openstack team mailing list archive

[Bryan Hughes <khan@xxxxxxx>]

Greetings,

I have swift set up with keystone
pipeline = healthcheck cache tempurl authtoken keystone proxy-server

I have 2 users, admin and khan  in keystone,  both can use the system
with their own auth tokens just fine.


When creating a tempurl  I have set  the Temp-Url-Key for the admin account

#swift stat
   Account: AUTH_72532712acbc4173814cd0e8b73ff666
Containers: 1
   Objects: 3
     Bytes: 201
Meta Temp-Url-Key: mykey
Accept-Ranges: bytes
X-Timestamp: 1354129250.94271


When trying to retrieve the signed file as an anonymous public user and
tokened auth khan user I keep receiving:
401 Unauthorized: Temp URL invalid

I have added debug bits in the tempurl.py to trace the expiration date
is good,  but I am getting suck in  _get_key
The self.app(newenv, _start_response)  is not returning the
x-account-meta-temp-url-key header.

All I am seeing in that return is a request to authenticate with keystone.

Status is 401
Headers are:
Content-Type text/html; charset=UTF-8
Content-Length 0
WWW-Authenticate Keystone uri='http://127.0.0.1:35357'



Here is the newenv from make_pre_authed_env:
Nov 29 14:43:54 objectproxy proxy-server {'HTTP_USER_AGENT':
'curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0
zlib/1.2.3 libidn/1.18 libssh2/1.2.2 TempURL', 'eventlet.posthooks': [],
'SERVER_NAME': '127.0.0.1', 'swift.cache':
<swift.common.memcached.MemcacheRing object at 0x130a210>,
'REMOTE_USER': '.wsgi.pre_authed', 'wsgi.input': <StringIO.StringIO
instance at 0x129f560>, 'REQUEST_METHOD': 'HEAD', 'HTTP_HOST':
'objectproxy:8888', 'PATH_INFO':
'/v1/AUTH_72532712acbc4173814cd0e8b73ff666', 'SERVER_PORT': '8888',
'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING':
'temp_url_sig=a9643a3e29e60f3ee16e52331e0a63f9452f96f0&temp_url_expires=1354226593',
'swift.authorize': <function <lambda> at 0x7ff7399c1848>,
'swift.authorize_override': True}


Any clues on how to get that internal request to go through authorized?


Thanks