Tutorial assumes object container testPrivateContainer has already been created and already populated with data. Installed OpenStack swift cli tool and valid openrc file are also required.

1) Use swift cli tool to get stats on our container

swift stat testPrivateContainer
                   Account: AUTH_a5610a26a08a4e5fbc9dcf0dc506f03c
                Container: testPrivateContainer
                  Objects: 1
                    Bytes: 11
                 Read ACL: 
                Write ACL:
                  Sync To:
                 Sync Key:
Strict-Transport-Security: max-age=31536000;includeSubDomains
   X-Content-Type-Options: nosniff
  Content-Security-Policy: frame-ancestors yyc.cloud.cybera.ca cloud.cybera.ca yeg.cloud.cybera.ca
            Accept-Ranges: bytes
               X-Trans-Id: tx34d531891d434f0dafa7e-0062952219
         X-Storage-Policy: Policy-0
            Last-Modified: Mon, 30 May 2022 19:51:27 GMT
              X-Timestamp: 1653417455.66060
             Content-Type: application/json; charset=utf-8
   X-Openstack-Request-Id: tx34d531891d434f0dafa7e-0062952219 

2) Find the OpenStack ID for users who need read access. The easiest way to do this is for the user that needs read access to run the following openstack cli command after sourcing their openrc file.

openstack user show "${OS_USERNAME}" -c id -f value

3) As the owner of the container, run the following command to allow the second user read access to the container

swift post --read-acl "cc424f1b7230a8f1aeb573a899abd97d:*" testPrivateContainer

You can verify the Read ACL has been updated with the stat command. It should show the value you provided inside the quotes. 

  • You are able to add multiple users by using a , to separate the values, here is an example with two users in the read list

    swift post --read-acl "cc424f1b7230a8f1aeb573a899abd97d:*,a16b42b61e9a489ca747e3b1cec6e62e:*" testPrivateContainer

4) If everything looks good, the below is a basic example of how to read an object in that shared container in Python.

import json
import requests
from requests.structures import CaseInsensitiveDict

url = "https://keystone-yyc.cloud.cybera.ca:5000/v3/auth/tokens"

headerData = """
  "auth": {
    "identity": {
       "methods": ["password"],
          "password": {
             "user": {
                "domain": {"name": "Default"},
                   "name": "USERNAME@EMAIL.COM",
                   "password": "PASSWORD"
       "scope": {
          "project": {
             "domain": {"name": "Default"},
                "name": "USERNAME@EMAIL.COM"

headers = CaseInsensitiveDict()
headers["Content-Type"] = "application/json"

resp = requests.post(url, headers=headers, data=headerData)

if resp.status_code != 201:
  authHead = resp.headers
  token = authHead["X-Subject-Token"]

  dataUrl = "https://swift-yyc.cloud.cybera.ca:8080/v1/AUTH_a5610a26a08a4e5fbc9dcf0dc506f03c/testPrivateContainer/someDataFile"

  dataHeaders = CaseInsensitiveDict()
  dataHeaders["Content-Type"] = "application/json"
  dataHeaders["X-Auth-Token"] = token

  dataResp = requests.get(dataUrl, headers=dataHeaders)
  • No labels