<div dir="ltr">Oh cool.. Didn't know about this. Will try this out.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 30, 2013 at 1:37 PM, Samuel Merritt <span dir="ltr"><<a href="mailto:sam@swiftstack.com" target="_blank">sam@swiftstack.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The tempurl key is just a metadata attribute on the account with a particular name. swiftclient already supports setting metadata on accounts (and containers and objects); no changes are needed.<br>
<br>
$ swift post -m temp-url-key:<u></u>correcthorsebatterystaple<div class="im"><br>
<br>
On 4/30/13 10:43 AM, Shrinand Javadekar wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Thanks for the reply John.<br>
<br>
We have seen a few customers struggle when setting up tempurl. Its easy<br>
to make them edit the proxy-server.conf file. But explaining the second<br>
step is a bit tedious and error-prone. I've been thinking of having a<br>
python script that does this. But something official would be better.<br>
<br>
Would it be a good idea to add capability to the swift command line<br>
utility to configure tempurl?<br>
<br>
<br>
On Mon, Apr 29, 2013 at 8:48 PM, John Dickinson <<a href="mailto:me@not.mn" target="_blank">me@not.mn</a><br></div><div class="im">
<mailto:<a href="mailto:me@not.mn" target="_blank">me@not.mn</a>>> wrote:<br>
<br>
There are no plans to change the current implementation of tempurl.<br>
<br>
In order to generate a tempurl that can be validated without relying<br>
on a network call to a centralized authority service, the owner and<br>
the service must have a shared secret. In the tempurl feature, this<br>
shared secret is set as a metadata key on the account. This allows<br>
the content owner to generate as many keys as necessary (without<br>
having to call an external service) and allows Swift to validate<br>
each one (without calling an external service).<br>
<br>
Note that an auth token is only needed in order to save the shared<br>
secret in the account metadata. Once the shared secret is set,<br>
neither the owner of the content nor the user of the tempurl (ie<br>
someone otherwise without access to the swift cluster) need a valid<br>
auth token to generate or use a tempurl.<br>
<br>
The only official docs for tempurl are at<br>
<a href="http://docs.openstack.org/developer/swift/misc.html#module-swift.common.middleware.tempurl" target="_blank">http://docs.openstack.org/<u></u>developer/swift/misc.html#<u></u>module-swift.common.<u></u>middleware.tempurl</a><br>
(We should probably have some docs written for<br>
<a href="http://docs.openstack.org/api/openstack-object-storage/1.0/content/" target="_blank">http://docs.openstack.org/api/<u></u>openstack-object-storage/1.0/<u></u>content/</a><br>
on this feature.)<br>
<br>
--John<br>
<br>
<br>
<br>
On Apr 29, 2013, at 5:26 PM, Shrinand Javadekar<br></div><div class="im">
<<a href="mailto:shrinand@maginatics.com" target="_blank">shrinand@maginatics.com</a> <mailto:<a href="mailto:shrinand@maginatics.com" target="_blank">shrinand@maginatics.<u></u>com</a>>> wrote:<br>
<br>
> Hi,<br>
><br>
> Configuring tempurl in openstack Swift requires two steps:<br>
><br>
> 1) Adding tempurl to the pipeline in proxy-server.conf<br>
> 2) Setting the tempurl key on the account.<br>
><br>
> Step #1 above is fairly straight forward. However, step #2 is<br>
slightly complicated; at least as per [1]. It requires first<br>
authenticating the user and getting an auth token. Then make an http<br>
request with the X-Meta-Tempurl-key header to set the tempurl key.<br>
><br>
> Are there easier ways to do this? If not, is it on the roadmap to<br>
do this easily?<br>
><br>
> Thanks in advance.<br>
> -Shri<br>
><br>
> [1]<br>
<a href="http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/" target="_blank">http://failverse.com/using-<u></u>temporary-urls-on-rackspace-<u></u>cloud-files/</a><br>
><br>
> ______________________________<u></u>_________________<br>
> Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~<u></u>openstack</a><br>
> Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br></div>
<mailto:<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.<u></u>launchpad.net</a>><div class="im"><br>
> Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~<u></u>openstack</a><br>
> More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/<u></u>ListHelp</a><br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~<u></u>openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~<u></u>openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/<u></u>ListHelp</a><br>
<br>
</div></blockquote>
<br>
</blockquote></div><br></div>