Account ACLs support
Swift today can be extended using authorization middleware offering access control using container level ACLs, which control object manipulation and listing.
Swift deviates from this approach when it comes to container manipulation and listing, where account level ACLs are not supported.
Instead Swift offers limited support using a concept of account ownership.
Swift should be extended to allow the development of authorization middleware offering access control using account level ACLs.
ACLs suggested way forward:
1. Complete the info work - to have a more unified path to getting and retriving a/c info from a/c DBs
2. Add support for Account ACLs along the line of Container ACLs (look for code reuse)
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- David Hadas
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- John Dickinson
- Completed by
- John Dickinson
Related branches
Related bugs
Sprints
Whiteboard
Steps in the implementation of this feature included:
1. Refactoring account autocreate
2. Refactoring the way info is collected and cached for containers and accounts
3. Adding the actual account acls to the account info and propagating them to the authorization middleware in the same way done today to containers.
Gerrit topic: https:/
Addressed by: https:/
Account ACLs