Swift fails to authenticate user by token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-swiftclient |
New
|
Undecided
|
Unassigned |
Bug Description
Ther'a 2 issues with authentication.
1. Consider the following code.
"""
client = swift_api_
"""
Since ther's no ``auth_version`` specified, 1 used by default.
In this case swiftclient will try to use ``get_auth_1_0``:
"""
"""
As you can see, no keystone token passed to that function, therefore authentication fails.
Furthermore, swiftclient will fail miserably with exception:
"""
Traceback (most recent call last):
File "./test_
t.run('blah', user_id=483)
File "/home/
return self.test(
File "/home/
swift_
File "/home/
url, _ = self.get_auth()
File "/home/
insecure=
File "/home/
insecure=
File "/home/
parsed, conn = http_connection
File "/home/
conn = HTTPConnection(
File "/home/
self.parsed_url = urlparse(url)
File "/usr/lib/
tuple = urlsplit(url, scheme, allow_fragments)
File "/usr/lib/
i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'
"""
2. If you specify auth_version = 2, the following code will be executed.
"""
elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3:
# We are allowing to specify a token/storage-url to re-use
# without having to re-authenticate.
if (os_options.
return (os_options.
"""
It checks if there are ``object_
Of course they were absent, since initial values were: os_options or {}
So in order to get it working, you have to specify those options manually:
"""
}
"""
Conclusion. The only way to use swift client with existing tokens is the following:
"""
def get_swift_
insecure = getattr(settings, 'OPENSTACK_
cacert = getattr(settings, 'OPENSTACK_
url = keystone.
client = swift_api_
}
return client
"""
I think you should fix version handling or reflect the way it works in documentation.
affects: | nova → python-swiftclient |
description: | updated |
I'm confused. If we already have a storage URL and token, why are we calling get_auth()? The _retry function (which nearly all client operations use) should only be calling it if url or token are missing, but we're explicitly passing it in. Also, couldn't the constructor call be reduced to something like this?
client = swift_api_ client. Connection(
preauthurl= url,
preauthtoken= keystone. user.token. id,
insecure= insecure,
cacert= cacert)
Why do we need user/tenant_name?