Is the Amazon S3 Bucket Policy equivalent in OpenStack Swift world? We would like to restrict access for certain containers to specific IP addresses. No other IP addresses should be able to access those containers.
在OpenStack Swift世界中，Amazon S3 Bucket Policy是否相同？我們希望將某些容器的訪問權限限制為特定的IP地址。沒有其他IP地址應該能夠訪問這些容器。
Swift doesn't support this out of the box.
However, you could implement this yourself with some Swift middleware. Much of OpenStack (including Swift) is built on Python Paste, see A Do-It-Yourself Framework. Using this you could create a middleware class much like the other Swift middleware classes. Note how each class has a
__call__ method, that's the entry point. You would then add you middleware to the pipeline in the config for proxy-server.conf.
So imagine that your middleware could talk to some data store of IP addresses and check it against the IP address of the incoming request, which you should be able to get out of environ in
__call__. Then the middleware would allow or deny the request based on that check.
If you really want to get going on developing something like this, checkout the Customize chapter of the OpenStack Operations Guide.