In the Object Store (swift) project there is a tool that can perform a variety of tasks on your storage cluster named swift. This client utility can be used for adhoc processing, to gather statistics, list items, update metadata, upload, download and delete files. It is based on the native swift client library client.py. Incorporating client.py into swift provides many benefits such as seamlessly re-authorizing if the current token expires in the middle of processing, retrying operations up to five times and a processing concurrency of 10. All of these things help make the swift tool robust and great for operational use.

Swift ACLs work with users and accounts. Users have roles on accounts - such as '.admin', which allows full access to all containers and objects under the account. ACLs are set at the container level and support lists for read and write access, which are set with the X-Container-Read and X-Container-Write header respectively. The swift client can be used to set the acls, using the post subcommand with the option '-r' for the read ACL, and '-w' for the write ACL. This example allows the user 'testuser' to read objects in the container: $ swift post -r 'testuser' This could instead be a list of users. If you are using the StaticWeb middleware to allow OpenStack Object Storage to serve public web content, you should also be aware of the ACL syntax for managing allowed referrers. The syntax is '.r:' followed by a list of allowed referrers. For example, this command allows all referring domains access to the object: $ swift post -r '.r:*'