openstack team mailing list archive

[Pete Zaitcev <zaitcev@xxxxxxxxxx>]

Hello:

Does anyone happen to have Swift running with S3 and Keystone? If yes,
send me the proxy-server.conf, please. Also, I'd like to ask a few
questions, if I may. I tried to piece it together from the code,
but failed.

The authentication is done with a special hook into Keystone. It supplies
middleware, keystone/keystone/middleware/s3_token.py, which invokes
a POST to v2 Keysone with OS-KSS3:s3Credentials, then sets a req. header
X-Auth-Token. So far so good.

However, how does it fit in with Swift? The actual S3 operations are
implemented by swift/common/middleware/swift3.py, which rolls up the
canonical string, then stuffs it into env['HTTP_X_AUTH_TOKEN'].
The intent is, as I understand, to invoke the special purpose
code in tempauth and thus is useless for Keystone. So, how is this
supposed to work?

I imagine the pipeline should look something like this:

  [pipeline:main]
  pipeline = healthcheck cache s3auth swift3 proxy-server

  [filter:s3auth]
  use = egg:keystone#swiftauth
  service_protocol = http
  service_host = 192.168.129.18
  service_port = 5000

  [filter:swift3]
  use = egg:swift#swift3

Except... There is no entry point for s3_auth in keystone egg.

Documentation seems to be absent. I suppose I could put it together,
if I got it all working at least once.

Confused,
-- Pete