ceph/doc/radosgw/swift/auth.rst
Matthew Oliver 9f40b38d3e doc: Add a RGW swift auth note
Swift accounts are not like normal accounts, they are more akin to a
bank account that multile people could share. Or in the case of a cloud
it is usually mapped to the tenant.

Radosgw deals with this with a user and subuser, which is great, but a
little confusing. So this patch adds a note to those used to the Swift
API to make it more clear.

Signed-off-by: Matthew Oliver <moliver@suse.com>
2020-01-02 00:32:01 +00:00

83 lines
2.1 KiB
ReStructuredText

================
Authentication
================
Swift API requests that require authentication must contain an
``X-Storage-Token`` authentication token in the request header.
The token may be retrieved from RADOS Gateway, or from another authenticator.
To obtain a token from RADOS Gateway, you must create a user. For example::
sudo radosgw-admin user create --subuser="{username}:{subusername}" --uid="{username}"
--display-name="{Display Name}" --key-type=swift --secret="{password}" --access=full
For details on RADOS Gateway administration, see `radosgw-admin`_.
.. _radosgw-admin: ../../../man/8/radosgw-admin/
.. note::
For those used to the Swift API this is implementing the Swift auth v1.0 API, as such
`{username}` above is generally equivalent to a Swift `account` and `{subusername}`
is a user under that account.
Auth Get
--------
To authenticate a user, make a request containing an ``X-Auth-User`` and a
``X-Auth-Key`` in the header.
Syntax
~~~~~~
::
GET /auth HTTP/1.1
Host: swift.radosgwhost.com
X-Auth-User: johndoe
X-Auth-Key: R7UUOLFDI2ZI9PRCQ53K
Request Headers
~~~~~~~~~~~~~~~
``X-Auth-User``
:Description: The key RADOS GW username to authenticate.
:Type: String
:Required: Yes
``X-Auth-Key``
:Description: The key associated to a RADOS GW username.
:Type: String
:Required: Yes
Response Headers
~~~~~~~~~~~~~~~~
The response from the server should include an ``X-Auth-Token`` value. The
response may also contain a ``X-Storage-Url`` that provides the
``{api version}/{account}`` prefix that is specified in other requests
throughout the API documentation.
``X-Storage-Token``
:Description: The authorization token for the ``X-Auth-User`` specified in the request.
:Type: String
``X-Storage-Url``
:Description: The URL and ``{api version}/{account}`` path for the user.
:Type: String
A typical response looks like this::
HTTP/1.1 204 No Content
Date: Mon, 16 Jul 2012 11:05:33 GMT
Server: swift
X-Storage-Url: https://swift.radosgwhost.com/v1/ACCT-12345
X-Auth-Token: UOlCCC8TahFKlWuv9DB09TWHF0nDjpPElha0kAa
Content-Length: 0
Content-Type: text/plain; charset=UTF-8