Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rackspace cloudfiles ACL only access #8959

Closed
cyberduck opened this issue Jul 30, 2015 · 7 comments
Closed

Rackspace cloudfiles ACL only access #8959

cyberduck opened this issue Jul 30, 2015 · 7 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Jul 30, 2015

7053040 created the issue

To Re-create:

  1. Using Rackspace cloud files create a user with zero access to anything (eg. my_user)
  2. Using cloud files ACL lists, grant access to a certain container (eg. /my_container) (http://docs.rackspace.com/files/api/v1/cf-devguide/content/Container_ACLs-d1e2222.html)
  3. Try to access that container (making sure to use 'More Options' and make sure that the path says /my_container

State

  • In version 4.3.1 (11010) - This works, you can list the folder contents and modify files
  • Using plain old curl it works.
  • In cyberduck versions later than 4.3.1 it doesn't work

More detailed instructions

Creating the restricted user

  1. Log in to https://mycloud.rackspace.com (sign up if you don't have a log in, it won't cost anything to create a single cloud files container and add a 1k file).
  2. Click 'Account' in the top right
  3. Click 'User Management'
  4. Click the 'Create User' button
  5. Make up a user name and password and security answer
  6. Under 'Product Access' choose 'No Access'
  7. Make up a name and email for them
  8. Click 'Create User' at the bottom of the form
  9. Take a note of the username and apikey for later

Creating the container

  1. Still in https://mycloud.rackspace.com - click Storage, Files
  2. Click 'Create Container' and give it a name
  3. Take a note of which DC it's in. (Example uses DFW).

Granting ACL to 'my_user'

Instead of using curl, I'm using httpie and jq as it's heaps easier:

Using the username and the API key of the Rackspace cloud ACCOUNT OWNER...

You can run this in bash, to grant 'my_user', access to 'my_container' in the DFW cloud files:

USER=admin
KEY=some_long_api_key
json=$(echo "{ \"auth\":{ \"RAX-KSKEY:apiKeyCredentials\":{ \"username\":\"${USER}\", \"apiKey\":\"${KEY}\" } } }" | http POST https://auth.api.rackspacecloud.com/v2.0/tokens)
token=$(echo $json | jq -r '.access | .token | .id')
auth="X-Auth-Token:$token"
url=$(echo $json | jq -r '.access | .serviceCatalog | .[] | select(.name ## "cloudFiles") | .endpoints | .[] | select(.region "DFW") | .publicURL')
http POST $url/my_container X-Container-Read:my_user X-Container-Write:my_user $auth

Now in Cyberduck 4.3.1 as 'my_user' you can list 'my_container', and upload to it, but in later versions you can't.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

~~ Can you please additionally open a ticket with Rackspace Support to get their input on this use case. We switched from legacy 1.0 devauth) to Keystone (2.0) authentication in version 4.4. As a workaround, please install the Openstack Swift (v1) profile. ~~

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

Additionally, please post the transcript from the log drawer (⌘-L).

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

Replying to [8959 matiu]:

Instead of using curl, I'm using httpie and jq as it's heaps easier:

brew install httpie jq

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

This could be the same issue as in #8517.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

Replying to [comment:9 dkocher]:

This could be the same issue as in #8517.
I can reproduce the issue.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

Replying to [8959 matiu]:

http POST $url/my_container X-Container-Read:my_user X-Container-Write:my_user $auth

You can easily set these headers in Metadata of the Info window in Cyberduck.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 31, 2015

@dkocher commented

Duplicate for #8517.

Loading

@cyberduck cyberduck closed this Jul 31, 2015
@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants