1

我正在尝试使用基于 Keystone 的身份验证通过 curl 访问 Swift(遵循此处的 Keystone API 文档)。

第 1 章:获取令牌:

curl -d '{"auth": {"passwordCredentials": {
                     "username": "USERNAME", "password": "PASSWORD"}}}' \
     -H "Content-Type: application/json" \
     http://identity:35357/v2.0/tokens

回复:

{
  "access": {
    "token": {
      "expires": "2014-02-27T11:35:11Z", 
      "id": "TOKENID"
    }, 
    "serviceCatalog": [], 
    "user": {
      "username": "USERNAME", 
      "roles_links": [], 
      "id": "USERID", 
      "roles": [], 
      "name": "NAME"
    }
   }
}

请注意,与API 文档中所说的相反,响应中缺少租户信息。

第 2 章:身份验证

curl -H "X-Auth-Token: TOKENID" http://swift/v1/AUTH_TENANTID/bucket

回复:401 Unauthorized

第 3 章:故障排除

在查看 Keystone auth_token 中间件后,我发现它在尝试从令牌数据中获取租户时失败:

def get_tenant_info():
    """Returns a (tenant_id, tenant_name) tuple from context."""
    def essex():
        """Essex puts the tenant ID and name on the token."""
        return (token['tenant']['id'], token['tenant']['name'])

    def pre_diablo():
        """Pre-diablo, Keystone only provided tenantId."""
         return (token['tenantId'], token['tenantId'])

    def default_tenant():
        """Pre-grizzly, assume the user's default tenant."""
        return (user['tenantId'], user['tenantName'])

    for method in [essex, pre_diablo, default_tenant]:
        try:
            return method()
        except KeyError:
             pass

    raise InvalidUserToken('Unable to determine tenancy.')

由于令牌数据中没有租户信息,因此总是失败。我可能做错了什么?

4

1 回答 1

1

这个答案解决了您最初的身份验证问题,但不是问题的其余部分......

您的初始要求:

curl -d '{"auth": {"passwordCredentials": {
                     "username": "USERNAME", "password": "PASSWORD"}}}' \
     -H "Content-Type: application/json" \
     http://identity:35357/v2.0/tokens

需要提供一个tenantNametenantId属性。如果提供了其中任何一个,您的回复应该包括租户信息服务目录,以查找其他服务端点。

所以:

curl -d '{"auth": {"tenantName": "mytenant", "passwordCredentials": {
                         "username": "USERNAME", "password": "PASSWORD"}}}' \
         -H "Content-Type: application/json" \
         http://identity:35357/v2.0/tokens

这应该让你得到这样的东西:

{
  "access": {
    "metadata": {
      "roles": [
        "9fe2ff9ee4384b1894a90878d3e92bab",
        "0ecb6fccfd8546148cbb00b6d51364ce"
      ],
      "is_admin": 0
    },
    "user": {
      "name": "lars",
      "roles": [
        {
          "name": "_member_"
        },
        {
          "name": "admin"
        }
      ],
      "id": "436d522125584cf3a21ddcf628d59e2e",
      "roles_links": [],
      "username": "lars"
    },
    "serviceCatalog": [
      {
        "name": "nova",
        "type": "compute",
        "endpoints_links": [],
        "endpoints": [
          {
            "publicURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2",
            "id": "264f2b4179ca4d6ca3a62b7347db11ce",
            "internalURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2",
            "region": "RegionOne",
            "adminURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2"
          }
        ]
      },
      .
      .
      .
    ],
    "token": {
      "tenant": {
        "name": "users/lars",
        "id": "28a490a259974817b88ce490a74df8d2",
        "enabled": true,
        "description": null
      },
      "id": "TOKENID",
      "expires": "2014-02-21T20:07:36Z",
      "issued_at": "2014-02-20T20:07:36.189044"
    }
  }
}
于 2014-02-26T12:16:40.617 回答