[英]OpenStack Swift + Keystone: Unable to determine tenancy
I'm trying to access Swift with curl using Keystone-based authentication (following the Keystone API docs here ). 我正在尝试使用基于Keystone的身份验证通过curl访问Swift,(在此遵循Keystone API文档 )。
curl -d '{"auth": {"passwordCredentials": {
"username": "USERNAME", "password": "PASSWORD"}}}' \
-H "Content-Type: application/json" \
http://identity:35357/v2.0/tokens
Response: 响应:
{
"access": {
"token": {
"expires": "2014-02-27T11:35:11Z",
"id": "TOKENID"
},
"serviceCatalog": [],
"user": {
"username": "USERNAME",
"roles_links": [],
"id": "USERID",
"roles": [],
"name": "NAME"
}
}
}
Note that, contrary to what's said in the API docs , the tenant info is missing from the response. 请注意,与API文档中所说的相反,响应中缺少租户信息。
curl -H "X-Auth-Token: TOKENID" http://swift/v1/AUTH_TENANTID/bucket
Response: 401 Unauthorized
回应:
401 Unauthorized
After looking inside the Keystone auth_token middleware, I found that it fails when trying to fetch the tenant from the token data: 查看Keystone auth_token中间件后,我发现尝试从令牌数据中获取租户时失败:
def get_tenant_info():
"""Returns a (tenant_id, tenant_name) tuple from context."""
def essex():
"""Essex puts the tenant ID and name on the token."""
return (token['tenant']['id'], token['tenant']['name'])
def pre_diablo():
"""Pre-diablo, Keystone only provided tenantId."""
return (token['tenantId'], token['tenantId'])
def default_tenant():
"""Pre-grizzly, assume the user's default tenant."""
return (user['tenantId'], user['tenantName'])
for method in [essex, pre_diablo, default_tenant]:
try:
return method()
except KeyError:
pass
raise InvalidUserToken('Unable to determine tenancy.')
Since there is no tenant info in the token data, it always fails. 由于令牌数据中没有租户信息,因此它总是失败。 What might I be doing wrong?
我可能做错了什么?
This answer addresses your initial authentication question, but not the rest of the question... 该答案解决了您最初的身份验证问题,但未解决其余问题...
Your initial request: 您的最初要求:
curl -d '{"auth": {"passwordCredentials": {
"username": "USERNAME", "password": "PASSWORD"}}}' \
-H "Content-Type: application/json" \
http://identity:35357/v2.0/tokens
Needs to provide either a tenantName
or tenantId
attribute. 需要提供一个
tenantName
或tenantId
属性。 With either of these supplied, your reply should include both the tenant information and a service catalog, for looking up other service endpoints. 使用提供的任何一种,您的答复应同时包括租户信息和服务目录,以查找其他服务端点。
So: 所以:
curl -d '{"auth": {"tenantName": "mytenant", "passwordCredentials": {
"username": "USERNAME", "password": "PASSWORD"}}}' \
-H "Content-Type: application/json" \
http://identity:35357/v2.0/tokens
Which should get you something like this: 哪个应该给你这样的东西:
{
"access": {
"metadata": {
"roles": [
"9fe2ff9ee4384b1894a90878d3e92bab",
"0ecb6fccfd8546148cbb00b6d51364ce"
],
"is_admin": 0
},
"user": {
"name": "lars",
"roles": [
{
"name": "_member_"
},
{
"name": "admin"
}
],
"id": "436d522125584cf3a21ddcf628d59e2e",
"roles_links": [],
"username": "lars"
},
"serviceCatalog": [
{
"name": "nova",
"type": "compute",
"endpoints_links": [],
"endpoints": [
{
"publicURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2",
"id": "264f2b4179ca4d6ca3a62b7347db11ce",
"internalURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2",
"region": "RegionOne",
"adminURL": "http://192.168.200.1:8774/v2/28a490a259974817b88ce490a74df8d2"
}
]
},
.
.
.
],
"token": {
"tenant": {
"name": "users/lars",
"id": "28a490a259974817b88ce490a74df8d2",
"enabled": true,
"description": null
},
"id": "TOKENID",
"expires": "2014-02-21T20:07:36Z",
"issued_at": "2014-02-20T20:07:36.189044"
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.