Ask Your Question
0

token_life = 0 in tempauth

asked 2013-07-30 13:20:50 -0600

ovcharov-andrey gravatar image

I would like to disable expiration of auth token. Is it possible to add this feature in next versions? For my own installation swift/common/middleware/tempauth.py is patched, but it would be difficult to upgrade the software in future.

The goal is to disable the authentication. May be i'm going in wrong way?

Just in case, the path is included.

diff ./1.9.X/swift-1.9.X/swift/common/middleware/tempauth.py ./1.9.0/swift-1.9.0/swift/common/middleware/tempauth.py 211c211

< if expires > 0 and expires < time():

        if expires < time():

454c454

< if expires == 0 or expires > time():

            if expires > time():

460,463c460 < expires = 0 < if self.token_life: < expires = time() + self.token_life

<

        expires = time() + self.token_life

473,476c470,471 < if expires > 0: < memcache_client.set(memcache_token_key, (expires, groups), time=float(expires - time())) < else:

< memcache_client.set(memcache_token_key, (expires, groups), time=0.0)

        memcache_client.set(memcache_token_key, (expires, groups),
                            time=float(expires - time()))

480,483c475,476 < if expires > 0: < memcache_client.set(memcache_user_key, token, time=float(expires - time())) < else:

< memcache_client.set(memcache_user_key, token, time=0.0)

        memcache_client.set(memcache_user_key, token,
                            time=float(expires - time()))
edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2013-07-31 10:02:28 -0600

ovcharov-andrey gravatar image

Thanks clayg, that solved my question.

edit flag offensive delete link more
add a comment
0

answered 2013-07-30 15:15:42 -0600

clay-gerrard gravatar image

I'm don't think I'm really against the feature if someone needed something like that. I'm less sure about the integer for token_life disabling expiration, but I don't think it'd be that bad if it was documented. You'd have to submit it to Gerrit with tests for it to be included in swift.

OTOH, if you're only interested in disabling authentication, have you considered removing tempauth from the application pipeline in the proxy config? That would basically allow all requests to process into swift without an x-auth-token.

edit flag offensive delete link more
add a comment
0

answered 2013-07-31 10:01:54 -0600

ovcharov-andrey gravatar image

OTOH, if you're only interested in disabling authentication, have you considered removing tempauth from the application pipeline in the proxy config? That would basically allow all requests to process into swift without an x-auth-token.

Yes, it works. But in this case I cannot use "swift" command:

$ swift -A http://hostname:8888/auth/v1.0 -U account:login -K password stat Traceback (most recent call last): File "/usr/bin/swift", line 1212, in error_queue) File "/usr/bin/swift", line 570, in st_stat headers = conn.head_account() File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1026, in head_account return self._retry(None, head_account) File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 998, in _retry self.http_conn = self.http_connection() File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 986, in http_connection return http_connection(self.url) File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 172, in http_connection parsed = urlparse(url) File "/usr/lib/python2.7/urlparse.py", line 135, in urlparse tuple = urlsplit(url, scheme, allow_fragments) File "/usr/lib/python2.7/urlparse.py", line 174, in urlsplit i = url.find(':') AttributeError: 'NoneType' object has no attribute 'find'

And this is acceptable, because no authentication is configured. No way to use command "swift" without authentication? Anyway, it is not important for me, curl works fine.

Thanks for the help!

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-07-30 13:20:50 -0600

Seen: 24 times

Last updated: Jul 31 '13

Related questions

How to run unit test?

unable to create containers

installing swift client tool

Query on swift Upgrade path

What are suffix directories in a partition?

swauth-prep

How to add non-admin account in tempauth?

upload of object to swift is failing

swift region options

how to use s3curl to upload objects in swift with swift3 and swauth?