Adding an ACL to a container
You use the HTTP POST method with either the read or write ACL header to add an ACL to an existing container. Adding an ACL to a container replaces the existing read or write ACL in its entirety. You cannot modify an existing ACL in place.
To add an ACL to a container, you need write ACL permission for the container.
Request line
Depending on whether the HSwift request uses a Keystone tenant ID or the account name, the request line for a request to add an ACL (write or read) to a container has either of these formats:
- With the Keystone tenant ID:
POST /swift/v1/tenant-ID/container-name HTTP/1.1 "X-Container-Write: acl-permitted-account-name"
or
POST /swift/v1/tenant-ID/container-name HTTP/1.1 "X-Container-Read: acl-permitted-account-name"
- With the account name:
POST /swift/v1/account-name/container-name HTTP/1.1 "X-Container-Write: acl-permitted-account-name"
or
POST /swift/v1/account-name/container-name HTTP/1.1 "X-Container-Read: acl-permitted-account-name"
Request headers
The table below describes the headers you can use in a request to add an ACL container.
Name | Type | Description |
X-Auth-Token | String |
Used to supply the Keystone authentication token or local authentication token. Replace the Keystone authentication token with the prefix HCP, followed by your Local Authentication token, in the format: "X-Auth-Token: HCP base64-encoded-username:md5-encoded-password" For example: "X-Auth-Token: HCP bGdyZWVu:a3b9c163f6c520407ff34cfdb83ca5c6" |
X-Container-Read | String |
Adds a Read, Browse or both access permissions to the container. This header can be used to add permissions to individual Keystone users or make the container public. In order to make a container public, enter an asterisk (*) as the request header's value. |
X-Container-Write | String |
Adds Write, Delete or both access permissions to the container. This header can be used to add permissions to individual Keystone users or make the container public. In order to make a container public, enter an asterisk (*) as the request header's value. |
X-Remove-Container-name | String |
This header removes other headers supported by the POST command. Instead of replacing the data with new information, this header acts as a delete for other headers. Here is an example of how to use the header. If you want to get rid of all your X-Remove-Container-Write When you execute this example operation all write ACLs are removed from the container. |
Response headers
The table below describes the response headers returned in response to a successful request to add an ACL to a container.
Name | Type | Description |
Content-length | String (Required) |
The size, in bytes, of the response body if HCP can determine the size before formulating the response. If the response does not include a response body, the value of the |
Content-Type | String (Required if the Content-Length is greater than 0) |
The Internet media type of the response body if HCP can determine the Internet media type. If HCP cannot determine the Internet media type, the value of this header is Because HCP returns error information in a response body, the response to any request can include a |
Date | Datetime (Required) |
The date and time at which HCP responded to the request in Greenwich Mean Time (GMT). The date and time are returned in this format: DDD dd MMM yyyy HH:mm:ss GMT For example: Thu, 14 Mat 2013 14:27:05 GMT |
X-Trans-Id | Uuid (Required) | HCP returns a universally unique identifier (UUID). This UUID does not map to any entries in the HCP database. |
HTTP status codes
The table below describes the response headers returned in response to a successful request to add an ACL to a container.
Code | Meaning | Description |
204 | No content | The POST was successful. |
500 | Internal Server Error |
An internal error occurred. If this error persists, contact your tenant administrator. |
503 | Service Unavailable |
HCP is temporarily unable to handle the request, probably due to system overload, maintenance, or upgrade. Try the request again, gradually increasing the delay between each successive attempt. If this error persists, contact your tenant administrator. |
Example: Adding an ACL to a container by specifying individual users
Here's a sample POST request that adds an ACL to the finance container by using the X-Container-Write
and X-Container-Read
headers. The ACL grants write permission to the Keystone authenticated user pdgrey, and read permissions to Keystone authenticated users pdgrey and mwhite.
Request with curl command line
curl -i -X POST http://api.hcp.example.com/swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance -H "X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87" -H "X-Container-Write: pdgrey" -H "X-Container-Read: pdgrey, mwhite"
Request headers
POST /swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance HTTP/1.1 X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87 X-Container-Write: pdgrey X-Container-Read: pdgrey, mwhite
Response headers
HTTP/1.1 204 No Content Date: Fri, 31 Oct 2014 13:07:45 GMT X-Trans-Id: 3c74e66d-9fb7-407d-9762-391d3e77014f Content-Length: 0 Content-Type: application/octet-stream
Example: Adding a public ACL to a container
Here's a sample POST request that adds an ACL that give public read, browse, write, and delete data permissions to the finance container by using the X-Container-Write
and X-Container-Read
headers.
Request with curl command line
curl -i -X POST http://api.hcp.example.com/swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance -H "X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87" -H "X-Container-Write: *" -H "X-Container-Read: *"
Request headers
POST /swift/v1/AUTH_6b6884ebb6f441cfbb7e740f6a927c9e/finance HTTP/1.1 X-Auth-Token: dc5efec8f546455eac974e7bbfd0dd87 X-Container-Write: * X-Container-Read: *
Response headers
HTTP/1.1 204 No Content Date: Fri, 31 Oct 2014 13:07:45 GMT X-Trans-Id: 3c74e66d-9fb7-407d-9762-391d3e77014f Content-Length: 0 Content-Type: application/octet-stream