Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
To summarize the intent: - we add a string UID to the database schema - For deployments with the integer ID, we copy that into the UID field - For deployments where the ID is a string (cactus and pre-Diablo) we copy that into the UID field - We use the UID field in the URLs displayed by Keystone That will allow migrations into Keystone and you can decide in your data import what value to make the ID that shows up as the REST URL. Did this code land somewhere? Any chance it can be back ported to diablo/stable? From: Judd Maltin openst...@newgoliath.com Date: Thu, 1 Dec 2011 16:32:00 -0500 To: Ziad Sawalha ziad.sawa...@rackspace.com Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Ziad, The current authentication systems for Swift use a hash as the tenant_id. I saw that keystone is using a sequential integer from the DB as the tenant_id. This doesn't allow Keystone to match an existing Swift tenant_id (called account in Swift). This prevents Keystone from just taking over for swauth or tempauth. If the definition of tenant_id is changed in Keystone to be configurable by the administrator, or at least NOT be a seq from the DB, then migration from swauth to keystone is possible, and may even be automated. Looking forward to your thoughts, -judd On Sun, Nov 27, 2011 at 12:51 AM, Ziad Sawalha ziad.sawa...@rackspace.com wrote: Hi Judd – Account in swift is the same thing as tenant in Keystone. Is the problem that you are specifying account 'name' instead of the ID? I'm asking because we have had a number of users having problems migrating into Keystone after we switched to ID/Name for tenants and users and we are considering a schema change that would allow for simpler migration into Keystone and support tenant ID and name being the same. I'm not sure that would help you, but if it would we would like to get your input on the design we are considering. From: Judd Maltin openst...@newgoliath.com Date: Fri, 25 Nov 2011 11:31:50 -0500 To: Rouault, Jason (Cloud Services) jason.roua...@hp.com Cc: John Dickinson m...@not.mn, Ziad Sawalha ziad.sawa...@rackspace.com, openstack@lists.launchpad.net openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Thanks Jason, I am indeed working off stable/diablo. It looks like I'm going to have to use mod_proxy and mod_rewrite to migrate my users form AUTH_account_name to AUTH_tenant_id Any other ideas for this sort of migration? -judd On Mon, Nov 21, 2011 at 9:42 AM, Rouault, Jason (Cloud Services) jason.roua...@hp.com wrote: Yes, I am aware of the new swift code for Keystone, but the question came from Judd who may be working off of Diablo-stable. -Original Message- From: John Dickinson [mailto:m...@not.mn] Sent: Sunday, November 20, 2011 8:59 AM To: Rouault, Jason (Cloud Services) Cc: Ziad Sawalha; Judd Maltin; openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled for Tuesday)? --John On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote: Ziad, I think the problem is that the 'swift' command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token. With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request. Jason From: openstack-bounces+jason.rouault=hp@lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp@lists.launchpad.net] On Behalf Of Ziad Sawalha Sent: Friday, November 18, 2011 2:10 PM To: Judd Maltin; openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Judd - I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone? From: Judd Maltin j...@newgoliath.com Date: Fri, 18 Nov 2011 15:22:09 -0500 To: openstack@lists.launchpad.net Subject: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants? i.e. in tempauth we use account:username password curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0 in swiftauth we use username password: $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v StorageURL: http://127.0.0.1:/v1/AUTH_1234 Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3 Account: AUTH_12
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
Hi Andi - It landed in E3. It was not back ported since it contains a significant schema change. I don't think we can back port it to Diablo. Z From: andi abes andi.a...@gmail.commailto:andi.a...@gmail.com Date: Fri, 10 Feb 2012 15:36:04 -0500 To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com Cc: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com, openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? To summarize the intent: * we add a string UID to the database schema * For deployments with the integer ID, we copy that into the UID field * For deployments where the ID is a string (cactus and pre-Diablo) we copy that into the UID field * We use the UID field in the URLs displayed by Keystone That will allow migrations into Keystone and you can decide in your data import what value to make the ID that shows up as the REST URL. Did this code land somewhere? Any chance it can be back ported to diablo/stable? From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Thu, 1 Dec 2011 16:32:00 -0500 To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Ziad, The current authentication systems for Swift use a hash as the tenant_id. I saw that keystone is using a sequential integer from the DB as the tenant_id. This doesn't allow Keystone to match an existing Swift tenant_id (called account in Swift). This prevents Keystone from just taking over for swauth or tempauth. If the definition of tenant_id is changed in Keystone to be configurable by the administrator, or at least NOT be a seq from the DB, then migration from swauth to keystone is possible, and may even be automated. Looking forward to your thoughts, -judd On Sun, Nov 27, 2011 at 12:51 AM, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com wrote: Hi Judd – Account in swift is the same thing as tenant in Keystone. Is the problem that you are specifying account 'name' instead of the ID? I'm asking because we have had a number of users having problems migrating into Keystone after we switched to ID/Name for tenants and users and we are considering a schema change that would allow for simpler migration into Keystone and support tenant ID and name being the same. I'm not sure that would help you, but if it would we would like to get your input on the design we are considering. From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Fri, 25 Nov 2011 11:31:50 -0500 To: Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com Cc: John Dickinson m...@not.mnmailto:m...@not.mn, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com, openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Thanks Jason, I am indeed working off stable/diablo. It looks like I'm going to have to use mod_proxy and mod_rewrite to migrate my users form AUTH_account_name to AUTH_tenant_id Any other ideas for this sort of migration? -judd On Mon, Nov 21, 2011 at 9:42 AM, Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com wrote: Yes, I am aware of the new swift code for Keystone, but the question came from Judd who may be working off of Diablo-stable. -Original Message- From: John Dickinson [mailto:m...@not.mnmailto:m...@not.mn] Sent: Sunday, November 20, 2011 8:59 AM To: Rouault, Jason (Cloud Services) Cc: Ziad Sawalha; Judd Maltin; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled for Tuesday)? --John On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote: Ziad, I think the problem is that the 'swift' command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token. With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request. Jason From: openstack-bounces+jason.rouault=hp@lists.launchpad.netmailto:hp@lists.launchpad.net [mailto:openstack-bounces+jason.rouaultmailto:openstack-bounces%2Bjason.rouault=hp@lists.launchpad.netmailto:hp@lists.launchpad.net] On Behalf Of Ziad Sawalha Sent: Friday, November 18
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
Great. BTW, Dolph just started work on this, so we've updated the status of the blueprint. Z From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Fri, 2 Dec 2011 11:27:57 -0500 To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com Cc: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net, Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com, John Dickinson m...@not.mnmailto:m...@not.mn Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Ziad! Just knowing that your team has these issues in mind is a huge help. -judd On Dec 1, 2011 6:00 PM, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com wrote: OK, that helps. We have a blueprint to use a string ID instead of the integer in the database: https://blueprints.launchpad.net/keystone/+spec/portable-identifiers I think that will address your needs (eventually). We intend to deliver that without any API changes (the API supports string IDs) and with full migration support from stable/diablo. To summarize the intent: * we add a string UID to the database schema * For deployments with the integer ID, we copy that into the UID field * For deployments where the ID is a string (cactus and pre-Diablo) we copy that into the UID field * We use the UID field in the URLs displayed by Keystone That will allow migrations into Keystone and you can decide in your data import what value to make the ID that shows up as the REST URL. This is a future answer to your need. We plan on doing this very soon (maybe by E2). But for the current Keystone schema I don't have any alternative suggestions unfortunately. Does this help? From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Thu, 1 Dec 2011 16:32:00 -0500 To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Ziad, The current authentication systems for Swift use a hash as the tenant_id. I saw that keystone is using a sequential integer from the DB as the tenant_id. This doesn't allow Keystone to match an existing Swift tenant_id (called account in Swift). This prevents Keystone from just taking over for swauth or tempauth. If the definition of tenant_id is changed in Keystone to be configurable by the administrator, or at least NOT be a seq from the DB, then migration from swauth to keystone is possible, and may even be automated. Looking forward to your thoughts, -judd On Sun, Nov 27, 2011 at 12:51 AM, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com wrote: Hi Judd – Account in swift is the same thing as tenant in Keystone. Is the problem that you are specifying account 'name' instead of the ID? I'm asking because we have had a number of users having problems migrating into Keystone after we switched to ID/Name for tenants and users and we are considering a schema change that would allow for simpler migration into Keystone and support tenant ID and name being the same. I'm not sure that would help you, but if it would we would like to get your input on the design we are considering. From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Fri, 25 Nov 2011 11:31:50 -0500 To: Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com Cc: John Dickinson m...@not.mnmailto:m...@not.mn, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com, openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Thanks Jason, I am indeed working off stable/diablo. It looks like I'm going to have to use mod_proxy and mod_rewrite to migrate my users form AUTH_account_name to AUTH_tenant_id Any other ideas for this sort of migration? -judd On Mon, Nov 21, 2011 at 9:42 AM, Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com wrote: Yes, I am aware of the new swift code for Keystone, but the question came from Judd who may be working off of Diablo-stable. -Original Message- From: John Dickinson [mailto:m...@not.mnmailto:m...@not.mn] Sent: Sunday, November 20, 2011 8:59 AM To: Rouault, Jason (Cloud Services) Cc: Ziad Sawalha; Judd Maltin; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
Hi Judd – Account in swift is the same thing as tenant in Keystone. Is the problem that you are specifying account 'name' instead of the ID? I'm asking because we have had a number of users having problems migrating into Keystone after we switched to ID/Name for tenants and users and we are considering a schema change that would allow for simpler migration into Keystone and support tenant ID and name being the same. I'm not sure that would help you, but if it would we would like to get your input on the design we are considering. From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com Date: Fri, 25 Nov 2011 11:31:50 -0500 To: Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com Cc: John Dickinson m...@not.mnmailto:m...@not.mn, Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com, openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Thanks Jason, I am indeed working off stable/diablo. It looks like I'm going to have to use mod_proxy and mod_rewrite to migrate my users form AUTH_account_name to AUTH_tenant_id Any other ideas for this sort of migration? -judd On Mon, Nov 21, 2011 at 9:42 AM, Rouault, Jason (Cloud Services) jason.roua...@hp.commailto:jason.roua...@hp.com wrote: Yes, I am aware of the new swift code for Keystone, but the question came from Judd who may be working off of Diablo-stable. -Original Message- From: John Dickinson [mailto:m...@not.mnmailto:m...@not.mn] Sent: Sunday, November 20, 2011 8:59 AM To: Rouault, Jason (Cloud Services) Cc: Ziad Sawalha; Judd Maltin; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled for Tuesday)? --John On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote: Ziad, I think the problem is that the 'swift' command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token. With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request. Jason From: openstack-bounces+jason.rouault=hp@lists.launchpad.netmailto:hp@lists.launchpad.net [mailto:openstack-bounces+jason.rouaultmailto:openstack-bounces%2Bjason.rouault=hp@lists.launchpad.netmailto:hp@lists.launchpad.net] On Behalf Of Ziad Sawalha Sent: Friday, November 18, 2011 2:10 PM To: Judd Maltin; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Judd - I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone? From: Judd Maltin j...@newgoliath.commailto:j...@newgoliath.com Date: Fri, 18 Nov 2011 15:22:09 -0500 To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants? i.e. in tempauth we use account:username password curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0 in swiftauth we use username password: $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v StorageURL: http://127.0.0.1:/v1/AUTH_1234 Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3 Account: AUTH_12 How can I indicate my tenant (aka account) in this scheme. I already have lots of data. Further, should I create custom endpoint templates for each tenant to address Account: AUTH_12 being unknown to my current swift account db? Thanks very much, -judd -- Judd Maltin T: 917-882-1270tel:917-882-1270 F: 501-694-7809tel:501-694-7809 A loving heart is never wrong. ___ Mailing list: https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack Post to :openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack More help : https
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
Ziad, I think the problem is that the 'swift' command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token. With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request. Jason From: openstack-bounces+jason.rouault=hp@lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp@lists.launchpad.net] On Behalf Of Ziad Sawalha Sent: Friday, November 18, 2011 2:10 PM To: Judd Maltin; openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Judd - I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone? From: Judd Maltin j...@newgoliath.com Date: Fri, 18 Nov 2011 15:22:09 -0500 To: openstack@lists.launchpad.net Subject: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants? i.e. in tempauth we use account:username password curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0 in swiftauth we use username password: $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v StorageURL: http://127.0.0.1:/v1/AUTH_1234 Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3 Account: AUTH_12 How can I indicate my tenant (aka account) in this scheme. I already have lots of data. Further, should I create custom endpoint templates for each tenant to address Account: AUTH_12 being unknown to my current swift account db? Thanks very much, -judd -- Judd Maltin T: 917-882-1270 F: 501-694-7809 A loving heart is never wrong. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp smime.p7s Description: S/MIME cryptographic signature ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
A tenant is what used to be called a project in nova, and an account in swift. When you validate a token using keystone you get the account (tenant) and the user who is performing the account (who is a member of the tenant) Jesse On Sun, Nov 20, 2011 at 7:58 AM, John Dickinson m...@not.mn wrote: I don't think that is exactly right, but my understanding of tenants vs accounts vs users may be lacking. Nonetheless, auth v2.0 support was added to the swift cli tool by Chmouel recently. Have you tried with the code in swift's trunk (also the 1.4.4 release scheduled for Tuesday)? --John On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote: Ziad, I think the problem is that the ‘swift’ command scopes a user to an account(tenant) via the concatenation of account:username when providing credentials for a valid token. With Keystone and /v2.0 auth the tenantId (or tenantName) are passed in the body of the request. Jason From: openstack-bounces+jason.rouault=hp@lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp@lists.launchpad.net] On Behalf Of Ziad Sawalha Sent: Friday, November 18, 2011 2:10 PM To: Judd Maltin; openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? Hi Judd – I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone? From: Judd Maltin j...@newgoliath.com Date: Fri, 18 Nov 2011 15:22:09 -0500 To: openstack@lists.launchpad.net Subject: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants? i.e. in tempauth we use account:username password curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0 in swiftauth we use username password: $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v StorageURL: http://127.0.0.1:/v1/AUTH_1234 Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3 Account: AUTH_12 How can I indicate my tenant (aka account) in this scheme. I already have lots of data. Further, should I create custom endpoint templates for each tenant to address Account: AUTH_12 being unknown to my current swift account db? Thanks very much, -judd -- Judd Maltin T: 917-882-1270 F: 501-694-7809 A loving heart is never wrong. ___ Mailing list: https://launchpad.net/~openstack Post to :openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone Swift: swiftauth tenant namespace collisions?
Hi Judd – I'm not sire I understand. Can you give me an example of two tenants, their usernames, and the endpoints you would like them to have in Keystone? From: Judd Maltin j...@newgoliath.commailto:j...@newgoliath.com Date: Fri, 18 Nov 2011 15:22:09 -0500 To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: [Openstack] Keystone Swift: swiftauth tenant namespace collisions? In keystone auth for swift (swiftauth), is there a way to eliminate namespace conflicts across tenants? i.e. in tempauth we use account:username password curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing' http://127.0.0.1:8080/auth/v1.0 in swiftauth we use username password: $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v StorageURL: http://127.0.0.1:/v1/AUTH_1234 Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3 Account: AUTH_12 How can I indicate my tenant (aka account) in this scheme. I already have lots of data. Further, should I create custom endpoint templates for each tenant to address Account: AUTH_12 being unknown to my current swift account db? Thanks very much, -judd -- Judd Maltin T: 917-882-1270 F: 501-694-7809 A loving heart is never wrong. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp