← Back to team overview

openstack team mailing list archive

Re: Configuring tempurl in Openstack Swift

 

Oh cool.. Didn't know about this. Will try this out.


On Tue, Apr 30, 2013 at 1:37 PM, Samuel Merritt <sam@xxxxxxxxxxxxxx> wrote:

> The tempurl key is just a metadata attribute on the account with a
> particular name. swiftclient already supports setting metadata on accounts
> (and containers and objects); no changes are needed.
>
> $ swift post -m temp-url-key:**correcthorsebatterystaple
>
>
> On 4/30/13 10:43 AM, Shrinand Javadekar wrote:
>
>> Thanks for the reply John.
>>
>> We have seen a few customers struggle when setting up tempurl. Its easy
>> to make them edit the proxy-server.conf file. But explaining the second
>> step is a bit tedious and error-prone. I've been thinking of having a
>> python script that does this. But something official would be better.
>>
>> Would it be a good idea to add capability to the swift command line
>> utility to configure tempurl?
>>
>>
>> On Mon, Apr 29, 2013 at 8:48 PM, John Dickinson <me@xxxxxx
>> <mailto:me@xxxxxx>> wrote:
>>
>>     There are no plans to change the current implementation of tempurl.
>>
>>     In order to generate a tempurl that can be validated without relying
>>     on a network call to a centralized authority service, the owner and
>>     the service must have a shared secret. In the tempurl feature, this
>>     shared secret is set as a metadata key on the account. This allows
>>     the content owner to generate as many keys as necessary (without
>>     having to call an external service) and allows Swift to validate
>>     each one (without calling an external service).
>>
>>     Note that an auth token is only needed in order to save the shared
>>     secret in the account metadata. Once the shared secret is set,
>>     neither the owner of the content nor the user of the tempurl (ie
>>     someone otherwise without access to the swift cluster) need a valid
>>     auth token to generate or use a tempurl.
>>
>>     The only official docs for tempurl are at
>>     http://docs.openstack.org/**developer/swift/misc.html#**
>> module-swift.common.**middleware.tempurl<http://docs.openstack.org/developer/swift/misc.html#module-swift.common.middleware.tempurl>
>>     (We should probably have some docs written for
>>     http://docs.openstack.org/api/**openstack-object-storage/1.0/**
>> content/<http://docs.openstack.org/api/openstack-object-storage/1.0/content/>
>>     on this feature.)
>>
>>     --John
>>
>>
>>
>>     On Apr 29, 2013, at 5:26 PM, Shrinand Javadekar
>>     <shrinand@xxxxxxxxxxxxxx <mailto:shrinand@maginatics.**com<shrinand@xxxxxxxxxxxxxx>>>
>> wrote:
>>
>>      > Hi,
>>      >
>>      > Configuring tempurl in openstack Swift requires two steps:
>>      >
>>      > 1) Adding tempurl to the pipeline in proxy-server.conf
>>      > 2) Setting the tempurl key on the account.
>>      >
>>      > Step #1 above is fairly straight forward. However, step #2 is
>>     slightly complicated; at least as per [1]. It requires first
>>     authenticating the user and getting an auth token. Then make an http
>>     request with the X-Meta-Tempurl-key header to set the tempurl key.
>>      >
>>      > Are there easier ways to do this? If not, is it on the roadmap to
>>     do this easily?
>>      >
>>      > Thanks in advance.
>>      > -Shri
>>      >
>>      > [1]
>>     http://failverse.com/using-**temporary-urls-on-rackspace-**
>> cloud-files/<http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/>
>>      >
>>      > ______________________________**_________________
>>      > Mailing list: https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>>      > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>     <mailto:openstack@lists.**launchpad.net<openstack@xxxxxxxxxxxxxxxxxxx>
>> >
>>
>>      > Unsubscribe : https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>>      > More help   : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>>
>>
>>
>>
>> ______________________________**_________________
>> Mailing list: https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>> More help   : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>>
>>
>

References