| Old Design Page
This page was used to help design a feature that has been implemented. As a result, this page is unlikely to be updated and could contain outdated information. It was last updated on 2013-10-07
- Launchpad Entry: KeystoneSpec:s3token
- Created: 2012-01-15
- Contributor: Akira YOSHIYAMA
Adds user auth-n/auth-z capability of Keystone for Swift S3 API. It's a port of that for Nova EC2 API.
This capability has 3 parts:
- A keystone patch to add a new auth-n API for S3 API.
- A middleware s3_token.py to use 1. from Swift.
- A swift patch to use token and endpoint information from 2.
1 and 2 for Keystone, 3 for Swift.
Add s3token to pipeline:main configuration for Swift proxy server. (/etc/swift/proxy-server.conf)
[pipeline:main] pipeline = healthcheck cache s3token authtoken swift3 keystone proxy-server
And add some lines below to same configuration file.
[filter:s3token] use = egg:keystone#s3token auth_protocol = http auth_host = 127.0.0.1 auth_port = 5000 admin_token = 999888777666
auth_protocol, auth_host, auth_port are for public API of Keystone. admin_token is for Keystone.
Then, reboot swift proxy server, so that apply configuration.
This capability runs as same as Nova EC2 API with Keystone.
|Swift clients||Swift middleware|
|Swift clients||S3API request->||s3token|
|s3token||Keystone auth-n request->|
|s3token||<-token and endpoints|
|Swift clients||<-S3 API response||swift3(S3API)|
Additional API of Keystone
JSON style information
||access||S3 Access Key (Account Name)|| ||signature||Signature Key|| ||verb||Original request method|| ||path||URL path of original request|| ||expire||Date header of original request|| ||content_type||Content-Type header of original request|| ||content_md5||Content-MD5 header of original request|| ||xheaders||X-Amz-* headers of original request||
- 200 (OK)
- 400 (Bad Request)
- 401 (Unauthorized)
- 403 (UserDisabled)