77c886ab18
This adds support to the Swift backup driver to send a service user token in the X-Service-Token header when talking to Swift which will support long running processes to continue functioning when the user token is expired if the target supports it. [1] [2] In the patch I'm favoring passing the X-Service-Token from Cinder as a header instead of passing the service user credentials down to the python-swiftclient, it makes more sense to not hand it off. We already have a auth plugin for the service user which ensures that the token is always valid, an invalid token would disrupt the process and cause the long running process to fail. The new config option to enable the service auth in the Swift driver serves the purpose of not enabling the feature by default for deployments already enabling service user for Nova and Glance. I'm working on implementing the X-Service-Token support in Ceph RadosGW's Swift API implementation [3], OpenStack Swift already supports service token. [1] https://specs.openstack.org/openstack/keystone-specs/specs/keystonemiddleware/juno/service-tokens.html [2] https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html [3] https://github.com/ceph/ceph/pull/45395 Related-Bug: #1298135 Change-Id: I69a478dc18c18e6d67be83d61c9643afab72c118
Release notes
The release notes for a patch should be included in the patch. The intended audience for release notes include deployers, administrators and end-users.
A release note is required if the patch has upgrade or API impact. It is also required if the patch adds a feature or fixes a long-standing or security bug.
Please see https://docs.openstack.org/cinder/latest/contributor/releasenotes.html for more details.