OpenStack Storage (Swift)
Go to file
Samuel Merritt 357b12dc2b Remove IP-based container-sync ACLs from auth middlewares.
The determination of the client IP looked at the X-Cluster-Client-Ip
and X-Forwarded-For headers in the incoming HTTP request. This is
trivially spoofable by a malicious client, so there's no security
gained by having the check there.

Worse, having the check there provides a false sense of security to
cluster operators. It sounds like it's based on the client IP, so an
attacker would have to do IP spoofing to defeat it. However, it's
really just a shared secret, and there's already a secret key set
up. Basically, it looks like 2-factor auth (IP+key), but it's really
1-factor (key).

Now, the one case where this might provide some security is where the
Swift cluster is behind an external load balancer that strips off the
X-Cluster-Client-Ip and X-Forwarded-For headers and substitutes its
own. I don't think it's worth the tradeoff, hence this commit.

Fixes bug 1068420 for very small values of "fixes".

DocImpact

Change-Id: I2bef64c2e1e4df8a612a5531a35721202deb6964
2012-11-16 18:47:06 -08:00
bin Fixed swift-bench when using -b and a conf file 2012-11-07 16:12:04 -08:00
doc Remove IP-based container-sync ACLs from auth middlewares. 2012-11-16 18:47:06 -08:00
etc Better TempAuth storage URL guessing 2012-11-10 16:39:25 +00:00
locale Reverted the pulling out of various middleware: 2012-05-16 21:25:10 +00:00
swift Remove IP-based container-sync ACLs from auth middlewares. 2012-11-16 18:47:06 -08:00
test Remove IP-based container-sync ACLs from auth middlewares. 2012-11-16 18:47:06 -08:00
tools Use pypi for python-swiftclient dependency. 2012-11-02 16:56:18 -07:00
.coveragerc Align tox.ini and fix coverage jobs in jenkins. 2012-06-08 20:05:14 -04:00
.functests make test runner functions return the status of running the tests 2012-04-18 15:13:09 +03:00
.gitignore Add support for venv-based test run with tox. 2012-03-07 22:44:34 -08:00
.gitreview Add .gitreview config file for gerrit. 2011-10-24 15:05:49 -04:00
.mailmap changelog and authors updates for 1.7 release 2012-09-04 08:36:55 -07:00
.probetests make test runner functions return the status of running the tests 2012-04-18 15:13:09 +03:00
.unittests make test runner functions return the status of running the tests 2012-04-18 15:13:09 +03:00
AUTHORS updated for 1.7.5 release 2012-11-06 18:42:07 -08:00
babel.cfg add pybabel setup.py commands and initial .pot 2011-01-27 00:01:24 +00:00
CHANGELOG updated for 1.7.5 release 2012-11-06 18:42:07 -08:00
LICENSE Initial commit of Swift code 2010-07-12 17:03:45 -05:00
MANIFEST.in Add README.md to the tarball. 2012-09-14 20:42:05 -04:00
README.md new more helpful README 2012-09-13 20:59:41 -07:00
setup.cfg Align tox.ini and fix coverage jobs in jenkins. 2012-06-08 20:05:14 -04:00
setup.py Add OpenStack trove classifier for PyPI 2012-10-22 18:55:15 -04:00
tox.ini Align tox.ini and fix coverage jobs in jenkins. 2012-06-08 20:05:14 -04:00

Swift

A distributed object storage system designed to scale from a single machine to thousands of servers. Swift is optimized for multi-tenancy and high concurrency. Swift is ideal for backups, web and mobile content, and any other unstructured data that can grow without bound.

Swift provides a simple, REST-based API fully documented at http://doc.openstack.org/.

Swift was originally developed as the basis for Rackspace's Cloud Files and was open-sourced in 2010 as part of the OpenStack project. It has since grown to include contributions from many companies and has spawned a thriving ecosystem of 3rd party tools. Swift's contributors are listed in the AUTHORS file.

Docs

To build documentation install sphinx (pip install sphinx), run python setup.py build_sphinx, and then browse to /doc/build/html/index.html. These docs are auto-generated after every commit and available online at http://docs.openstack.org/developer/swift/.

For Developers

The best place to get started is the "SAIO - Swift All In One". This document will walk you through setting up a development cluster of Swift in a VM. The SAIO environment is ideal for running small-scale tests against swift and trying out new features and bug fixes.

You can run unit tests with .unittests and functional tests with .functests.

Code Organization

  • bin/: Executable scripts that are the processes run by the deployer
  • doc/: Documentation
  • etc/: Sample config files
  • swift/: Core code
    • account/: account server
    • common/: code shared by different modules
      • middleware/: "standard", officially-supported middleware
      • ring/: code implementing Swift's ring
    • container/: container server
    • obj/: object server
    • proxy/: proxy server
  • test/: Unit and functional tests

Data Flow

Swift is a WSGI application and uses eventlet's WSGI server. After the processes are running, the entry point for new requests is the Application class in swift/proxy/server.py. From there, a controller is chosen, and the request is processed. The proxy may choose to forward the request to a back- end server. For example, the entry point for requests to the object server is the ObjectController class in swift/obj/server.py.

For Deployers

Deployer docs are also available at http://docs.openstack.org/developer/swift/. A good starting point is at http://docs.openstack.org/developer/swift/deployment_guide.html

You can run functional tests against a swift cluster with .functests. These functional tests require /etc/swift/test.conf to run. A sample config file can be found in this source tree in test/sample.conf.

For Client Apps

For client applications, official Python language bindings are provided at http://github.com/openstack/python-swiftclient.

Complete API documentation at http://docs.openstack.org/api/openstack-object-storage/1.0/content/


For more information come hang out in #openstack-swift on freenode.

Thanks,

The Swift Development Team