Keystone-BP-S3Token


 * Launchpad Entry: KeystoneSpec:s3token
 * Created: 2012-01-15
 * Contributor: Akira YOSHIYAMA

Summary
Adds user auth-n/auth-z capability of Keystone for Swift S3 API. It's a port of that for Nova EC2 API.

Dependency
None.

Structure
This capability has 3 parts:


 * 1) A keystone patch to add a new auth-n API for S3 API.
 * 2) A middleware s3_token.py to use 1. from Swift.
 * 3) A swift patch to use token and endpoint information from 2.

1 and 2 for Keystone, 3 for Swift.

Configuration
Add s3token to pipeline:main configuration for Swift proxy server. (/etc/swift/proxy-server.conf)

[pipeline:main] pipeline = healthcheck cache s3token authtoken swift3 keystone proxy-server

And add some lines below to same configuration file.

[filter:s3token] use = egg:keystone#s3token auth_protocol = http auth_host = 127.0.0.1 auth_port = 5000 admin_token = 999888777666

auth_protocol, auth_host, auth_port are for public API of Keystone. admin_token is for Keystone.

Then, reboot swift proxy server, so that apply configuration.

Sequence
This capability runs as same as Nova EC2 API with Keystone.

Request
POST /v2.0/s3tokens
 * Method

Content-Type: application/json
 * Header

JSON style information
 * Body

||access||S3 Access Key (Account Name)|| ||signature||Signature Key|| ||verb||Original request method|| ||path||URL path of original request|| ||expire||Date header of original request|| ||content_type||Content-Type header of original request|| ||content_md5||Content-MD5 header of original request|| ||xheaders||X-Amz-* headers of original request||

Response

 * 200 (OK)
 * 400 (Bad Request)
 * 401 (Unauthorized)
 * 403 (UserDisabled)