token_life = 0 in tempauth

asked 2013-07-30 13:20:50 -0600

I would like to disable expiration of auth token. Is it possible to add this feature in next versions? For my own installation swift/common/middleware/tempauth.py is patched, but it would be difficult to upgrade the software in future.

The goal is to disable the authentication. May be i'm going in wrong way?

Just in case, the path is included.

diff ./1.9.X/swift-1.9.X/swift/common/middleware/tempauth.py ./1.9.0/swift-1.9.0/swift/common/middleware/tempauth.py 211c211

< if expires > 0 and expires < time():

        if expires < time():

454c454

< if expires == 0 or expires > time():

            if expires > time():

460,463c460 < expires = 0 < if self.token_life: < expires = time() + self.token_life

<

        expires = time() + self.token_life

473,476c470,471 < if expires > 0: < memcache_client.set(memcache_token_key, (expires, groups), time=float(expires - time())) < else:

< memcache_client.set(memcache_token_key, (expires, groups), time=0.0)

        memcache_client.set(memcache_token_key, (expires, groups),
                            time=float(expires - time()))

480,483c475,476 < if expires > 0: < memcache_client.set(memcache_user_key, token, time=float(expires - time())) < else:

< memcache_client.set(memcache_user_key, token, time=0.0)

        memcache_client.set(memcache_user_key, token,
                            time=float(expires - time()))
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2013-07-31 10:02:28 -0600

Thanks clayg, that solved my question.

edit flag offensive delete link more
0

answered 2013-07-30 15:15:42 -0600

clay-gerrard gravatar image

I'm don't think I'm really against the feature if someone needed something like that. I'm less sure about the integer for token_life disabling expiration, but I don't think it'd be that bad if it was documented. You'd have to submit it to Gerrit with tests for it to be included in swift.

OTOH, if you're only interested in disabling authentication, have you considered removing tempauth from the application pipeline in the proxy config? That would basically allow all requests to process into swift without an x-auth-token.

edit flag offensive delete link more
0

answered 2013-07-31 10:01:54 -0600

OTOH, if you're only interested in disabling authentication, have you considered removing tempauth from the application pipeline in the proxy config? That would basically allow all requests to process into swift without an x-auth-token.

Yes, it works. But in this case I cannot use "swift" command:

$ swift -A http://hostname:8888/auth/v1.0 -U account:login -K password stat Traceback (most recent call last): File "/usr/bin/swift", line 1212, in error_queue) File "/usr/bin/swift", line 570, in st_stat headers = conn.head_account() File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1026, in head_account return self._retry(None, head_account) File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 998, in _retry self.http_conn = self.http_connection() File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 986, in http_connection return http_connection(self.url) File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 172, in http_connection parsed = urlparse(url) File "/usr/lib/python2.7/urlparse.py", line 135, in urlparse tuple = urlsplit(url, scheme, allow_fragments) File "/usr/lib/python2.7/urlparse.py", line 174, in urlsplit i = url.find(':') AttributeError: 'NoneType' object has no attribute 'find'

And this is acceptable, because no authentication is configured. No way to use command "swift" without authentication? Anyway, it is not important for me, curl works fine.

Thanks for the help!

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-07-30 13:20:50 -0600

Seen: 24 times

Last updated: Jul 31 '13