0

我希望每个人(未经授权)都可以从我的测试 swift 服务器存储/读取对象。有没有办法完全禁用身份验证?我已获得以下用户 (proxy-server.conf) 的授权:

[filter:tempauth]
use = egg:swift#tempauth
user_test_tester = testing .admin

但也想给非用户向我的服务器发出请求的可能性。

4

2 回答 2

1

这取决于您要使用什么样的请求以及您使用的身份验证中间件。如果您使用的是 keystone,那么您将无法使用容器级别的权限。您可以将容器的权限设置为公开。

curl -X POST -i \
   -H "X-Auth-Token: abcdeftoken" \
   -H "X-Container-Read: .r:*" \
   -H "X-Container-Write: .r:*" \
   http://swift.example.com/v1/AUTH_testing/container
于 2017-01-26T02:04:39.630 回答
0

您可以使用或配置您的代理服务器no authentication middleware管道。在第一个解决方案中,您不需要提供任何密码。在第二种解决方案中,您可以在配置中设置用户、组和密码,最后一个联系 keystone 服务器进行识别。tempauthkeystoneauth

例子:

[pipeline:main]
### no pass
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit copy container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

### tempauth
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server

### keystoneauth
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server


[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

# https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = SWIFT_PASS # change this
delay_auth_decision = True
log_level = debug
service_token_roles_required = True

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
于 2018-06-14T23:05:49.713 回答