swift3

x/swift3

Go to file

Naoto Nishizono 452d2fc6f3 Fix Swift3 to skip S3 authorization after initial authentication

Fix Swift3 never to send "Authorization" header again after the
initial authentication at S3AclRequest with keystone authentication.

This problem occurs following operations which check permission of object.
 - HEAD Object
 - GET Object
 - PUT Object Copy
 - Upload Part Copy

The keystone authentication expects both a token generated by
_canonical_string() and an user name written in the "Authorization"
header.

S3AclRequest will bypass the keystone authentication process after
authenticate() method call for some reasons (e.g. performance and
object acl). To bypass the authentication, Swift3 has a couple of
things to do. One is to delete "Authentication" header. The other is
to keep (and pass) a token retrieved from keystone server.(NOTE: the
token is different from a token generated by _canonical_string())

However, current Swift3 still tries to keep the "Authorization"
header in Request class and might pass it to the keystone
authentication. It causes unexpected (unnecessary) authentication
failure. To prevent the failure, Swift3 should delete the
"Authentication" header explicitly from Request.headers.

Change-Id: Id81e393d51b389610d9fa470f307f61e846a78a3

2015-01-22 18:50:41 +09:00

doc

etree: add support for xml validation

2014-07-08 21:54:18 +09:00

etc

Merge "Cleanup pipeline_check config and its description"

2015-01-16 00:33:30 +00:00

swift3

Fix Swift3 to skip S3 authorization after initial authentication

2015-01-22 18:50:41 +09:00

.gitignore

Improve coverage report

2014-04-16 10:55:54 +09:00

.gitreview

Add .gitreview file.

2014-03-22 15:42:32 +09:00

.unittests

Add unittests from swift repository.

2012-05-21 13:21:24 +02:00

AUTHORS

WIP - acls and test cases

2012-10-15 14:59:43 -07:00

CHANGELOG

Addding a few base files to the project.

2012-05-21 13:05:34 +02:00

LICENSE

Addding a few base files to the project.

2012-05-21 13:05:34 +02:00

README.md

Update documentation to use keystoneauth name

2014-10-17 14:50:25 -07:00

requirements.txt

Use lxml for processing XML

2014-06-05 17:10:22 +09:00

setup.cfg

Use openstack.nose_plugin for tests

2014-04-18 15:50:12 +09:00

setup.py

Add setup.cfg and pbr support.

2014-04-09 11:30:40 +02:00

test-requirements.txt

multi_upload: preliminary support for S3 multi part upload

2014-08-11 09:10:04 +00:00

tox.ini

Merge "tox: update swift version to 2.1.0"

2014-09-03 12:47:15 +00:00

README.md

Swift3

Swift3 Middleware for OpenStack Swift, allowing access to OpenStack swift via the Amazon S3 API.

Install

Install Swift3 with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.
Alter your proxy-server.conf pipeline to have swift3:

If you use tempauth:

Was::

    [pipeline:main]
    pipeline = catch_errors cache tempauth proxy-server

Change To::

    [pipeline:main]
    pipeline = catch_errors cache swift3 tempauth proxy-server

If you use keystone:

Was::

    [pipeline:main]
    pipeline = catch_errors cache authtoken keystone proxy-server

Change To::

    [pipeline:main]
    pipeline = catch_errors cache swift3 s3token authtoken keystoneauth proxy-server

Note that swift3 explicitly checks that keystoneauth is in the pipeline. You must use this name in the pipeline statement and in [filter:keystoneauth] section header.

Add to your proxy-server.conf the section for the Swift3 WSGI filter::

[filter:swift3] use = egg:swift3#swift3

You also need to add the following if you use keystone (adjust port, host, protocol configurations for your environment):

[filter:s3token]
paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
auth_port = 35357
auth_host = 127.0.0.1
auth_protocol = http