s3token, keystone works, swift returns 403 [closed]

asked 2013-08-14 05:33:18 -0500

axel@softreset.de gravatar image

some how i can not manage it to get the s3token working. Hope one can give me i hint.

I am using grizzly swift with keystone. The s3 related stuff gets called. Keystone does authenticate the request. But at the end swift returns a HTTP 403.

Since the container is also world readable, this is the static URL to an object: http://api.opencloudstorage.de/v1/AUTH_91630433a4184343b5ba1288f9c41eeb/pics/CIMG0677.jpg -> "HTTP 200"

An nginx which injects the amazon access_key and secret_key is locatet here: http://85.158.7.250/pics/CIMG0677.jpg -> "HTTP 403"

Thank you! Axel

Here is a log sippet fot one request:

Aug 12 10:29:43 swift-proxy1 swift-proxy Calling Swift3 Middleware (txn: tx16484911f7284cab9728b7f0c4bbac43) Aug 12 10:29:43 swift-proxy1 swift-proxy {'headers': {'Accept': '/', 'User-Agent': 'Wget/1.11.4', 'Host': 'api.opencloudstorage.de', 'X-Amz-Date': 'Mon, 12 Aug 2013 08:29:45 GMT', 'Content-Type': None, 'Authorization': 'AWS 0ae2700061bc407ab3baba15d90bdd9c:00QZul/GMvbMB80Sl/zrA5VqLMQ='}, 'environ': {'HTTP_AUTHORIZATION': 'AWS 0ae2700061bc407ab3baba15d90bdd9c:00QZul/GMvbMB80Sl/zrA5VqLMQ=', 'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'HTTP_X_AMZ_DATE': 'Mon, 12 Aug 2013 08:29:45 GMT', 'PATH_INFO': '/pics/CIMG0677.jpg', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Wget/1.11.4', 'REMOTE_PORT': '51886', 'SERVER_NAME': '10.42.44.203', 'REMOTE_ADDR': '10.42.44.201', 'eventlet.input': <eventlet.wsgi.input 0x3d42e90="" at="" object="">, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8080', 'wsgi.input': <swift.common.utils.inputproxy 0x3d428d0="" at="" object="">, 'HTTP_HOST': 'api.opencloudstorage.de', 'wsgi.multithread': True, 'eventlet.posthooks': [], 'HTTP_ACCEPT': '/', 'wsgi.version': (1, 0), 'RAW_PATH_INFO': '/pics/CIMG0677.jpg', 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <swift.common.utils.loggerfileobject 0x2df7750="" at="" object="">, 'wsgi.multiprocess': False, 'swift.trans_id': 'tx16484911f7284cab9728b7f0c4bbac43', 'CONTENT_TYPE': None, 'swift.cache': <swift.common.memcached.memcachering 0x3d423d0="" at="" object="">}} Aug 12 10:29:43 swift-proxy1 swift-proxy Calling S3Token middleware. (txn: tx16484911f7284cab9728b7f0c4bbac43) Aug 12 10:29:43 swift-proxy1 swift-proxy Connecting to Keystone sending this JSON: {"credentials": {"access": "0ae2700061bc407ab3baba15d90bdd9c", "token": "R0VUCgoKCngtYW16LWRhdGU6TW9uLCAxMiBBdWcgMjAxMyAwODoyOTo0NSBHTVQKL3BpY3MvQ0lNRzA2NzcuanBn", "signature": "00QZul/GMvbMB80Sl/zrA5VqLMQ="}} (txn: tx16484911f7284cab9728b7f0c4bbac43) Aug 12 10:29:44 swift-proxy1 swift-proxy Keystone Reply: Status: 200, Output: {"access": {"token": {"issued_at": "2013-08-12T08:29:44.840217", "expires": "2013-08-13T08:29:44Z", "id": "c0b45cd96a2a434085a999df51ad5041", "tenant": {"id": "91630433a4184343b5ba1288f9c41eeb", "enabled": true, "domain_id": "default", "name": "23000-001-perftest", "description": "for performance testing"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb", "region": "Hamburg (HAM)", "internalURL": "http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb", "id": "bc90a602f2a14e2889fa6024166e7ef1", "publicURL": "http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://10.42.44.210:9292", "region": "Hamburg (HAM)", "internalURL": "http://10.42.44.210:9292", "id": "3278d653d9b84066bc755c22a177fe03", "publicURL": "http://10.42.46.210:9292"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb", "region": "Hamburg (HAM)", "internalURL": "http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb", "id": "9a0e5aac68de4b5fb2b27e67e652ee2b", "publicURL": "http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb"}], "endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL": "http://10.42.46.206:8773/services/Admin", "region": "Hamburg (HAM)", "internalURL": "http://10.42.44.206:8773/services/Cloud", "id": "48022dc337884116928e8d6562c9e206", "publicURL": "http://10.42.46.206:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "https://api.opencloudstorage.de/v1", "region": "Hamburg (HAM ... (more)

edit retag flag offensive reopen merge delete

Closed for the following reason question is not relevant or outdated by rbowen
close date 2016-01-22 13:16:32.480154

Comments

Hi were you able to fix the issue?

koolhead17 gravatar imagekoolhead17 ( 2013-10-07 22:37:23 -0500 )edit