From 38c95b8eba7a67535895c62a0d676f0ad37c5070 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Fri, 30 Jan 2015 02:15:42 +0000
Subject: [PATCH] Configure auth_token middleware manually in swift.

Swift doesn't use olso.config and so the method of configuring swift via the
[keystone_authtoken] config options will not work. Go back to configuring swift
manually.

This will need to be fixed in either keystonemiddleware or swift as configuring
via plugin is the path to v3 authentication, service domains and new forms of
service user authentication.

Closes-Bug: #1415795
Change-Id: Ibe27116a11756072d5a300a6d3691c5f8c32317e
---
 lib/swift | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/lib/swift b/lib/swift
index ee4543cb5b..e6e1212f23 100644
--- a/lib/swift
+++ b/lib/swift
@@ -409,16 +409,27 @@ function configure_swift {
     # Configure Crossdomain
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
 
-    # Configure Keystone
-    sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
-    configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
+
     # This causes the authtoken middleware to use the same python logging
     # adapter provided by the swift proxy-server, so that request transaction
     # IDs will included in all of its log messages.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
 
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
+    # NOTE(jamielennox): swift cannot use the regular configure_auth_token_middleware function because swift
+    # doesn't use oslo.config which is the only way to configure auth plugins with the middleare.
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken identity_uri $KEYSTONE_AUTH_URI
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_URI
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $SSL_BUNDLE_FILE
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
+
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
 
     # Configure Tempauth. In the sample config file, Keystoneauth is commented