diff --git a/lib/swift b/lib/swift index 8726f1e7fc..2563fde8b1 100644 --- a/lib/swift +++ b/lib/swift @@ -72,6 +72,10 @@ SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-tempurl formpost staticweb} # the end of the pipeline. SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST} +# Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at +# the beginning of the pipeline, before authentication middlewares. +SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain} + # The ring uses a configurable number of bits from a path’s MD5 hash as # a partition index that designates a device. The number of bits kept # from the hash is known as the partition power, and 2 to the partition @@ -210,7 +214,7 @@ function _config_swift_apache_wsgi() { # configure_swift() - Set config files, create data dirs and loop image function configure_swift() { - local swift_pipeline=" " + local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}" local node_number local swift_node_config local swift_log_dir @@ -271,7 +275,7 @@ function configure_swift() { # tempauth would be prefixed with the reseller_prefix setting TEMPAUTH_ the # token for keystoneauth would have the standard reseller_prefix AUTH_ if is_service_enabled swift3;then - swift_pipeline=" swift3 s3token " + swift_pipeline+=" swift3 s3token " fi swift_pipeline+=" authtoken keystoneauth tempauth " sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER} @@ -283,6 +287,9 @@ function configure_swift() { iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH" + # Configure Crossdomain + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain" + # Configure Keystone sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER} iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST