[Cyberduck-trac] [Cyberduck] #8959: Rackspace cloudfiles ACL only access

Cyberduck trac at trac.cyberduck.io
Thu Jul 30 14:29:42 UTC 2015 

#8959: Rackspace cloudfiles ACL only access
-----------------------+---------------------------
    Reporter:  matiu   |      Owner:
        Type:  defect  |     Status:  new
    Priority:  normal  |  Milestone:  4.7.2
   Component:  core    |    Version:  4.7.1
    Severity:  normal  |   Keywords:
Architecture:  Intel   |   Platform:  Mac OS X 10.8
-----------------------+---------------------------
 I have had to replace xxxx with xxxx everywhre because trac thinks this is
 spam.

 To Re-create:

  1. Using Rackspace cloud files create a user with zero access to anything
 (eg. my_user)
  2. Using cloud files ACL lists, grant access to a certain container (eg.
 /my_container) (xxxx --docs.rackspace.com/files/api/v1/cf-devguide/content
 /Container_ACLs-d1e2222.html)
  3. Try to access that container (making sure to use 'More Options' and
 make sure that the path says /my_container

 --------

 # State

  * In version 4.3.1 (11010) - This works, you can list the folder contents
 and modify files
  * Using plain old curl it works.
  * In cyberduck versions later than 4.3.1 it doesn't work

 --------

 # More detailed instructions

 ## Creating the restricted user

  1. Log in to xxxxs://mycloud.rackspace.com (sign up if you don't have a
 log in, it won't cost anything to create a single cloud files container
 and add a 1k file).
  2. Click 'Account' in the top right
  3. Click 'User Management'
  4. Click the 'Create User' button
  5. Make up a user name and password and security answer
  6. Under 'Product Access' choose 'No Access'
  7. Make up a name and email for them
  8. Click 'Create User' at the bottom of the form
  9. Take a note of the username and apikey for later

 ## Creating the container

  1. Still in xxxxs://mycloud.rackspace.com - click Storage, Files
  2. Click 'Create Container' and give it a name
  3. Take a note of which DC it's in. (Example uses DFW).

 ## Granting ACL to 'my_user'

 Instead of using curl, I'm using xxxxie and jq as it's heaps easier:

  * xxxxs://github.com/jkbr/xxxxie
  * xxxx://stedolan.github.io/jq/

 Using the username and the API key of the Rackspace cloud ACCOUNT OWNER...

 You can run this in bash, to grant 'my_user', access to 'my_container' in
 the DFW cloud files:

 ----- 8< ----
 USER=admin
 KEY=some_long_api_key
 json=$(echo "{ \"auth\":{ \"RAX-KSKEY:apiKeyCredentials\":{
 \"username\":\"${USER}\", \"apiKey\":\"${KEY}\" } } }" | http POST
 xxxxs://auth.api.rackspacecloud.com/v2.0/tokens)
 token=$(echo $json | jq -r '.access | .token | .id')
 auth="X-Auth-Token:$token"
 url=$(echo $json | jq -r '.access | .serviceCatalog | .[] | select(.name
 == "cloudFiles") | .endpoints | .[] | select(.region == "DFW") |
 .publicURL')
 http POST $url/my_container X-Container-Read:my_user X-Container-
 Write:my_user $auth
 ----- >8 ----

 Now in Cyberduck 4.3.1 as 'my_user' you can list 'my_container', and
 upload to it, but in later versions you can't.

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8959>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list