openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #17548
swift tempURL requests yield 401 Unauthorized
Hi,
using swift 1.4.8 on Centos machines. (latest packages for centos. note that i'm assuming tempurl works with this version merely because all the code seems to be there, i couldn't find clear docs on whether it should work or not?)
I want to use the swift tempURL feature as per
http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/
http://docs.rackspace.com/files/api/v1/cf-devguide/content/TempURL-d1a4450.html
http://docs.rackspace.com/files/api/v1/cf-devguide/content/Set_Account_Metadata-d1a4460.html
TLDR: set up metadata correctly, but tempurl requests yield http 401, can't figure it out, _get_hmac() doesn't seem to be called.
First, I set the key metadata (this works fine) (tried both the swift CLI program as well as curl), and I tried setting it both on container level (container "uploads") as well as account level
(though i would prefer container level)
alias vimeoswift=swift -A http://$ip:8080/auth/v1.0 -U system:root -K testpass'
vimeoswift post -m Temp-Url-Key:key uploads
vimeoswift post -m Temp-Url-Key:key
curl -i -X POST -H X-Auth-Token:$t -H X-Account-Meta-Temp-URL-Key:key http://$ip:8080/v1/AUTH_system
this seems to work, because when I stat the account and the container, they
show up:
[root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads
Account: AUTH_system
Container: uploads
Objects: 1
Bytes: 1253
Read ACL:
Write ACL:
Sync To:
Sync Key:
Meta Temp-Url-Key: key <------------------
Accept-Ranges: bytes
[root@dfvimeodfsproxy1 ~]# vimeoswift stat
Account: AUTH_system
Containers: 1
Objects: 1
Bytes: 1253
Meta Temp-Url-Key: key <------------------
Accept-Ranges: bytes
[root@dfvimeodfsproxy1 ~]#
I have already put a file in container uploads (which I can retrieve just fine using an auth token):
[root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads mylogfile.log | grep 'Content Length'
Content Length: 1253
now however, if i want to retrieve this file using the tempURL feature, it doesn't work:
using this script
#!/usr/bin/python2
import hmac
from hashlib import sha1
from time import time
method = 'GET'
expires = int(time() + 60)
base = 'http://10.90.151.5:8080'
path = '/v1/AUTH_system/uploads/mylogfile.log'
key = 'key'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
print '%s%s?temp_url_sig=%s&temp_url_expires=%s' % (base, path, sig, expires)
~ ❯ openstack-signed-url2.py
http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309
~ ❯ wget 'http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309'
--2012-10-19 13:04:14-- http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309
Connecting to 10.90.151.5:8080... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
I thought I could easily debug this myself by changing the _get_hmac()
function
in /usr/lib/python2.6/site-packages/swift/common/middleware/tempurl.py like so:
def _get_hmac(self, env, expires, key, request_method=None):
"""
(...)
"""
if not request_method:
request_method = env['REQUEST_METHOD']
self.logger("getting HMAC for method %s, expires %s, path %s" % (request_method, expires, env['PATH_INFO']))
hmac = hmac.new(key, '%s\n%s\n%s' % (request_method, expires,
env['PATH_INFO']), sha1).hexdigest()
self.logger("hmac is " + hmac)
return hmac
however, after restarting the proxy, I don't see my messages showing up
anywhere (logging works otherwise, because proxy-server messages are showing
up in /var/log/message, showing all incoming http requests and their responses
any help is appreciated, thanks!
Dieter
Follow ups
