swift post --read-acl "*:d15d0aa132ae4493b0dc69803fe011d2" mycontainer
There ar now ACLs:
taylor@laptop:~$ swift stat mycontainer
Account: AUTH_4398a851e0ce43c0955990d801901942
Container: mycontainer
Objects: 0
Bytes: 0
Read ACL: *:d15d0aa132ae4493b0dc69803fe011d2
Write ACL:
Sync To:
Sync Key:
Content-Type: text/plain; charset=utf-8
X-Timestamp: 1700555495.69946
Last-Modified: Tue, 21 Nov 2023 08:32:44 GMT
Accept-Ranges: bytes
X-Storage-Policy: Policy-0
Vary: Accept
X-Trans-Id: tx0ee5c133104747d0832cf-00655c6b2d
X-Openstack-Request-Id: tx0ee5c133104747d0832cf-00655c6b2d
Strict-Transport-Security: max-age=63072000
User2 can now list mycontainer
content using User1 Storage URL (can be retrieved with the command swift auth
):
swift --os-storage-url=https://s3.pub1.infomaniak.cloud/object/v1/AUTH_d1440aa24a65411fb9bac2b842c8defa list mycontainer
myobject
To remove the access:
swift post --read-acl "" mycontainer