openstack team mailing list archive

Thread
Date
Re: Swift tempurl

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Morten Møller Riis <mmr@xxxxxxxxxxx>
Date: Wed, 10 Jul 2013 21:43:18 +1000
In-reply-to: <D3F2EDDA-35F2-47FB-9914-52C0A322415F@gigahost.dk>
I've been looking at tempurl.py and found that the problem occurs here:

    def _get_key(self, env, account):
        """
        Returns the X-Account-Meta-Temp-URL-Key header value for the
        account, or None if none is set.

        :param env: The WSGI environment for the request.
        :param account: Account str.
        :returns: X-Account-Meta-Temp-URL-Key str value, or None.
        """
        key = None
        memcache = env.get('swift.cache')
        if memcache:
            key = memcache.get('temp-url-key/%s' % account)
        if not key:
            newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
                                         self.agent)
            newenv['CONTENT_LENGTH'] = '0'
            newenv['wsgi.input'] = StringIO('')
            key = [None]

            def _start_response(status, response_headers, exc_info=None):
                for h, v in response_headers:
                    if h.lower() == 'x-account-meta-temp-url-key':
                        key[0] = v

            i = iter(self.app(newenv, _start_response))
            self.logger.info()
            try:
                i.next()
            except StopIteration:
                pass
            key = key[0]
            if key and memcache:
                memcache.set('temp-url-key/%s' % account, key, timeout=60)
        return key

The request get 403 forbidden and thus never gets the key in the first place. I'm looking at the github repo and the implementation there seems to have changed.


Mvh / Best regards
Morten Møller Riis
Gigahost ApS
mmr@xxxxxxxxxxx




On Jul 10, 2013, at 6:24 PM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:

> I'm having trouble getting tempurl to work.
> 
> I set the "X-Account-Meta-Temp-Url-Key" metadata on the account. And a GET request shows it's set correctly.
> 
> I've enabled it on the proxy server in /etc/swift/proxy-server.conf:
> 
> [DEFAULT]
> bind_port = 8080
> workers = 8
> user = swift
> 
> [pipeline:main]
> pipeline = healthcheck cache tempurl swauth proxy-server
> 
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
> 
> [filter:tempurl]
> use = egg:swift#tempurl
> 
> [filter:swauth]
> use = egg:swauth#swauth
> set log_name = swauth
> super_admin_key = <removed>
> default_swift_cluster = gigahost#https://<url>/v1#http://localhost:8080/v1
> 
> [filter:healthcheck]
> use = egg:swift#healthcheck
> 
> [filter:cache]
> use = egg:swift#memcache
> memcache_servers = 127.0.0.1:11211
> 
> When creating the tempurl's, even using the swift-temp-url program I get:
> 
> ~ $ curl -i "https://<url>/v1/AUTH_224b1001-2c75-444c-aaef-30af13b9154c/000/206.pdf?temp_url_sig=387d79120a591e1cf6f4d4356f5c0a96fb49d202&temp_url_expires=1373438360"
> HTTP/1.1 401 Unauthorized
> Server: nginx
> Date: Wed, 10 Jul 2013 08:21:32 GMT
> Content-Type: text/plain
> Content-Length: 35
> Connection: keep-alive
> 
> 401 Unauthorized: Temp URL invalid
> 
> I've even tried running it locally on the proxy-server to localhost:8080, so I'm sure it's not nginx doing any funny stuff.
> 
> Does anybody have any suggestions? I'm pretty lost :(
> 
> 
> Mvh / Best regards
> Morten Møller Riis
> Gigahost ApS
> mmr@xxxxxxxxxxx
> 
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
Follow ups

Re: Swift tempurl
From: Shrinand Javadekar, 2013-07-10
References

Swift tempurl
From: Morten Møller Riis, 2013-07-10