Updated docs.

2010-09-11 17:23:24 -07:00 · 2010-09-11 17:23:24 -07:00 · dcbb51cc71
commit dcbb51cc71
parent 2b995be46c
3 changed files with 37 additions and 13 deletions
--- a/doc/source/development_auth.rst
+++ b/doc/source/development_auth.rst
@ -6,10 +6,13 @@ Auth Server and Middleware
 Creating Your Own Auth Server and Middleware
 --------------------------------------------

-The included swift/common/middleware/auth.py is a good minimal example of how
-to create auth middleware. The main points are that the auth middleware can
-reject requests up front, before they ever get to the Swift Proxy application,
-and afterwards when the proxy issues callbacks to verify authorization.
+The included swift/auth/server.py and swift/common/middleware/auth.py are good
+minimal examples of how to create an external auth server and proxy server auth
+middleware. Also, see the `Swauth <https://launchpad.net/swauth>`_ project for
+a more complete implementation. The main points are that the auth middleware
+can reject requests up front, before they ever get to the Swift Proxy
+application, and afterwards when the proxy issues callbacks to verify
+authorization.

 It's generally good to separate the authentication and authorization
 procedures. Authentication verifies that a request actually comes from who it
--- a/doc/source/howto_cyberduck.rst
+++ b/doc/source/howto_cyberduck.rst
@ -90,26 +90,43 @@ Installing Swift For Use With Cyberduck

 #.  Example proxy-server config::

-        [proxy-server]
-        bind_port = 8080
-        user = swift
+        [DEFAULT]
        cert_file = /etc/swift/cert.crt
        key_file = /etc/swift/cert.key
-
-        [auth-server]
+        
+        [pipeline:main]
+        pipeline = healthcheck cache auth proxy-server
+        
+        [app:proxy-server]
+        use = egg:swift#proxy
+        
+        [filter:auth]
+        use = egg:swift#auth
        ssl = true
+        
+        [filter:healthcheck]
+        use = egg:swift#healthcheck
+        
+        [filter:cache]
+        use = egg:swift#memcache

 #.  Example auth-server config::

-        [auth-server]
-        default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
-        user = swift
+        [DEFAULT]
        cert_file = /etc/swift/cert.crt
        key_file = /etc/swift/cert.key
+        
+        [pipeline:main]
+        pipeline = auth-server
+        
+        [app:auth-server]
+        use = egg:swift#auth
+        super_admin_key = devauth
+        default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1

 #.  Use swift-auth-add-user to create a new account and admin user::

-        ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user --admin a3 b3 c3
+        ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user -K devauth -a a3 b3 c3
        https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781

    .. note::
--- a/swift/auth/server.py
+++ b/swift/auth/server.py
@ -337,6 +337,10 @@ class AuthController(object):
        return rv

    def is_account_admin(self, request, for_account):
+        """
+        Returns True if the request represents coming from .super_admin, a
+        .reseller_admin, or an admin for the account specified.
+        """
        if request.headers.get('X-Auth-Admin-User') == '.super_admin' and \
               request.headers.get('X-Auth-Admin-Key') == self.super_admin_key:
            return True