Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

swift temp url SAIO

I setup SAIO ( Swift All In One) on my virtualbox for tempurl test

Regarding the http://docs.openstack.org/developer/swift/middleware.html#tempurl: To create such temporary URLs, first an X-Account-Meta-Temp-URL-Key header must be set on the Swift account. Then, an HMAC-SHA1 (RFC 2104) signature is generated using the HTTP method to allow (GET, PUT, DELETE, etc.), the Unix timestamp the access should be allowed until, the full path to the object, and the key set on the account.

> swift@swift-VirtualBox:~$ curl -v -H
> 'X-Auth-Token:
> AUTH_tk71106acb07784da1859cd2e434eba109'
> http://127.0.0.1:8080/v1/AUTH_test/
> * Hostname was NOT found in DNS cache
> *   Trying 127.0.0.1...
> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /v1/AUTH_test/ HTTP/1.1
> > User-Agent: curl/7.35.0
> > Host: 127.0.0.1:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tk71106acb07784da1859cd2e434eba109
> >  < HTTP/1.1 200 OK < X-Account-Storage-Policy-Gold-Bytes-Used:
> 0 < Content-Length: 19 <
> X-Account-Storage-Policy-Gold-Object-Count:
> 0 < X-Account-Object-Count: 0 <
> X-Timestamp: 1439949170.11303 <
> X-Account-Meta-Temp-Url-Key: secret <
> X-Account-Storage-Policy-Gold-Container-Count:
> 2 < X-Account-Bytes-Used: 0 <
> X-Account-Container-Count: 2 <
> Content-Type: text/plain;
> charset=utf-8 < Accept-Ranges: bytes <
> X-Trans-Id:
> tx1d08eb3202cb44a49bc6e-0055d409fd <
> Date: Wed, 19 Aug 2015 04:45:49 GMT < 
> testCon testFolder
> * Connection #0 to host 127.0.0.1 left intact swift@swift-VirtualBox:~$

The python code is straightforward.

--- python ----

import hmac
from hashlib import sha1
from time import time
method = 'GET'
host = "http://127.0.0.1:8080"
expires = int(time() + 6000)
path = '/v1/AUTH_test/testCon/test.txt'
key = 'secret'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
rest_uri = "{host}{path}?temp_url_sig={sig}&temp_url_expires={expires}".format(
            #host=host, path="", sig=sig, expires=expires)
            host=host, path=path, sig=sig, expires=expires)
print sig
print expires
print rest_uri

---python--- PS: Be certain to use the full path, from the /v1/ onward.

Here is the account meta data to support python parameters

swift@swift-VirtualBox:~$ curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:8080
> Accept: */*
> X-Storage-User: test:tester
> X-Storage-Pass: testing
> 
< HTTP/1.1 200 OK
< X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_test
< X-Auth-Token: AUTH_tk71106acb07784da1859cd2e434eba109
< Content-Type: text/html; charset=UTF-8
< X-Storage-Token: AUTH_tk71106acb07784da1859cd2e434eba109
< Content-Length: 0
< X-Trans-Id: tx8f02b19e5e6d45c5b049b-0055d40ada
< Date: Wed, 19 Aug 2015 04:49:30 GMT
< 
* Connection #0 to host 127.0.0.1 left intact

I can get the object content as below via command line

swift@swift-VirtualBox:~$ curl -H 'X-Auth-Token: AUTH_tk71106acb07784da1859cd2e434eba109' http://127.0.0.1:8080/v1/AUTH_test/testCon/test.txt
This is a TEST

It means object should be ok for accessing.

But I always got 401

root@swift-VirtualBox:/etc/swift# curl -L -D - http://127.0.0.1:8080/v1/AUTH_test/testCon/test.txt?temp_url_sig=046697909ced776e888291c7765d0b1c476e6e78&temp_url_expires=1439965349
[1] 19342
root@swift-VirtualBox:/etc/swift# HTTP/1.1 401 Unauthorized
Content-Length: 35
Content-Type: text/html; charset=UTF-8
Www-Authenticate: Swift realm="unknown"
X-Trans-Id: tx6d851cb0e3364321b0057-0055d412db
Date: Wed, 19 Aug 2015 05:23:39 GMT

401 Unauthorized: Temp URL invalid

I check the log , I think it stop at proxy.

proxy.error

Aug 18 22:26:56 swift-VirtualBox proxy-server: STDERR: (18152) accepted ('127.0.0.1', 41726) Aug 18 22:26:56 swift-VirtualBox proxy-server: STDERR: 127.0.0.1 - - [19/Aug/2015 05:26:56] "GET /v1/AUTH_test/testCon/test.txt?temp_url_sig=5eec0cf47fedd88cae5976df7fcb2ff8419932c9 HTTP/1.1" 401 250 0.000858 (txn: tx9efa92e1dc234069a81ac-0055d413a0)

proxy.log

> Aug 18 22:28:28 swift-VirtualBox
> proxy-server: 127.0.0.1 127.0.0.1
> 19/Aug/2015/05/28/28 GET
> /v1/AUTH_test/testCon/test.txt%3Ftemp_url_sig%3D5eec0cf47fedd88cae5976df7fcb2ff8419932c9
> HTTP/1.0 401 - curl/7.35.0 - - 35 -
> tx9073f57937444853be6fa-0055d413fc -
> 0.0003 - - 1439962108.382143974 1439962108.382395029 -

I read the http://docs.openstack.org/developer/swift/middleware.html#tempurl

Any alteration of the resource path or query arguments would result in 401 Unauthorized. Similarly, a PUT where GET was the allowed method would 401. HEAD is allowed if GET, PUT, or POST is allowed.

I have difficulty to understand it and I couldn't figure out why 401.

can any body provide some advices ? or you have setup tempurl success before ? please share with me.

Thanks,