openstack/swift
Code Issues Proposed changes

Updated docs.

Browse Source
This commit is contained in:
gholt 2010-09-11 17:23:24 -07:00
parent 2b995be46c
commit dcbb51cc71
3 changed files with 37 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/source/development_auth.rst
View File

@ -6,10 +6,13 @@ Auth Server and Middleware
Creating Your Own Auth Server and Middleware Creating Your Own Auth Server and Middleware
-------------------------------------------- --------------------------------------------
The included swift/common/middleware/auth.py is a good minimal example of how The included swift/auth/server.py and swift/common/middleware/auth.py are good
to create auth middleware. The main points are that the auth middleware can minimal examples of how to create an external auth server and proxy server auth
reject requests up front, before they ever get to the Swift Proxy application, middleware. Also, see the `Swauth <https://launchpad.net/swauth>`_ project for
and afterwards when the proxy issues callbacks to verify authorization. a more complete implementation. The main points are that the auth middleware
can reject requests up front, before they ever get to the Swift Proxy
application, and afterwards when the proxy issues callbacks to verify
authorization.
It's generally good to separate the authentication and authorization It's generally good to separate the authentication and authorization
procedures. Authentication verifies that a request actually comes from who it procedures. Authentication verifies that a request actually comes from who it

35
doc/source/howto_cyberduck.rst
View File

@ -90,26 +90,43 @@ Installing Swift For Use With Cyberduck
#. Example proxy-server config:: #. Example proxy-server config::
[proxy-server] [DEFAULT]
bind_port = 8080
user = swift
cert_file = /etc/swift/cert.crt cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key key_file = /etc/swift/cert.key
[auth-server] [pipeline:main]
pipeline = healthcheck cache auth proxy-server
[app:proxy-server]
use = egg:swift#proxy
[filter:auth]
use = egg:swift#auth
ssl = true ssl = true
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
#. Example auth-server config:: #. Example auth-server config::
[auth-server] [DEFAULT]
default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
user = swift
cert_file = /etc/swift/cert.crt cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key key_file = /etc/swift/cert.key
[pipeline:main]
pipeline = auth-server
[app:auth-server]
use = egg:swift#auth
super_admin_key = devauth
default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
#. Use swift-auth-add-user to create a new account and admin user:: #. Use swift-auth-add-user to create a new account and admin user::
ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user --admin a3 b3 c3 ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user -K devauth -a a3 b3 c3
https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781 https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781
.. note:: .. note::

4
swift/auth/server.py
View File

@ -337,6 +337,10 @@ class AuthController(object):
return rv return rv
def is_account_admin(self, request, for_account): def is_account_admin(self, request, for_account):
"""
Returns True if the request represents coming from .super_admin, a
.reseller_admin, or an admin for the account specified.
"""
if request.headers.get('X-Auth-Admin-User') == '.super_admin' and \ if request.headers.get('X-Auth-Admin-User') == '.super_admin' and \
request.headers.get('X-Auth-Admin-Key') == self.super_admin_key: request.headers.get('X-Auth-Admin-Key') == self.super_admin_key:
return True return True