Issue 6962052: Introduce container ACLs (Closed)
DescriptionIntroduce container ACLs
The purpose of this branch is to support Swift container ACLs, allowing a public container to be set up to store the juju tools.
Containers which are public do not require authorisation tokens, and the setup workflow for accessing the container is different.
For a private container, the OpenStack client authenticates in order to not only get the authorisation token, but also the URLs
used to access the various service end points (incl swift). For public containers, we just want to be able to nominate the
swift URL directly. So the OpenStack client implementation has been split into authenticating and nonauthenticating variants.
Authenticating clients are initialised with user credentials as before. Unauthenticating clients are given a base URL.
The swift client doesn't care whether it is initialised with a public or authenticating connection to OpenStack; it works the same
either way, but operations which are forbidden by the ACL will return a 401.
When I ran the tests, some of the legacy authorisation test doubles didn't return any swift info so the tests broke. This has always been that way
so I'm not sure how the tests passed originally. I fixed everything so it's good now.
The next step in this work is to configure the OpenStack provider in juju-core to be able to use a public container from which it
gets the juju tools. This will mirror what the ec2 provider does.
https://code.launchpad.net/~wallyworld/goose/public-containers/+merge/140821
(do not edit description out of merge proposal)
Patch Set 1 #Patch Set 2 : Introduce container ACLs #Patch Set 3 : Introduce container ACLs #Patch Set 4 : Introduce container ACLs #
Total comments: 4
Patch Set 5 : Introduce container ACLs #
MessagesTotal messages: 2
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
