projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 7c673cae FG |
1 | ================ |
| 2 | Authentication | |
| 3 | ================ | |
| 4 | ||
| 5 | Swift API requests that require authentication must contain an | |
| 6 | ``X-Storage-Token`` authentication token in the request header. | |
| 7 | The token may be retrieved from RADOS Gateway, or from another authenticator. | |
| 8 | To obtain a token from RADOS Gateway, you must create a user. For example:: | |
| 9 | ||
| 10 | sudo radosgw-admin user create --subuser="{username}:{subusername}" --uid="{username}" | |
| 11 | --display-name="{Display Name}" --key-type=swift --secret="{password}" --access=full | |
| 12 | ||
| 13 | For details on RADOS Gateway administration, see `radosgw-admin`_. | |
| 14 | ||
| 15 | .. _radosgw-admin: ../../../man/8/radosgw-admin/ | |
| 16 | ||
| 9f95a23c TL |
17 | .. note:: |
| 18 | For those used to the Swift API this is implementing the Swift auth v1.0 API, as such | |
| 19 | `{username}` above is generally equivalent to a Swift `account` and `{subusername}` | |
| 20 | is a user under that account. | |
| 21 | ||
| 7c673cae FG |
22 | Auth Get |
| 23 | -------- | |
| 24 | ||
| 25 | To authenticate a user, make a request containing an ``X-Auth-User`` and a | |
| 26 | ``X-Auth-Key`` in the header. | |
| 27 | ||
| 28 | Syntax | |
| 29 | ~~~~~~ | |
| 30 | ||
| 31 | :: | |
| 32 | ||
| 33 | GET /auth HTTP/1.1 | |
| 34 | Host: swift.radosgwhost.com | |
| 35 | X-Auth-User: johndoe | |
| 36 | X-Auth-Key: R7UUOLFDI2ZI9PRCQ53K | |
| 37 | ||
| 38 | Request Headers | |
| 39 | ~~~~~~~~~~~~~~~ | |
| 40 | ||
| 41 | ``X-Auth-User`` | |
| 42 | ||
| 43 | :Description: The key RADOS GW username to authenticate. | |
| 44 | :Type: String | |
| 45 | :Required: Yes | |
| 46 | ||
| 47 | ``X-Auth-Key`` | |
| 48 | ||
| 49 | :Description: The key associated to a RADOS GW username. | |
| 50 | :Type: String | |
| 51 | :Required: Yes | |
| 52 | ||
| 53 | ||
| 54 | Response Headers | |
| 55 | ~~~~~~~~~~~~~~~~ | |
| 56 | ||
| 57 | The response from the server should include an ``X-Auth-Token`` value. The | |
| 58 | response may also contain a ``X-Storage-Url`` that provides the | |
| 59 | ``{api version}/{account}`` prefix that is specified in other requests | |
| 60 | throughout the API documentation. | |
| 61 | ||
| 62 | ||
| 63 | ``X-Storage-Token`` | |
| 64 | ||
| 65 | :Description: The authorization token for the ``X-Auth-User`` specified in the request. | |
| 66 | :Type: String | |
| 67 | ||
| 68 | ||
| 69 | ``X-Storage-Url`` | |
| 70 | ||
| 71 | :Description: The URL and ``{api version}/{account}`` path for the user. | |
| 72 | :Type: String | |
| 73 | ||
| 74 | A typical response looks like this:: | |
| 75 | ||
| 76 | HTTP/1.1 204 No Content | |
| 77 | Date: Mon, 16 Jul 2012 11:05:33 GMT | |
| 78 | Server: swift | |
| 79 | X-Storage-Url: https://swift.radosgwhost.com/v1/ACCT-12345 | |
| 80 | X-Auth-Token: UOlCCC8TahFKlWuv9DB09TWHF0nDjpPElha0kAa | |
| 81 | Content-Length: 0 | |
| 82 | Content-Type: text/plain; charset=UTF-8 |