Adding an ACL to a container

You use the HTTP POST method with either the read or write ACL header to add an ACL to an existing container. Adding an ACL to a container replaces the existing read or write ACL in its entirety. You cannot modify an existing ACL in place.

To add an ACL to a container, you need write ACL permission for the container.

Request line

Depending on whether the HSwift request uses a Keystone tenant ID or the account name, the request line for a request to add an ACL (write or read) to a container has either of these formats:

  • With the Keystone tenant ID:
    POST /swift/v1/tenant-ID/container-name HTTP/1.1
    "X-Container-Write: acl-permitted-account-name"

    or

    POST /swift/v1/tenant-ID/container-name HTTP/1.1
    "X-Container-Read: acl-permitted-account-name"
  • With the account name:
    POST /swift/v1/account-name/container-name HTTP/1.1
    "X-Container-Write: acl-permitted-account-name"

    or

    POST /swift/v1/account-name/container-name HTTP/1.1
    "X-Container-Read: acl-permitted-account-name"

Request headers

The table below describes the headers you can use in a request to add an ACL container.

NameTypeDescription
X-Auth-TokenString

Used to supply the Keystone authentication token or local authentication token.

Replace the Keystone authentication token with the prefix HCP, followed by your Local Authentication token, in the format:

"X-Auth-Token: HCP base64-encoded-username:md5-encoded-password"

For example:

"X-Auth-Token: HCP bGdyZWVu:a3b9c163f6c520407ff34cfdb83ca5c6"
X-Container-ReadString

Adds a Read, Browse or both access permissions to the container.

This header can be used to add permissions to individual Keystone users or make the container public.

In order to make a container public, enter an asterisk (*) as the request header's value.

X-Container-WriteString

Adds Write, Delete or both access permissions to the container.

This header can be used to add permissions to individual Keystone users or make the container public.

In order to make a container public, enter an asterisk (*) as the request header's value.

X-Remove-Container-nameString

This header removes other headers supported by the POST command. Instead of replacing the data with new information, this header acts as a delete for other headers.

Here is an example of how to use the header. If you want to get rid of all your X-Container-Write ACL permissions on a container you format the X-Remove-Container-name header like this:

X-Remove-Container-Write

When you execute this example operation all write ACLs are removed from the container.

Response headers

The table below describes the response headers returned in response to a successful request to add an ACL to a container.

NameTypeDescription
Content-lengthString (Required)

The size, in bytes, of the response body if HCP can determine the size before formulating the response.

If the response does not include a response body, the value of the Content-Length is 0 (zero).

Content-TypeString (Required if the Content-Length is greater than 0)

The Internet media type of the response body if HCP can determine the Internet media type. If HCP cannot determine the Internet media type, the value of this header is application/octet-stream.

Because HCP returns error information in a response body, the response to any request can include a Content-Type header.

DateDatetime (Required)

The date and time at which HCP responded to the request in Greenwich Mean Time (GMT). The date and time are returned in this format:

DDD dd MMM yyyy HH:mm:ss GMT

For example:

Thu, 14 Mat 2013 14:27:05 GMT
X-Trans-IdUuid (Required)HCP returns a universally unique identifier (UUID). This UUID does not map to any entries in the HCP database.

HTTP status codes

The table below describes the response headers returned in response to a successful request to add an ACL to a container.

CodeMeaningDescription
204No contentThe POST was successful.
500Internal Server Error

An internal error occurred.

If this error persists, contact your tenant administrator.

503Service Unavailable

HCP is temporarily unable to handle the request, probably due to system overload, maintenance, or upgrade. Try the request again, gradually increasing the delay between each successive attempt.

If this error persists, contact your tenant administrator.

Example: Adding an ACL to a container by specifying individual users

Here's a sample POST request that adds an ACL to the finance container by using the X-Container-Write and X-Container-Read headers. The ACL grants write permission to the Keystone authenticated user pdgrey, and read permissions to Keystone authenticated users pdgrey and mwhite.

Request with curl command line

curl -i -X POST http://api.hcp.example.com/swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance -H "X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87" -H "X-Container-Write: pdgrey" -H "X-Container-Read: pdgrey, mwhite"

Request headers

POST /swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance HTTP/1.1
X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87
X-Container-Write: pdgrey
X-Container-Read: pdgrey, mwhite

Response headers

HTTP/1.1 204 No Content
Date: Fri, 31 Oct 2014 13:07:45 GMT
X-Trans-Id: 3c74e66d-9fb7-407d-9762-391d3e77014f
Content-Length: 0
Content-Type: application/octet-stream

Example: Adding a public ACL to a container

Here's a sample POST request that adds an ACL that give public read, browse, write, and delete data permissions to the finance container by using the X-Container-Write and X-Container-Read headers.

Request with curl command line

curl -i -X POST http://api.hcp.example.com/swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance -H "X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87" -H "X-Container-Write: *" -H "X-Container-Read: *"

Request headers

POST /swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance HTTP/1.1
X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87
X-Container-Write: *
X-Container-Read: *

Response headers

HTTP/1.1 204 No Content
Date: Fri, 31 Oct 2014 13:07:45 GMT
X-Trans-Id: 3c74e66d-9fb7-407d-9762-391d3e77014f
Content-Length: 0
Content-Type: application/octet-stream