openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23155
Re: Configuring tempurl in Openstack Swift
Thanks for the reply John.
We have seen a few customers struggle when setting up tempurl. Its easy to
make them edit the proxy-server.conf file. But explaining the second step
is a bit tedious and error-prone. I've been thinking of having a python
script that does this. But something official would be better.
Would it be a good idea to add capability to the swift command line utility
to configure tempurl?
On Mon, Apr 29, 2013 at 8:48 PM, John Dickinson <me@xxxxxx> wrote:
> There are no plans to change the current implementation of tempurl.
>
> In order to generate a tempurl that can be validated without relying on a
> network call to a centralized authority service, the owner and the service
> must have a shared secret. In the tempurl feature, this shared secret is
> set as a metadata key on the account. This allows the content owner to
> generate as many keys as necessary (without having to call an external
> service) and allows Swift to validate each one (without calling an external
> service).
>
> Note that an auth token is only needed in order to save the shared secret
> in the account metadata. Once the shared secret is set, neither the owner
> of the content nor the user of the tempurl (ie someone otherwise without
> access to the swift cluster) need a valid auth token to generate or use a
> tempurl.
>
> The only official docs for tempurl are at
> http://docs.openstack.org/developer/swift/misc.html#module-swift.common.middleware.tempurl(We should probably have some docs written for
> http://docs.openstack.org/api/openstack-object-storage/1.0/content/ on
> this feature.)
>
> --John
>
>
>
> On Apr 29, 2013, at 5:26 PM, Shrinand Javadekar <shrinand@xxxxxxxxxxxxxx>
> wrote:
>
> > Hi,
> >
> > Configuring tempurl in openstack Swift requires two steps:
> >
> > 1) Adding tempurl to the pipeline in proxy-server.conf
> > 2) Setting the tempurl key on the account.
> >
> > Step #1 above is fairly straight forward. However, step #2 is slightly
> complicated; at least as per [1]. It requires first authenticating the user
> and getting an auth token. Then make an http request with the
> X-Meta-Tempurl-key header to set the tempurl key.
> >
> > Are there easier ways to do this? If not, is it on the roadmap to do
> this easily?
> >
> > Thanks in advance.
> > -Shri
> >
> > [1] http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
>
>
Follow ups
References