Juno Keystone S3 API "/v2.0/s3tokens" and s3_token.py
I'm trying to work through the validation of S3 authentication against Keystone, as it is passed through Swift3 and s3_token.py.
Specifically, at: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/s3_token.py#L217 (https://github.com/openstack/python-k...)
creds = {'credentials': {'access': access,
'token': token,
'signature': signature}}
creds_json = jsonutils.dumps(creds)
self.logger.debug('Connecting to Keystone sending this JSON: %s',
creds_json)
I understand that access
is the EC2 access key ID, signature
contains the signed hash of the canonical request (as specified by AWS v4 authentication). token
appears to be the canonical request.
However, when I make a POST to http://
My question is, how do I formulate such a request with authentication and why does s3_token.py work without such code (or where is it?)?
Here's my test code:
headers = {'Content-Type': 'application/json'}
access = keystone_python_test_user['access_id']
creds = {
'credentials':
{
'access': access,
'token': 'some_garbage',
'signature': 'some_signature'
}
}
req = requests.post(
'http://10.96.96.53:35357/v2.0/s3tokens',
headers=headers,
data=json.dumps(creds),
verify=False
)
print json.dumps(json.loads(req.text), indent=4)
This returns:
{
"error": {
"message": "The request you have made requires authentication.",
"code": 401,
"title": "Unauthorized"
}
}
I'd like to know why authentication is required, especially since s3_token.py doesn't seem to perform any.
I'm using Juno and I installed it via RDO on CentOS 7.
Here's my logging error from keystone.log
2014-12-08 17:53:29.060 10362 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 10.96.65.73
2014-12-08 17:53:29.061 10362 INFO eventlet.wsgi.server [-] 10.96.65.73 - - [08/Dec/2014 17:53:29] "POST /v2.0/s3tokens HTTP/1.1" 401 336 0.008939
i have a similar problem. did anyone figure this out ?