An alternative authentication system for Swift
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Zuul 0b3f632f37 Merge "Use stdlib urlparse" 15 hours ago
bin Use stdlib urlparse 2 months ago
doc Update the invalid url for swift page 1 year ago
etc Allow configuring salt manually 3 years ago
swauth Use stdlib urlparse 2 months ago
test Stop using client headers for cross-middleware communication 1 year ago
webadmin Webadmin logout fix. 4 years ago
.coveragerc Change setup.py to OS one 3 years ago
.gitignore .tox directory added to .gitignore 3 years ago
.gitreview OpenDev Migration Patch 2 months ago
.mailmap .mailmap 3 years ago
.unittests Rename of "test_swauth" to "test" fix 3 years ago
AUTHORS Release 1.3.0 1 year ago
CHANGELOG Release 1.3.0 1 year ago
CONTRIBUTING.rst Replace obsolete vanity openstack.org URLs 2 years ago
LICENSE Initial commit of original codebase, altered to work in new codebase. 8 years ago
README.md s3: Make s3 support configurable 3 years ago
babel.cfg Initial commit of original codebase, altered to work in new codebase. 8 years ago
bindep.txt List system dependencies for running tests 1 year ago
requirements.txt uncap eventlet 1 year ago
setup.cfg Remove outdated locale 3 years ago
setup.py Updated from global requirements 1 year ago
test-requirements.txt Updated from global requirements 1 year ago
tox.ini Add exclusion for bandit check B303 2 months ago

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

1) Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

2) Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

Was:

    [pipeline:main]
    pipeline = catch_errors cache tempauth proxy-server

Change To:

    [pipeline:main]
    pipeline = catch_errors cache swauth proxy-server

3) Add to your proxy-server.conf the section for the Swauth WSGI filter:

[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
super_admin_key = swauthkey

4) Be sure your proxy server allows account management:

[app:proxy-server]
...
allow_account_management = true

5) Restart your proxy server swift-init proxy reload

6) Initialize the Swauth backing store in Swift swauth-prep -K swauthkey

7) Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing

8) Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

1) If you installed from packages, you’ll need to cd to the webadmin directory

the package installed. This is ``/usr/share/doc/python-swauth/webadmin``
with the Lucid packages. If you installed from source, you'll need to cd to
the webadmin directory in the source directory.

2) Upload the Web Admin files with ``swift -A http://127.0.0.1:8080/auth/v1.0

-U .super_admin:.super_admin -K swauthkey upload .webadmin .``

3) Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats and security concern. Hence, s3 support is disabled by default and you have to explicitly enable it in your configuration. Refer to swift3 compatibility section in documentation for further details