Ask Your Question

Proxy Account Controller Functionality

asked 2010-11-01 22:42:20 -0500

twkiel gravatar image

Reading some discussions in the bug pages I am hearing that some auth related functionality was moved from the auth server to the proxy; namely account creation, etc.

What I am wondering is what exactly the proxy's AccountController can do? Is it just account metadata changes, or can you actually create an account through the proxy server itself, rather than just through the devauth server?

I took a look at the code for the AccountController and it appears that it's just metadata updates. I have tried to use the accountcontroller via client, but I seem to get unauthorized no matter what creds im using.

Could anybody help de-mystify this for me, just to clear up some conflicting information im seeing?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2010-11-03 01:17:14 -0500

notmyname gravatar image

Actually, Greg is correct with an older version of the code. The proxy server does, in fact, have account creation code (AccountController.PUT). It's usage is restricted by the auth middleware to prevent just anyone from creating any account.

An important note is that the dev auth server provided with swift (for dev use only, not prod) is not related to the auth middleware. The middleware will tie in with any auth system to authenticate tokens and authorize access to the system.

So the proxy server does account PUTs and account metadata updates. The swift-auth-add-user is used to create new swift accounts in the cluster. Or write your own if you are using a different auth system.

edit flag offensive delete link more

answered 2010-11-02 23:34:35 -0500

twkiel gravatar image

Excellent, thanks for the clarification Greg.

edit flag offensive delete link more

answered 2010-11-02 22:17:05 -0500

The proxy doesn't/can't create accounts. It only calls out to an auth service to verify a request's auth token.

Included in the swift code base is an example/development auth server under ~/swift/swift/auth.

It can be used during development/testing but probably shouldn't be used for production.

Using that auth server you can create accounts.


edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2010-11-01 22:42:20 -0500

Seen: 113 times

Last updated: Nov 03 '10