Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to override catalog URL, fix #341 #342

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

drzraf
Copy link

@drzraf drzraf commented Jan 13, 2022

Sample $options that can be passed to Openstack\Openstack (in YAML):

                catalog_overrides:
                    - name: swift
                      type: object-store
                      region: foobar
                      interface: public
                      url: 'https://foo.bar.cloud:443/v1/AUTH_CUSTOM_ID'

@haphan
Copy link
Collaborator

haphan commented Jan 22, 2022

The python implementation allows overrides to happen at the Swift client level.

What do you think if we can learn from that pattern to avoid coupling Identity service with the S3 client?

@drzraf
Copy link
Author

drzraf commented Jan 22, 2022

I'm sorry, which coupling are you referring to?

In this PR the endpoint URL override has been made very generic (probably much much more than what need in real-world scenario that would mostly apply to swift and cross-project application credentials or, at best, cross-project ACL).

It's good because, well, it's generic (and, as such, does not touch swift-specifics or tight together different level of components) but may be seen as less obvious to configure than the straight OS_STORAGE_URL environment variable that Python swiftclient supports.

@drzraf
Copy link
Author

drzraf commented Jul 13, 2023

Dears, I would be happy to see this in.

@k0ka
Copy link
Member

k0ka commented Jan 7, 2024

Hello,

Can you add some documentation and tests for this feature?

@drzraf
Copy link
Author

drzraf commented Jan 8, 2024

Sadly not. I'm not currently working on this and can't find the time to dig into it again.

@drzraf
Copy link
Author

drzraf commented Mar 26, 2024

@k0ka : Doc:

Generally, resources and credentials match are expected to match (same project id). But in some cases user credentials may grant access to a container from another project (different OS_STORAGE_URL) the user originates from.
In order to bypass the usual automatic URL/resource derivation logic, catalog_overrides can be used to specify an alternative url that will apply as a replacement for a given service.
The service to match is specified by either at least its name or its type (or both) and optional additional restrictions can be added based on the region and/or the interface.

For example:

                catalog_overrides:
                    - name: swift
                      type: object-store
                      region: abc
                      interface: public
                      url:  https://abc.com/v1/AUTH_123456

will override the OS_STORAGE_URL with url when requesting the public object-store service called swift located in abc. This is necessary if the user wasn't created within the project 123456

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants