Clean up how we keystone

The docs were recommending a bad config (see related change).

Related-Change: I21e38884a2aefbb94b76c76deccd815f01db7362
Change-Id: Idca96a39f552083b55dc5a86d14ee4357777d6fe
This commit is contained in:
Tim Burke 2017-02-23 20:47:48 +00:00
parent 8019c2234c
commit c63f89cdcb
5 changed files with 31 additions and 7 deletions

View File

@ -60,6 +60,7 @@ Note:
* The authtoken filter requires the keystonemiddleware package.
* Swift3 explicitly checks that keystoneauth is in the pipeline. You must use this name
in the pipeline statement and in [filter:keystoneauth] section header.
* The authtoken filter is only required if Keystone users will use the native Swift API.
3) Add to your proxy-server.conf the section for the Swift3 WSGI filter::

View File

@ -5,8 +5,11 @@
# more middleware.
#
# Keystone pipeline
# Note that s3token and authtoken require the keystonemiddleware package.
pipeline = proxy-logging cache swift3 s3token authtoken keystoneauth bulk slo proxy-logging proxy-server
# Note that authtoken requires the keystonemiddleware package.
pipeline = proxy-logging cache swift3 s3token keystoneauth bulk slo proxy-logging proxy-server
# Keystone pipeline with access via both S3 and native Swift API
# Note that authtoken requires the keystonemiddleware package.
# pipeline = proxy-logging cache authtoken swift3 s3token keystoneauth bulk slo proxy-logging proxy-server
# Tempauth pipeline
# pipeline = proxy-logging cache swift3 tempauth bulk slo proxy-logging proxy-server
@ -173,13 +176,14 @@ http_timeout = 10.0
[filter:authtoken]
# See swift manual for more details.
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
use = egg:keystonemiddleware#auth_token
identity_uri = http://keystonehost:35357/
auth_uri = http://keystonehost:5000/
admin_tenant_name = service
admin_user = swift
admin_password = password
cache = swift.cache
delay_auth_decision = True
[filter:keystoneauth]
# See swift manual for more details.

View File

@ -9,7 +9,7 @@ account_autocreate = true
log_level = DEBUG
[pipeline:main]
pipeline = catch_errors gatekeeper proxy-logging cache swift3 %MIDDLEWARE% bulk slo dlo proxy-logging proxy-server
pipeline = catch_errors gatekeeper proxy-logging cache %MIDDLEWARE% bulk slo dlo proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy

View File

@ -27,9 +27,9 @@ mkdir -p ${TEST_DIR}/certs ${TEST_DIR}/private
# create config files
if [ "$AUTH" == 'keystone' ]; then
MIDDLEWARE="s3token keystoneauth"
MIDDLEWARE="swift3 s3token keystoneauth"
elif [ "$AUTH" == 'tempauth' ]; then
MIDDLEWARE="tempauth"
MIDDLEWARE="swift3 tempauth"
else
echo "unknown auth: $AUTH"
exit 1

View File

@ -40,7 +40,26 @@ class TestSwift3Bucket(Swift3FunctionalTestCase):
self.assertEqual(status, 200)
self.assertCommonResponseHeaders(headers)
self.assertEqual(headers['location'], '/' + bucket)
self.assertIn(headers['location'], (
'/' + bucket, # swob won't touch it...
# but webob (which we get because of auth_token) *does*
'http://%s%s/%s' % (
self.conn.host,
'' if self.conn.port == 80 else ':%d' % self.conn.port,
bucket),
# This is all based on the Host header the client provided,
# and boto will double-up ports for sig v4. See
# - https://github.com/boto/boto/issues/2623
# - https://github.com/boto/boto/issues/3716
# with proposed fixes at
# - https://github.com/boto/boto/pull/3513
# - https://github.com/boto/boto/pull/3676
'http://%s%s:%d/%s' % (
self.conn.host,
'' if self.conn.port == 80 else ':%d' % self.conn.port,
self.conn.port,
bucket),
))
self.assertEqual(headers['content-length'], '0')
# GET Bucket(Without Object)