swift3(s3) works like ec2-api. 1. swift3/ec2-api recieves AWS request 2. it parses signature and access_key (and other headers) 3. it sends these values (and token that calculated from request) to keystone 4. keystone gets secret_key from DB, then calculates signature by recieved access_key and token 5. keystone compares recived signature and claculated signature and then return 'error' or auth_token 6. swift3/ec2-api recieves answer from keystone and return 'forbidden' or continues execution 7. in case of continue swift3/ec2-api uses recieved auth_token for calls other services: nova, cinder, neutron, swift...
So I don't understand how implement this functionality outside of keystone... On Fri, Feb 5, 2016 at 8:55 PM, Tim Bell <tim.b...@cern.ch> wrote: > >> >> Is it certain that there is no need for the functions with the new EC2-API >> functions ? >> >> The S3 functions are somewhat separated from the EC2 API. How does SWIFT >> implement the S3 compatibility layer ? >> >> Getting a ‘to be deprecated’ log entry into Mitaka would be useful to make >> sure we’re not using it somewhere else. >> > > This would be just a deprecation warning. Removal would be determined at a > later time with sufficient lead time. > > Do you know how S3 with SWIFT works ? Would they need to do something like > EC2-API ? > > Tim > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Kind regards, Andrey Pavlov. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev