Ask Your Question

How can I use tempurl with swift and keystoneauth.

asked 2013-04-01 16:08:34 -0600

Shri Javadekar gravatar image

updated 2013-04-01 16:13:22 -0600

I am seeing a problem where everytime I try to use a tempurl, I get an "Unauthorized: Temp URL invalid" error. I don't find enough documentation about debugging tempurls. Hence this question.

If I want to configure tempurl, do I only have to add the following in the proxy-server conf and restart it?


pipeline = catch_errors healthcheck cache authtoken tempurl swiftauth proxy-server
use = egg:swift#tempurl


If this is all that is required, I have done this. From the swift command line utility, I can see the Meta Temp-Url-Key option set on the account as well. But when I use a tempUrl, I get the Unauthorized error. I logged the actual url and it looks something like this:


I verified that the value of temp-url-expires is greater than the current time on the proxy server when it receives the request.

I debugged this further by adding additional log statements in the swift code and restarting proxy. It turns out that QUERY_STRING is not getting set in the env dictionary.

Any ideas?

Thanks in advance. -Shri

edit retag flag offensive close merge delete


How did you create that tempurl? And please make sure that the time is synchronized with ntp.

marius gravatar imagemarius ( 2013-04-02 01:34:15 -0600 )edit

I'm using the jclouds library. It's been supporting tempUrls for sometime now. I believe it is doing the right thing. Here's the code:

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-02 01:44:13 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2013-04-05 13:54:08 -0600

Shri Javadekar gravatar image

Finally, I got the solution. You need the following in the proxy-server.conf



delay_auth_decision = 1

edit flag offensive delete link more

answered 2013-04-01 16:10:51 -0600

You may want to put your tempurl before authotken as it is the one authorizing the request (if the key is correct) and pass it thought the auth server (auth_token/keystoneauth).

edit flag offensive delete link more


Haah.. That seems to have done the trick for setting QUERYSTRING. However, it looks like _getkey returns None.

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-01 16:47:16 -0600 )edit

On further investigations, this is what happens: getkey() doesn't find "temp-url-key/accountid" in memcache. Therefore it calls makepreauthedenv to create a new env dictionary. Calling with this new env should return with x-account-meta-temp-url-key in its header. But it does not :(

Shri Javadekar gravatar imageShri Javadekar ( 2013-04-03 18:53:33 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2013-04-01 16:08:34 -0600

Seen: 857 times

Last updated: Apr 05 '13