Ask Your Question
1

How can I use tempurl with swift and keystoneauth.

asked 2013-04-01 16:08:34 -0600

Shri Javadekar gravatar image

updated 2013-04-01 16:13:22 -0600

I am seeing a problem where everytime I try to use a tempurl, I get an "Unauthorized: Temp URL invalid" error. I don't find enough documentation about debugging tempurls. Hence this question.

If I want to configure tempurl, do I only have to add the following in the proxy-server conf and restart it?

<proxy-server.conf>

...
pipeline = catch_errors healthcheck cache authtoken tempurl swiftauth proxy-server
...
[filter:tempurl]
use = egg:swift#tempurl

</proxy-server.conf>

If this is all that is required, I have done this. From the swift command line utility, I can see the Meta Temp-Url-Key option set on the account as well. But when I use a tempUrl, I get the Unauthorized error. I logged the actual url and it looks something like this:

http://<proxy-server-ip>:8080/v1/AUTHb3238727b1e94025b8eb38b60d1cef6b/cloud-testing/ae260ba046043710?tempurlsig=3d11cc195a89916b71c77cc9c1c7201083d9dbf9&tempurl_expires=1364923538

I verified that the value of temp-url-expires is greater than the current time on the proxy server when it receives the request.

I debugged this further by adding additional log statements in the swift code and restarting proxy. It turns out that QUERY_STRING is not getting set in the env dictionary.

Any ideas?

Thanks in advance. -Shri

edit retag flag offensive close merge delete

Comments

How did you create that tempurl? And please make sure that the time is synchronized with ntp.

marius gravatar imagemarius ( 2013-04-02 01:34:15 -0600 )edit

I'm using the jclouds library. It's been supporting tempUrls for sometime now. I believe it is doing the right thing. Here's the code: https://github.com/jclouds/jclouds/blob/master/apis/swift/src/main/java/org/jclouds/openstack/swift/blobstore/SwiftBlobSigner.java#L151

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-02 01:44:13 -0600 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2013-04-05 13:54:08 -0600

Shri Javadekar gravatar image

Finally, I got the solution. You need the following in the proxy-server.conf

[filter:authtoken]

...

delay_auth_decision = 1

edit flag offensive delete link more
2

answered 2013-04-01 16:10:51 -0600

You may want to put your tempurl before authotken as it is the one authorizing the request (if the key is correct) and pass it thought the auth server (auth_token/keystoneauth).

edit flag offensive delete link more

Comments

Haah.. That seems to have done the trick for setting QUERYSTRING. However, it looks like _getkey returns None.

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-01 16:47:16 -0600 )edit

On further investigations, this is what happens: getkey() doesn't find "temp-url-key/accountid" in memcache. Therefore it calls makepreauthedenv to create a new env dictionary. Calling self.app with this new env should return with x-account-meta-temp-url-key in its header. But it does not :(

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-03 18:53:33 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2013-04-01 16:08:34 -0600

Seen: 759 times

Last updated: Apr 05 '13