[openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

Looking over the state [and relatively untested nature] of the Keystone EC2 API and S3Token APIs, I want to propose deprecating these mechanisms of auth within Keystone at this time. These systems have been historically poorly tested and supported and have remained broken / incompatible for long

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

+1 this is a totally logical move, especially given that the current implementation back to the /v3/credentials API anyway. On Friday, February 5, 2016, Morgan Fainberg wrote: > Looking over the state [and relatively untested nature] of the Keystone > EC2 API and

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

> > Is it certain that there is no need for the functions with the new EC2-API > functions ? > > The S3 functions are somewhat separated from the EC2 API. How does SWIFT > implement the S3 compatibility layer ? > > Getting a ‘to be deprecated’ log entry into Mitaka would be useful to make >

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

On Feb 5, 2016 09:43, "Tim Bell" wrote: > > > Is it certain that there is no need for the functions with the new EC2-API functions ? > > The S3 functions are somewhat separated from the EC2 API. How does SWIFT implement the S3 compatibility layer ? > > Getting a ‘to be

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

not using it somewhere else. Tim From: Dolph Mathews Reply-To: "OpenStack Development Mailing List (not for usage questions)" Date: Friday 5 February 2016 at 17:07 To: "OpenStack Development Mailing List (not for usage questions)" Subject: Re: [openstack-dev] [keystone][ec2-

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

swift3(s3) works like ec2-api. 1. swift3/ec2-api recieves AWS request 2. it parses signature and access_key (and other headers) 3. it sends these values (and token that calculated from request) to keystone 4. keystone gets secret_key from DB, then calculates signature by recieved access_key and

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

On Fri, Feb 5, 2016 at 12:37 PM, Andrey Pavlov wrote: > swift3(s3) works like ec2-api. > > 1. swift3/ec2-api recieves AWS request > 2. it parses signature and access_key (and other headers) > 3. it sends these values (and token that calculated from request) to > keystone >

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

Can it be implemented as keystone plugin? Is it possible to 'get' AUTH_TOKEN outside of keystone? Will this code use keystone DB or it should create own? So we will need one 'auth' module for swift3/ec2-api. Sounds good but we need to understand some details before implementation. On Fri, Feb 5,

Re: [openstack-dev] [keystone][ec2-api] Moving EC2 Auth and S3Token to Externally supported

On Fri, Feb 5, 2016 at 1:03 PM, Dolph Mathews wrote: > > On Fri, Feb 5, 2016 at 12:37 PM, Andrey Pavlov > wrote: > >> swift3(s3) works like ec2-api. >> >> 1. swift3/ec2-api recieves AWS request >> 2. it parses signature and access_key (and other