The token may not be (is probably not) deterministicly created. You give a username and password to the auth system - and it returns the token for you to associate with future requests.
The request for the token (the auth request) seems to be missing some headers: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET Should probably be: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET -H "X-Auth-User: rados:swift" -H "X-Auth-Key: 77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG" More information can be found here: http://docs.openstack.org/developer/swift/overview_auth.html ^ it's a little down in the weeds, but it does sorta cover the gist of it - there's lots of ways to do auth with Swift. -Clay On Mon, Oct 7, 2013 at 7:32 AM, Snider, Tim <tim.sni...@netapp.com> wrote: > I'd like to use curl to access a Ceph cluster. The swift API works and I > thought I could use the debug option to look at the curl commands generated > for access. **** > > Does the --debug option of swift print the entire command for all curl > commands during execution?**** > > ** ** > > Debug output from the 2nd curl command in the example below doesn't seem > to show all the headers -- authentication header(s) specifically.**** > > Entering the command by hand results in a 403 response.**** > > ** ** > > I'd like to understand how the authentiation token is generated from the > tenant (rados) user (swift) and the swift secret_key.**** > > The following token is generated:**** > > > > "AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8" > **** > > ** ** > > The first part looks like a header: 'AUTH_rgwtk', (rados gateway token) a > length == 11 and a prefix == rados:swift**** > > AUTH_rgwtk 0b 00000072 61 64 6f 73 3a 73 77 69 66 74**** > > length = 0xb r a d o s : s w i f t**** > > ** ** > > How is the remainder of the token generated? It doesn't appear to be > unencoded or a plain hex/ascii translatation of the ceph keys shown by the > radowgw-admin command.**** > > 046eff2c 9ac6a504 1b00545 248a7893 b9006776 83adaaca 1095128 b6edf8fc > 378d7d49 d8**** > > ** ** > > Get the ceph user information:**** > > root@controller21:~/ssbench-0.2.16# radosgw-admin user info > --uid=rados**** > > 2013-10-07 05:55:34.804639 7ff1c3f6c780 0 WARNING: cannot read > region map**** > > { "user_id": "rados",**** > > "display_name": "rados",**** > > "email": "n...@none.com",**** > > "suspended": 0,**** > > "max_buckets": 1000,**** > > "auid": 0,**** > > "subusers": [**** > > { "id": "rados:swift",**** > > "permissions": "full-control"},**** > > { "id": "rados:swift1",**** > > "permissions": "full-control"}],**** > > "keys": [**** > > { "user": "rados",**** > > "access_key": "R5F0D2UCSK3618DJ829A",**** > > "secret_key": "PJR1rvV2+Xrzlwo+AZZKXextsDl45EaLljzopgjD"}],**** > > "swift_keys": [**** > > { "user": "rados:swift",**** > > "secret_key": "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG"},**** > > { "user": "rados:swift1",**** > > "secret_key": "l9Xlg66JvbNvMmZAj91AeQByEiP8R8sBahCJeqAG"}],**** > > "caps": [],**** > > "op_mask": "read, write, delete",**** > > "default_placement": "",**** > > "placement_tags": []}**** > > ** ** > > Use the debug option in swift to look at the curl commands generated:**** > > swift --debug -V 1.0 -A > http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -U rados:swift > -K "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG" list**** > > ** ** > > This one appears to be incomplete:**** > > DEBUG:swiftclient:REQ: curl -i > http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET**** > > ** ** > > DEBUG:swiftclient:RESP STATUS: 204**** > > ** ** > > Want to understand how this key was generated:**** > > DEBUG:swiftclient:REQ: curl -i > http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json-X > GET -H"X-Auth-Token: > AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8" > **** > > ** ** > > The swift command works:**** > > DEBUG:swiftclient:RESP STATUS: 200**** > > ** ** > > DEBUG:swiftclient:RESP BODY: > [{"name":"ssbench_000000","count":832,"bytes":85196800},...{"name":"xxx","count":1,"bytes":604}] > **** > > ** ** > > ssbench_000000**** > > ssbench_000099**** > > xxx**** > > ** ** > > DEBUG:swiftclient:REQ: curl -i > http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json&marker=xxx-X > GET -H "X-Auth-Token: > AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8" > **** > > ** ** > > DEBUG:swiftclient:RESP STATUS: 200**** > > ** ** > > DEBUG:swiftclient:RESP BODY: []**** > > ** ** > > Entering the 2nd curl command by hand fails:**** > > root@controller21:~/ssbench-0.2.16# curl -i > http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET**** > > HTTP/1.1 403 Forbidden**** > > Date: Mon, 07 Oct 2013 14:06:30 GMT**** > > Server: Apache/2.2.22 (Ubuntu)**** > > Accept-Ranges: bytes**** > > Content-Length: 23**** > > Content-Type: application/json**** > > ** ** > > Thanks,**** > > Tim**** > > ** ** > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
