Ask Your Question
0

Juno Keystone S3 API "/v2.0/s3tokens" and s3_token.py

asked 2014-12-08 19:55:24 -0500

m_yee gravatar image

I'm trying to work through the validation of S3 authentication against Keystone, as it is passed through Swift3 and s3_token.py.

Specifically, at: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/s3_token.py#L217 (https://github.com/openstack/python-k...)

creds = {'credentials': {'access': access,
                                 'token': token,
                                 'signature': signature}}
        creds_json = jsonutils.dumps(creds)
        self.logger.debug('Connecting to Keystone sending this JSON: %s',
                          creds_json)

I understand that access is the EC2 access key ID, signature contains the signed hash of the canonical request (as specified by AWS v4 authentication). token appears to be the canonical request.

However, when I make a POST to http:// :35357/v2.0/s3tokens (as per https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/s3_token.py#L148 (https://github.com/openstack/keystone...)) I keep getting an error saying that my request requires authentication.

My question is, how do I formulate such a request with authentication and why does s3_token.py work without such code (or where is it?)?

Here's my test code:

headers = {'Content-Type': 'application/json'}
access = keystone_python_test_user['access_id']
creds = {
        'credentials':
            {
                'access': access,
                'token': 'some_garbage',
                'signature': 'some_signature'
            }
    }

    req = requests.post(
        'http://10.96.96.53:35357/v2.0/s3tokens',
        headers=headers,
        data=json.dumps(creds),
        verify=False
    )

    print json.dumps(json.loads(req.text), indent=4)

This returns:

{
    "error": {
        "message": "The request you have made requires authentication.", 
        "code": 401, 
        "title": "Unauthorized"
    }
}

I'd like to know why authentication is required, especially since s3_token.py doesn't seem to perform any.

I'm using Juno and I installed it via RDO on CentOS 7.

Here's my logging error from keystone.log

2014-12-08 17:53:29.060 10362 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 10.96.65.73
2014-12-08 17:53:29.061 10362 INFO eventlet.wsgi.server [-] 10.96.65.73 - - [08/Dec/2014 17:53:29] "POST /v2.0/s3tokens HTTP/1.1" 401 336 0.008939
edit retag flag offensive close merge delete

Comments

i have a similar problem. did anyone figure this out ?

kirubak gravatar imagekirubak ( 2015-06-10 06:53:11 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-06-10 06:51:27 -0500

kirubak gravatar image

i am getting the similar issue. Do you have an answer to this question ?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-08 19:55:24 -0500

Seen: 583 times

Last updated: Jun 10 '15