Thanks for the quick response Chmouel.
Heres how we miss-achieve the deletion of and account being in the operator_roles.
Again, we are using SWIFT 1.7.4 (Folsom release) with the essex keystone middleware 2012.1.4 since we are hiting a keystone/essex service.
1 - Our proxy-server.conf file, were you can see in the keystoneauth section, the operator_roles line composed by admin, and swiftoperator roles.
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
set log_name = swift-proxy-server
set log_facility = LOG_LOCAL0
set log_level = DEBUG
set access_log_name = swift-proxy-server
set access_log_facility = LOG_LOCAL0
set access_log_level = DEBUG
set log_headers = True
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cache]
use = egg:swift#memcache
set log_name = cache
memcache_servers = 172.16.177.253:11211,172.16.177.254:11211
[filter:proxy-logging]
use = egg:swift#proxy_logging
2 - In the token and user section from the result of a "get token" operation you can see that the user mvenesio has the swiftoperator role, as well as the swift url at the endpoints section.
3 - So, here we will use the mvenesio user to check the existence of the "AUTH_1bf1f1b69a864abb84ed8a1bc82cff21" account who has a few containers inside, then we can DELETE the account, and we will not be able to recreate it until the recaim_age time
Thanks for the quick response Chmouel.
Heres how we miss-achieve the deletion of and account being in the operator_roles.
Again, we are using SWIFT 1.7.4 (Folsom release) with the essex keystone middleware 2012.1.4 since we are hiting a keystone/essex service.
1 - Our proxy-server.conf file, were you can see in the keystoneauth section, the operator_roles line composed by admin, and swiftoperator roles.
cat /etc/swift/ proxy-server. conf
[DEFAULT]
bind_port = 8080
workers = 16
user = swift
log_name = swift-proxy-server
log_facility = LOG_LOCAL0
log_level = DEBUG
log_headers = True
log_address = /dev/log
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-logging proxy-server
[app:proxy-server] management = true
use = egg:swift#proxy
allow_account_
account_autocreate = true
set log_name = swift-proxy-server
set log_facility = LOG_LOCAL0
set log_level = DEBUG
set access_log_name = swift-proxy-server
set access_log_facility = LOG_LOCAL0
set access_log_level = DEBUG
set log_headers = True
[filter: healthcheck] healthcheck
use = egg:swift#
[filter: catch_errors] catch_errors
use = egg:swift#
[filter:cache] 177.253: 11211,172. 16.177. 254:11211
use = egg:swift#memcache
set log_name = cache
memcache_servers = 172.16.
[filter: keystoneauth] keystoneauth
use = egg:swift#
operator_roles = admin, swiftoperator
is_admin = true
[filter:authtoken] factory = keystone. middleware. auth_token: filter_ factory melicloud. com melicloud. com 177.253: 11211,172. 16.177. 254:11211
paste.filter_
service_protocol = http
service_host = essexkeystone.
service_port = 5000
auth_protocol = http
auth_host = essexkeystone.
auth_port = 35357
admin_tenant_name = swift
admin_user = swiftAdmin
admin_password = xxxxxxxxx
delay_auth_decision = 1
token_cache_time = 43200
memcache_servers = 172.16.
[filter: proxy-logging] proxy_logging
use = egg:swift#
2 - In the token and user section from the result of a "get token" operation you can see that the user mvenesio has the swiftoperator role, as well as the swift url at the endpoints section.
{
"endpoints" : [
{
"adminURL" : "http:// 172.16. 1.84:8080/",
"internalURL ": "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21",
"publicURL" : "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21",
"region" : "SwiftRegion"
}
"endpoints_ links": [],
"name" : "swift",
"type" : "object-store"
"expires" : "2013-05- 14T16:53: 22Z", fc97602692096d5 e98",
"tenant" : {
"description" : null,
"enabled" : true,
"id": "1bf1f1b69a864a bb84ed8a1bc82cf f21",
"name" : "cloudbuilders" cea5b7b33cd9c18 adf",
"roles" : [
" id": "6626d07a39e741 5fbad7d51d99b13 0a8",
" name": "cloudadmin"
" id": "cc04c30d58b646 cba087a1e55093f 8dc",
" name": "asoc_cloudbuil ders"
" id": "98d21d4ee2624b a182e310f84fb7b 120",
" name": "swiftoperator"
"roles_ links": [],
"username" : "mvenesio"
],
},
],
"token": {
"id": "8ff060e2e2d54c
}
},
"user": {
"id": "28db445c87aa48
"name": "mvenesio",
{
},
{
},
{
}
],
}
}
}
3 - So, here we will use the mvenesio user to check the existence of the "AUTH_1bf1f1b69 a864abb84ed8a1b c82cff21" account who has a few containers inside, then we can DELETE the account, and we will not be able to recreate it until the recaim_age time
mvenesio@maxbox:~# curl -X GET -H "X-Auth-Token: 8ff060e2e2d54cf c97602692096d5e 98" "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21" -I Object- Count: 0 Bytes-Used: 0 Container- Count: 4 9568b159ccb1893 d8ed
HTTP/1.1 200 OK
X-Account-
X-Timestamp: 1343764253.09865
X-Account-
X-Account-
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx7dbc8d47fe1e4
Date: Mon, 13 May 2013 17:15:54 GMT
mvenesio@maxbox:~# curl -X GET -H "X-Auth-Token: 8ff060e2e2d54cf c97602692096d5e 98" "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21"
test1
test2
test3
test4
mvenesio@maxbox:~# curl -X DELETE -H "X-Auth-Token: 8ff060e2e2d54cf c97602692096d5e 98" "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21"
404 Not Found
The resource could not be found.
mvenesio@maxbox:~# curl -X GET -H "X-Auth-Token: 8ff060e2e2d54cf c97602692096d5e 98" "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21" -I 1478935f455bb16 0784
HTTP/1.1 403 Forbidden
Content-Length: 16
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx1b2d6ae7dba14
Date: Mon, 13 May 2013 17:16:22 GMT
mvenesio@maxbox:~# curl -X GET -H "X-Auth-Token: 8ff060e2e2d54cf c97602692096d5e 98" "http:// 172.16. 1.84:8080/ v1/AUTH_ 1bf1f1b69a864ab b84ed8a1bc82cff 21"
Recently deleted
mvenesio@maxbox:~#