Updated docs.
This commit is contained in:
parent
2b995be46c
commit
dcbb51cc71
@ -6,10 +6,13 @@ Auth Server and Middleware
|
||||
Creating Your Own Auth Server and Middleware
|
||||
--------------------------------------------
|
||||
|
||||
The included swift/common/middleware/auth.py is a good minimal example of how
|
||||
to create auth middleware. The main points are that the auth middleware can
|
||||
reject requests up front, before they ever get to the Swift Proxy application,
|
||||
and afterwards when the proxy issues callbacks to verify authorization.
|
||||
The included swift/auth/server.py and swift/common/middleware/auth.py are good
|
||||
minimal examples of how to create an external auth server and proxy server auth
|
||||
middleware. Also, see the `Swauth <https://launchpad.net/swauth>`_ project for
|
||||
a more complete implementation. The main points are that the auth middleware
|
||||
can reject requests up front, before they ever get to the Swift Proxy
|
||||
application, and afterwards when the proxy issues callbacks to verify
|
||||
authorization.
|
||||
|
||||
It's generally good to separate the authentication and authorization
|
||||
procedures. Authentication verifies that a request actually comes from who it
|
||||
|
@ -90,26 +90,43 @@ Installing Swift For Use With Cyberduck
|
||||
|
||||
#. Example proxy-server config::
|
||||
|
||||
[proxy-server]
|
||||
bind_port = 8080
|
||||
user = swift
|
||||
[DEFAULT]
|
||||
cert_file = /etc/swift/cert.crt
|
||||
key_file = /etc/swift/cert.key
|
||||
|
||||
[auth-server]
|
||||
[pipeline:main]
|
||||
pipeline = healthcheck cache auth proxy-server
|
||||
|
||||
[app:proxy-server]
|
||||
use = egg:swift#proxy
|
||||
|
||||
[filter:auth]
|
||||
use = egg:swift#auth
|
||||
ssl = true
|
||||
|
||||
[filter:healthcheck]
|
||||
use = egg:swift#healthcheck
|
||||
|
||||
[filter:cache]
|
||||
use = egg:swift#memcache
|
||||
|
||||
#. Example auth-server config::
|
||||
|
||||
[auth-server]
|
||||
default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
|
||||
user = swift
|
||||
[DEFAULT]
|
||||
cert_file = /etc/swift/cert.crt
|
||||
key_file = /etc/swift/cert.key
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = auth-server
|
||||
|
||||
[app:auth-server]
|
||||
use = egg:swift#auth
|
||||
super_admin_key = devauth
|
||||
default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
|
||||
|
||||
#. Use swift-auth-add-user to create a new account and admin user::
|
||||
|
||||
ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user --admin a3 b3 c3
|
||||
ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user -K devauth -a a3 b3 c3
|
||||
https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781
|
||||
|
||||
.. note::
|
||||
|
@ -337,6 +337,10 @@ class AuthController(object):
|
||||
return rv
|
||||
|
||||
def is_account_admin(self, request, for_account):
|
||||
"""
|
||||
Returns True if the request represents coming from .super_admin, a
|
||||
.reseller_admin, or an admin for the account specified.
|
||||
"""
|
||||
if request.headers.get('X-Auth-Admin-User') == '.super_admin' and \
|
||||
request.headers.get('X-Auth-Admin-Key') == self.super_admin_key:
|
||||
return True
|
||||
|
Loading…
x
Reference in New Issue
Block a user