When you are using Object Storage in SoftLayer, there will come a time when you may find you need to share files with other SoftLayer accounts. Unfortunately, manipulating container ACL’s appears to be not supported via the SoftLayer portal. But, since SoftLayer Object Storage API is compatible with OpenStack Swift – this allows us to solve this problem using the API. This means the examples in this post should work with any OpenStack Swift compatible Object Storage implementation.
I found howto’s around this topic hard to come by, so I have written up this quick guide.
First of all, ensure you have a working Python installation, and you have pip installed.
Next, install the python-swiftclient module:
$ pip install python-swiftclient
Hopefully you have a working swift command-line now like so:
$ swift Usage: swift [--version] [--help] [--os-help] [--snet] [--verbose] [--debug] [--info] [--quiet] [--auth &amp;amp;lt;auth_url&amp;amp;gt;] [--auth-version &amp;amp;lt;auth_version&amp;amp;gt; | [...]
For this example, I am using two swift configurations implemented via environment variables. In SoftLayer, you can get your credentials from the Object Storage screen by clicking View Credentials:
For User A:
UserA$ cat user-a-swift-vars.sh export ST_USER=SLO12345-2:UserA@me.com export ST_KEY=1871e8b4595079a… export ST_AUTH=https://syd01.objectstorage.softlayer.net/auth/v1.0/
For User B:
UserB$ cat user-b-swift-vars.sh export ST_USER=SLO22345-2:UserB@me.com export ST_KEY=9fe12cc1927a5877… export ST_AUTH=https://syd01.objectstorage.softlayer.net/auth/v1.0/
Source each shell file:
UserA$ . user-a-swift-vars.sh UserB$ . user-b-swift-vars.sh
Now, we want to share the MyNewContainer container in UserA SoftLayer account with UserB.
In the SoftLayer GUI under Object Storage the container looks like this:
Lets look at the default ACL’s on MyNewContainer:
UserA$ swift stat MyNewContainer Account: AUTH_150fef84-e459-4df7-a050-9f9f9f9f9f9c Container: MyNewContainer Objects: 2 Bytes: 5 Read ACL: Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Storage-Policy: standard X-Timestamp: 1462838226.47452 X-Trans-Id: tx51d3b7ac89f64502ad3ba-0057314450 Content-Type: text/plain; charset=utf-8
They look empty to me. Now, lets get UserB to try and list the contents of the above object. Note that we need to specify the URL to the storage which you can find either in the SoftLayer object storage GUI, or you can extract the important AUTH_ information from the above swift stat command. Pass –os-storage-url to swift and you can attempt to access the container:
UserB$ swift --os-storage-url https://syd01.objectstorage.softlayer.net/v1.0/AUTH_150fef84-e459-4df7-a050-9f9f9f9f9f9c list MyNewContainer Container GET failed: https://syd01.objectstorage.softlayer.net/v1.0/AUTH_150fef84-e459-4df7-a050-9f9f9f9f9f9c/MyNewContainer?format=json 403 Forbidden [first 60 chars of response] &lt;html&gt;&lt;h1&gt;Forbidden&lt;/h1&gt;&lt;p&gt;Access was denied to this resourc
As expected, it does not work.
Now update the ACL for MyNewContainer by adding UserB into the ACL:
UserA$ swift post MyNewContainer --read-acl "SLO22345-2:UserB@me.com"
Check that the ACL was applied:
UserA$ swift stat MyNewContainer Account: AUTH_150fef84-e459-4df7-a050-9f9f9f9f9f9c Container: MyNewContainer Objects: 2 Bytes: 5 Read ACL: SLO22345-2:UserB@me.com Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Trans-Id: txfb18c6b3823c444b8e56b-005731449b X-Storage-Policy: standard X-Timestamp: 1462838226.47452 Content-Type: text/plain; charset=utf-8
Now try and list the contents of the MyNewContainer which is successful:
UserB$ swift --os-storage-url https://syd01.objectstorage.softlayer.net/v1.0/AUTH_150fef84-e459-4df7-a050-279b3d95f54c list MyNewContainer Files Files/test.txt
Thats it! Some references I used for this post: