Skip to content
An alternative authentication system for Swift
Python HTML
Branch: master
Clone or download
tuanvcw Replace unicode with six.text_type
The unicode() built-in does not exist under Python 3 so use
six.text_type, which is set correctly to str or unicode, instead.

Change-Id: Ieb29486c99400b4a10ce642cb3adc83f5e4420f6
Latest commit 0c8eaf5 Jul 5, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Add support for setting already hashed password May 24, 2016
doc Update the invalid url for swift page Mar 7, 2018
etc Allow configuring salt manually Feb 29, 2016
swauth Replace unicode with six.text_type Jul 5, 2018
test Stop using client headers for cross-middleware communication Dec 9, 2017
webadmin
.coveragerc Change setup.py to OS one Nov 18, 2015
.gitignore .tox directory added to .gitignore Nov 23, 2015
.gitreview Add .gitreview file Nov 12, 2015
.mailmap .mailmap Dec 13, 2015
.unittests Rename of "test_swauth" to "test" fix Dec 13, 2015
AUTHORS Release 1.3.0 Dec 9, 2017
CHANGELOG Release 1.3.0 Dec 9, 2017
CONTRIBUTING.rst Replace obsolete vanity openstack.org URLs Mar 28, 2017
LICENSE Initial commit of original codebase, altered to work in new codebase. May 26, 2011
README.md s3: Make s3 support configurable Jul 28, 2016
babel.cfg Initial commit of original codebase, altered to work in new codebase. May 26, 2011
bindep.txt
requirements.txt uncap eventlet Apr 11, 2018
setup.cfg Remove outdated locale Jan 31, 2016
setup.py
test-requirements.txt Updated from global requirements Nov 14, 2017
tox.ini Swift dependency bump to Pike Nov 6, 2017

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

  1. Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

  2. Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

    Was:

     [pipeline:main]
     pipeline = catch_errors cache tempauth proxy-server
    

    Change To:

     [pipeline:main]
     pipeline = catch_errors cache swauth proxy-server
    
  3. Add to your proxy-server.conf the section for the Swauth WSGI filter:

    [filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey

  4. Be sure your proxy server allows account management:

    [app:proxy-server] ... allow_account_management = true

  5. Restart your proxy server swift-init proxy reload

  6. Initialize the Swauth backing store in Swift swauth-prep -K swauthkey

  7. Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing

  8. Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

  1. If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.

  2. Upload the Web Admin files with swift -A http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey upload .webadmin .

  3. Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats and security concern. Hence, s3 support is disabled by default and you have to explicitly enable it in your configuration. Refer to swift3 compatibility section in documentation for further details

You can’t perform that action at this time.