OpenStack Object Storage (swift)

Does cloud user interact with proxy or auth server to get x-auth-token?

Asked by Tushar Patil

Prerequisite: proxy, account, auth, container and object servers are running either on the same machine or different machines.

My understanding is that cloud user can interact only with the proxy server for uploading/downloading objects.
Proxy server authenticates every request (DevAuthMiddleware) before it is passed to the appropriate controller (ObjectController/ContainerController) and for authentication to be successful you need a valid x_auth_token which is issued only by the auth server.

Does that mean cloud user has to send an auth request first to the auth server to get the x_auth_token? And then send request to the proxy server using the x_auth_token in the HTTP header of the request to upload/download files.

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Solved by:
Tushar Patil
Solved:
Last query:
Last reply:
Revision history for this message
Chuck Thier (cthier) said : 		#1

That is correct. The dev auth server mimics how Rackspace does auth which is a separate service from Swift, which requires the user to auth against the auth server to get the token, and then send the token to swift with each request.

If you wish to implement your own auth, that can be done by replacing the wsgi middleware with new middleware that works with whatever auth system you would like to use.

Revision history for this message
Tushar Patil (tpatil) said : 		#2

Thank you for the clarification.