python-swiftclient

Document requesting + caching auth tokens

Bug #1696236 reported by wolever on 2017-06-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-swiftclient	Confirmed	Undecided	Unassigned

Bug Description

Currently there's no documentation around either:

1. Explicitly requesting an authentication token (the process for creating the Python objects is here - https://docs.openstack.org/developer/python-swiftclient/client-api.html - but there's no hint as to when then actual HTTP request for a token is made)

2. Explicitly caching and reusing those tokens (ex, saving a token to Redis so it can be shared by multiple app servers and refreshed out-of-band).

See also: https://stackoverflow.com/questions/44398818/authentication-token-caching-for-pythons-openstack-swift-client

Revision history for this message

Timur Alperovich (timur-alperovich) wrote on 2017-06-09:

Agreed on the lack of documentation around this. I looked into the client functions a little bit tonight and came up with the following:

>>> import swiftclient
>>> storage_url, auth_token = swiftclient.client.get_auth('http://localhost:32780/auth/v1.0', 'test:tester', 'testing')
>>> conn = swiftclient.client.Connection(preauthurl=storage_url, preauthtoken=auth_token)
>>> conn.head_container('test')
{[...] u'x-timestamp': u'1496991830.55304', u'x-openstack-request-id': u'tx1895dbebda3e452dab2b8-00593a485e'}

I think the same approach works with the v2 authentication, but I haven't tested that. I've only tried with v1 auth in the docker-swift container, but the code for swiftclient.client.get_auth seems like it supports v2 Keystone auth as well. Would this work for you to store the storage URL and auth token in Redis or some other caching layer?

Revision history for this message

wolever (david-wolever) wrote on 2017-06-10: Re: [Bug 1696236] Re: Document requesting + caching auth tokens

That looks like a good start, but it would mean handling reauth at the client level (ie, because Connection knows how to reauth with either a Session or a url/username/password, but can’t with just a token)

From: Timur Alperovich <email address hidden>
Reply: Bug 1696236 <email address hidden>
Date: June 9, 2017 at 3:21:05 AM
To: <email address hidden> <email address hidden>
Subject: [Bug 1696236] Re: Document requesting + caching auth tokens

Agreed on the lack of documentation around this. I looked into the
client functions a little bit tonight and came up with the following:

I think the same approach works with the v2 authentication, but I
haven't tested that. I've only tried with v1 auth in the docker-swift
container, but the code for swiftclient.client.get_auth seems like it
supports v2 Keystone auth as well. Would this work for you to store the
storage URL and auth token in Redis or some other caching layer?

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1696236

Title:
Document requesting + caching auth tokens

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-swiftclient/+bug/1696236/+subscriptions
--
https://twitter.com/wolever
(416) 906-0403
B230230D

Revision history for this message

Timur Alperovich (timur-alperovich) wrote on 2017-06-11:

Right. If Connection is given a storage URL and auth-token, it doesn't have the credentials to attempt to get a new token if the current one expires. I was trying to explore what can be done with the existing code.

Documenting the swiftclient.client.get_auth method in the client API page definitely makes sense. I also agree that adding an option to python-swiftclient to use memcache/redis for token caching could make sense as a feature, but that needs to be added.

John Dickinson (notmyname) on 2017-09-15

Changed in python-swiftclient:
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.