Advanced OCS access configuration
Posted by Pomoc Oktawave on 21.05.2014 19:20
One of the basic window, where you can edit an access to OCS service, is located in Services | OCS | container indicator | Edit.
You could find there the following options:
The next step is to add the header X-Container-Meta-Web-Index: index.html, using python-swiftclient, as it was described below: http://docs.openstack.org/api/openstack-object-storage/1.0/content/Examples_for_static_web-dle4025.html.
Then the queries with no X-Auth-Token in the header (e.g. generated by the browser) would turn index.html object’s content if it is in the container or the message Not found, if there is no such an object. File’s listing is possible, when the query contains a correct X-Auth-Token (there can be also the users beyond OCS with an active token).
There exists several other methods of changing the headers:
Defining of header X-Container-Meta-Web-Index: index.html simulates an action of the typical webserver serving index.html file for unauthorized demands generated by WWW browsers (no X-Auth-Token header with a correct token).
If a user with a proper authentication token would call to a such container (most likely using a dedicated swift client), he would have the possibility of listing the objects located in the container, because of its public-owned type.
During the first logging in OCS as an administrator it could be noticed that there exists a OCS-services-backups container. Please note that the access to this container is possible only when authenticated as the administrator (login: admin, password identical to this defined in Oktawave administration panel; naturally it could be changed in the section Services | Users | OCS).
No other user could have the access to this directory, because it is reserved for the user’s generated backups. The details are available here: https://kb.oktawave.com/Knowledgebase/Article/View/208/0/how-to-create-oci-backup-in-oktawave-control-panel
Authorities to the other directories (directories could be generated by selecting Generate directory in the section Services | OCS) may be edited from the administration panel (also the section Services | User management | OCS).