OpenStack Identity (keystone)

auth token is valid for every swift account

Bug #843071 reported by klmitch on 2011-08-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Unassigned

Bug Description

Set up similar to the instructions in the README

```
john@laptop:~$ curl -i -H "X-Auth-User: joeuser" -H "X-Auth-Key: secrete" http://server:5000/v1.0
HTTP/1.1 204 No Content
X-Identity: http://keystone.publicinternets.com/v2.0
X-Auth-Token: c70ceeb8-db3b-4135-ab83-88316c7167ec
X-Cdn-Management-Url: http://cdn.publicinternets.com/v1.1/1234
X-Glance: http://glance.publicinternets.com/v1.1/1234
X-Server-Management-Url: http://nova.publicinternets.com/v1.1/
X-Storage-Url: http://server/v1/AUTH_1234
X-Nova_compat: http://nova.publicinternets.com/v1.0/
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Date: Fri, 12 Aug 2011 20:19:47 GMT

john@laptop:~$ curl -i -H "X-Auth-Token: c70ceeb8-db3b-4135-ab83-88316c7167ec" http://server:8080/v1/AUTH_1234
HTTP/1.1 200 OK
X-Account-Object-Count: 0
X-Account-Bytes-Used: 0
X-Account-Container-Count: 1
Accept-Ranges: bytes
Content-Length: 10
Content-Type: text/plain; charset=utf-8
X-Trans-Id: txe71c6ce92855442facea27aac04a5ba8
Date: Fri, 12 Aug 2011 20:20:16 GMT

container
john@laptop:~$
john@laptop:~$
john@laptop:~$ curl -i -H "X-Auth-Token: c70ceeb8-db3b-4135-ab83-88316c7167ec" http://server:8080/v1/AUTH_abc
HTTP/1.1 200 OK
X-Account-Object-Count: 3
X-Account-Bytes-Used: 624
X-Account-Container-Count: 3
Accept-Ranges: bytes
Content-Length: 47
Content-Type: text/plain; charset=utf-8
X-Trans-Id: txb034e3b749954d1f93f057e7efd0afbc
Date: Fri, 12 Aug 2011 20:20:21 GMT

.ACCESS_LOGS
access_log_delivery_data
log_data
john@laptop:~$
```

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-12:

What call does swift make to Keystone to validate the token? Does it include the belongs_to query parameter?

----- Original Message -----
From: notmyname [mailto:<email address hidden>]
Sent: Friday, August 12, 2011 03:22 PM
To: Ziad Sawalha
Subject: [keystone] auth token is valid for every swift account (#139)

Set up similar to the instructions in the README

.ACCESS_LOGS
access_log_delivery_data
log_data
john@laptop:~$
```

--
Reply to this email directly or view it on GitHub:
https://github.com/rackspace/keystone/issues/139
This email may include confidential information. If you received it in error, please delete it.

What call does swift make to Keystone to validate the token? Does it include the belongs_to query parameter?

----- Original Message -----
From: notmyname [mailto:reply@reply.github.com]
Sent: Friday, August 12, 2011 03:22 PM
To: Ziad Sawalha
Subject: [keystone] auth token is valid for every swift account (#139)

Set up similar to the instructions in the README

container
john@laptop:~$ 
john@laptop:~$ 
john@laptop:~$ curl -i -H "X-Auth-Token: c70ceeb8-db3b-4135-ab83-88316c7167ec" http://server:8080/v1/AUTH_abc
HTTP/1.1 200 OK
X-Account-Object-Count: 3
X-Account-Bytes-Used: 624
X-Account-Container-Count: 3
Accept-Ranges: bytes
Content-Length: 47
Content-Type: text/plain; charset=utf-8
X-Trans-Id: txb034e3b749954d1f93f057e7efd0afbc
Date: Fri, 12 Aug 2011 20:20:21 GMT

.ACCESS_LOGS
access_log_delivery_data
log_data
john@laptop:~$
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rackspace/keystone/issues/139
This email may include confidential information. If you received it in error, please delete it.

Revision history for this message

klmitch (q-noreply) wrote on 2011-08-12:

I was using the tokenauth middleware (as per the docs).

Switching to swiftauth (and figuring out the proper config params) solved the issue.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.