OpenStack Compute (nova)

AWS credentials delegation to S3/Swift3

Bug #1075051 reported by Attila Fazekas on 2012-11-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Won't Fix	Wishlist	Unassigned
	ec2-api	Fix Released	Undecided	Unassigned

Bug Description

Now (openstack-nova-api-2012.2-1.fc18) , when the nova tries to connect to the S3 storage it tries to use the credentials "hard coded" to the config file.
It means every RegisterImage call will use the same tenant credentials instead of their own tenant credentials.

I think nova should delegate authentication to the swift backed, even by using other access method with the original requester permissions/roles.

Note1:
Probably this behaviour originated the days where the nova-objectstore used and it does not validated credentials.
Note2: Part of AWS credential is a signature of the request by the secret key, simple forwarding probably will not work.

See original description

Tags:

Attila Fazekas (afazekas) on 2012-11-05

description:

updated

Attila Fazekas (afazekas) on 2012-11-05

description:	updated
description:	updated

Russell Bryant (russellb) on 2012-11-07

Changed in nova:
status:	New → Confirmed
importance:	Undecided → Wishlist

Attila Fazekas (afazekas) on 2012-11-28

tags:

added: ec2

Andrey Pavlov (apavlov-e) on 2015-06-19

Changed in ec2-api:
status:	New → Fix Released

Davanum Srinivas (DIMS) (dims-v) on 2015-08-02

Changed in nova:
status:	Confirmed → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.