yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1075051] Re: AWS credentials delegation to S3/Swift3

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Davanum Srinivas \(DIMS\)" <davanum@xxxxxxxxx>
Date: Fri, 12 Jun 2015 20:40:53 -0000
Reply-to: Bug 1075051 <1075051@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: ec2-api
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1075051

Title:
  AWS credentials delegation to S3/Swift3

Status in EC2 API:
  New
Status in OpenStack Compute (Nova):
  Confirmed

Bug description:
  Now (openstack-nova-api-2012.2-1.fc18) , when the nova tries to connect to the S3 storage  it tries to use the credentials "hard coded" to the config file.
  It means every RegisterImage  call will use the same tenant credentials instead of their own tenant credentials.

  I think nova should delegate authentication to the swift backed, even
  by using other access method with the original requester
  permissions/roles.

  Note1:
  Probably this behaviour originated the days where the nova-objectstore used and it  does not validated credentials.
  Note2: Part of AWS credential is a signature of the request by the secret key, simple forwarding probably will not work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ec2-api/+bug/1075051/+subscriptions