[Openstack] Keystone & Swift: swiftauth tenant namespace collisions?

Jesse Andrews anotherjesse at gmail.com
Sun Nov 20 16:10:18 UTC 2011


A tenant is what used to be called a project in nova, and an account in swift.

When you validate a token using keystone you get the "account"
(tenant) and the user who is performing the account (who is a member
of the tenant)

Jesse

On Sun, Nov 20, 2011 at 7:58 AM, John Dickinson <me at not.mn> wrote:
> I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled for Tuesday)?
>
> --John
>
>
> On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote:
>
>> Ziad,
>>
>> I think the problem is that the ‘swift’ command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token.  With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request.
>>
>> Jason
>>
>> From: openstack-bounces+jason.rouault=hp.com at lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp.com at lists.launchpad.net] On Behalf Of Ziad Sawalha
>> Sent: Friday, November 18, 2011 2:10 PM
>> To: Judd Maltin; openstack at lists.launchpad.net
>> Subject: Re: [Openstack] Keystone & Swift: swiftauth tenant namespace collisions?
>>
>> Hi Judd – I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone?
>>
>>
>> From: Judd Maltin <judd at newgoliath.com>
>> Date: Fri, 18 Nov 2011 15:22:09 -0500
>> To: <openstack at lists.launchpad.net>
>> Subject: [Openstack] Keystone & Swift: swiftauth tenant namespace collisions?
>>
>> In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants?"
>>
>> i.e. in tempauth we use account:username password
>>
>> curl -k  -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0
>>
>> in swiftauth we use username password:
>> $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v
>> StorageURL: http://127.0.0.1:8888/v1/AUTH_1234
>> Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3
>> Account: AUTH_12
>>
>> How can I indicate my tenant (aka account) in this scheme.  I already have lots of data.
>>
>> Further, should I create custom endpoint templates for each tenant to address "Account: AUTH_12" being unknown to my current swift account db?
>>
>> Thanks very much,
>> -judd
>>
>>
>> --
>> Judd Maltin
>> T: 917-882-1270
>> F: 501-694-7809
>> A loving heart is never wrong.
>>
>>
>>
>> _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to :openstack at lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>




More information about the Openstack mailing list