Project

General

Profile

Feature #5506

rgw: use Keystone to authenticate S3 requests

Added by Yehuda Sadeh over 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

The idea is that there should be an alternative way to authenticate S3 requests. Currently we handle the S3 authentication by verifying signature against the one we calculate by having the user credentials internally. However, certain deployments might just want to have the S3 users controlled by Keystone, and not create their credentials on the rados backend. We do a similar thing with swift, in which we send a request to Keystone to verify the tokens that we get. With S3 it's a bit different, as there's no real way to cache the 'tokens'. But in any case, it'll require sending a request to Keystone to validate the signature.

History

#1 Updated by Yehuda Sadeh over 10 years ago

  • Status changed from New to Fix Under Review

#2 Updated by Yehuda Sadeh about 10 years ago

  • Status changed from Fix Under Review to Resolved

Done by Roald van Loon, commit:a200e184b15a03a4ca382e94caf01efb41cb9db7

Also available in: Atom PDF