← Back to team overview

openstack team mailing list archive

swift tempURL requests yield 401 Unauthorized

 

Hi,
using swift 1.4.8 on Centos machines. (latest packages for centos.  note that i'm assuming tempurl works with this version merely because all the code seems to be there, i couldn't find clear docs on whether it should work or not?)
I want to use the swift tempURL feature as per
http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/
http://docs.rackspace.com/files/api/v1/cf-devguide/content/TempURL-d1a4450.html
http://docs.rackspace.com/files/api/v1/cf-devguide/content/Set_Account_Metadata-d1a4460.html

TLDR: set up metadata correctly, but tempurl requests yield http 401, can't figure it out, _get_hmac() doesn't seem to be called.

First, I set the key metadata (this works fine) (tried both the swift CLI program as well as curl), and I tried setting it both on container level (container "uploads") as well as account level
(though i would prefer container level)

alias vimeoswift=swift -A http://$ip:8080/auth/v1.0 -U system:root -K testpass'
vimeoswift post -m Temp-Url-Key:key uploads
vimeoswift post -m Temp-Url-Key:key
curl -i -X POST -H X-Auth-Token:$t -H X-Account-Meta-Temp-URL-Key:key http://$ip:8080/v1/AUTH_system

this seems to work, because when I stat the account and the container, they
show up:


[root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads
  Account: AUTH_system
Container: uploads
  Objects: 1
    Bytes: 1253
 Read ACL: 
Write ACL: 
  Sync To: 
 Sync Key: 
Meta Temp-Url-Key: key <------------------
Accept-Ranges: bytes
[root@dfvimeodfsproxy1 ~]# vimeoswift stat        
   Account: AUTH_system
Containers: 1
   Objects: 1
     Bytes: 1253
Meta Temp-Url-Key: key <------------------
Accept-Ranges: bytes
[root@dfvimeodfsproxy1 ~]# 

I have already put a file in container uploads (which I can retrieve just fine using an auth token):
[root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads mylogfile.log | grep 'Content Length'
Content Length: 1253

now however, if i want to retrieve this file using the tempURL feature, it doesn't work:

using this script
#!/usr/bin/python2
import hmac
from hashlib import sha1
from time import time
method = 'GET'
expires = int(time() + 60)
base = 'http://10.90.151.5:8080'
path = '/v1/AUTH_system/uploads/mylogfile.log'
key = 'key'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
print '%s%s?temp_url_sig=%s&temp_url_expires=%s' % (base, path, sig, expires)

~ ❯ openstack-signed-url2.py
http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309
~ ❯ wget 'http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309'
--2012-10-19 13:04:14--  http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309
Connecting to 10.90.151.5:8080... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.


I thought I could easily debug this myself by changing the _get_hmac()
function
in /usr/lib/python2.6/site-packages/swift/common/middleware/tempurl.py like so:

    def _get_hmac(self, env, expires, key, request_method=None):
        """
       (...)
        """
        if not request_method:
            request_method = env['REQUEST_METHOD']
        self.logger("getting HMAC for method %s, expires %s, path %s" % (request_method, expires, env['PATH_INFO']))
        hmac = hmac.new(key, '%s\n%s\n%s' % (request_method, expires,
            env['PATH_INFO']), sha1).hexdigest()
        self.logger("hmac is " + hmac)
        return hmac


however, after restarting the proxy, I don't see my messages showing up
anywhere (logging works otherwise, because proxy-server messages are showing
up in /var/log/message, showing all incoming http requests and their responses


any help is appreciated, thanks!

Dieter


Follow ups