OpenStack Identity (keystone)

Adds user auth-n/auth-z capability of Keystone for Swift S3 API.

Registered by Akira Yoshiyama

This capability has 3 parts:

    A keystone patch to add a new auth-n API for S3 API.
    A middleware s3_token.py to use 1. from Swift.
    A swift patch to use token and endpoint information from 2.

1 and 2 for Keystone, 3 for Swift.
This blueprint has 1 and 2.

Related bug: #874280

Blueprint information

Status:
Complete
Approver:
Ziad Sawalha
Priority:
Undefined
Drafter:
Akira Yoshiyama
Direction:
Approved
Assignee:
Akira Yoshiyama
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Ziad Sawalha
Completed by
Ziad Sawalha

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:s3token,n,z

Addressed by: https://review.openstack.org/3075
    Adds keystone auth-n/auth-z for Swift S3 API.

From Ziad:
Akira - this looks good.

My main concern is that /ec2tokens actually broke the core contract and is something we need to clean up. This blueprint and code follows the same model. What I'd prefer to see is code that handles /v2.0/tokens calls when the body contains the S3 token (should be the same for the EC2 calls as well).

Is that a chance you could get that change in by Tuesday - that's when we start to finalize E3?

Gerrit topic: https://review.openstack.org/#q,topic:credentials,n,z

Addressed by: https://review.openstack.org/3220
    Handle EC2 Credentials on /tokens

From Akira:
Ziad - thank you for your review.

I understand your wish. Yes, I can work, and I've done.
An additional patch after 3220 is below:
http://www.debian.or.jp/~yosshy/openstack-essex/s3token-update.patch

From Akira:
Ziad - I commited updated patchset. Please review it again.

Gerrit topic: https://review.openstack.org/#q,topic:bug/874280,n,z

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.