x/swift3
Code Issues Proposed changes
swift3/etc/proxy-server.conf-sample
Naoto Nishizono ff12a24b2a Fix the response of GET Service to get only buckets owner are request user 
Add check owner process of each buckets in the bucket list for GET
service, when s3_acl and check_bucket_owner are true.

Current Swift3 returns all bucket, but it should return only buckets
owner are request user.

Change-Id: I77886e59d02aaa86659a8e15da35b23e2cbf402b
2015-01-23 14:37:44 +09:00

150 lines
5.3 KiB
Plaintext
Raw Blame History

[DEFAULT]
[pipeline:main]
# This is the minimum pipeline for Swift3. See swift manual if you want to add
# more middleware.
#
# Keystone pipeline
pipeline = proxy-logging cache swift3 s3token authtoken keystoneauth bulk slo proxy-logging proxy-server
# Tempauth pipeline
# pipeline = proxy-logging cache swift3 tempauth bulk slo proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
[filter:tempauth]
# See swift manual for more details.
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:swift3]
use = egg:swift3#swift3
# Swift has no concept of the S3's resource owner; the resources
# (i.e. containers and objects) created via the Swift API have no owner
# information. This option specifies how the swift3 middleware handles them
# with the S3 API. If this option is 'false', such kinds of resources will be
# invisible and no users can access them with the S3 API. If set to 'true',
# the resource without owner is belong to everyone and everyone can access it
# with the S3 API. If you care about S3 compatibility, set 'false' here. This
# option makes sense only when the s3_acl option is set to 'true' and your
# Swift cluster has the resources created via the Swift API.
# allow_no_owner = false
#
# Set a region name of your Swift cluster. Note that Swift3 doesn't choose a
# region of the newly created bucket actually. This value is used only for the
# GET Bucket location API.
# location = US
#
# Set the default maximum number of objects returned in the GET Bucket
# response.
# max_bucket_listing = 1000
#
# Set the maximum number of parts returned in the List Parts operation.
# (default: 1000)
# When setting it to be larger than 10000, set to be larger
# container_listing_limit in swift.conf.(specification of S3: 1000)
# max_parts_listing = 1000
#
# Set the maximum number of objects we can delete with the Multi-Object Delete
# operation.
# max_multi_delete_objects = 1000
#
# If set to 'true', Swift3 uses its own metadata for ACL
# (e.g. X-Container-Sysmeta-Swift3-Acl) to achieve the best S3 compatibility.
# If set to 'false', Swift3 tries to use Swift ACL (e.g. X-Container-Read)
# instead of S3 ACL as far as possible. If you want to keep backward
# compatibility with Swift3 1.7 or earlier, set false here
# If set to 'false' after set to 'true' and put some container/object,
# all users will be able to access container/object.
# Note that s3_acl doesn't keep the acl consistency between S3 API and Swift
# API. (e.g. when set s3acl to true and PUT acl, we won't get the acl
# information via Swift API at all and the acl won't be applied against to
# Swift API even if it is for a bucket currently supported.)
# Note that s3_acl currently supports only keystone and tempauth.
# DON'T USE THIS for production before enough testing for your use cases.
# This stuff is still under development and it might cause something
# you don't expect.
# s3_acl = false
#
# Specify a host name of your Swift cluster. This enables virtual-hosted style
# requests.
# storage_domain =
#
# Enable pipeline order check for SLO, s3token, authtoken, keystoneauth according to
# standard swift3/Swift construction using either tempauth or keystoneauth.
# If the order is incorrect, it raises a except to stop proxy.
# Turn auth_pipeline_check off only when you want to bypass these authenticate
# middlewares in order to use other 3rd party (or your proprietary) authenticate middleware.
# auth_pipeline_check = True
#
# Set the maximum number of parts for Upload Part operation.(default: 1000)
# When setting it to be larger than the default value in order to match the
# specification of S3, set to be larger max_manifest_segments for slo
# middleware.(specification of S3: 10000)
# max_upload_part_num = 1000
#
# Enable returning only buckets which owner are the user who requested
# GET Service operation. (default: false)
# If you want to enable the above feature, set this and s3_acl to true.
# That might cause significant performance degradation. So, only if your
# service absolutely need this feature, set this setting to true.
# If you set this to false, Swift3 returns all buckets.
# check_bucket_owner = false
#
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
# AWS S3 document says that each part must be at least 5 MB in a multipart
# upload, except the last part.
min_segment_size = 5242880
[filter:dlo]
use = egg:swift#dlo
[filter:cache]
use = egg:swift#memcache
[filter:s3token]
# See swift manual for more details.
paste.filter_factory = keystone.middleware.s3_token:filter_factory
auth_host = keystonehost
auth_port = 35357
auth_protocol = http
auth_uri = http://keystonehost:5000/
admin_tenant_name = service
admin_user = swift
admin_password = password
cache = swift.cache
[filter:authtoken]
# See swift manual for more details.
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = keystonehost
auth_port = 35357
auth_protocol = http
auth_uri = http://keystonehost:5000/
admin_tenant_name = service
admin_user = swift
admin_password = password
cache = swift.cache
[filter:keystoneauth]
# See swift manual for more details.
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
View Git Blame Copy Permalink