Swift v2.0 auth with ECS

Swift v2 auth to ECSIn that post I’d like to show how to authorise with Swift v2. Simple curl commends are used.

  • Namespace ns1 is configured.  Swift v2.0 auth with ECS
  • user1 was configured during the ECS implementation. Swift password is 1Oz0UVShl3fQs9kEm/YhGjscHh6jDSIoOZV52XDBSwift v2.0 auth with ECS

 

  • Authenticate with user and password.
myhost$ curl -v -d '{"auth":{"passwordCredentials":{"username": "user1", "password": "1Oz0UVShl3fQs9kEm/YhGjscHh6jDSIoOZV52XDB"}}}' http://10.76.246.143:9024/v2.0/tokens
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> POST /v2.0/tokens HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 110
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 110 out of 110 bytes
< HTTP/1.1 415 Unsupported Media Type
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1304
< Server: Jetty(7.6.4.v20120524)
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 415 Unsupported Media Type</title>
</head>
<body>
<h2>HTTP ERROR: 415</h2>
<p>Problem accessing /v2.0/tokens. Reason:
<pre> Unsupported Media Type</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
</body>
</html>
* Connection #0 to host 10.76.246.143 left intact
  • Request failed with the Unsupported Media Type error
  • Scecify Json Type in the request’sheader
myhost$ curl -v -d '{"auth":{"passwordCredentials":{"username": "user1", "password": "1Oz0UVShl3fQs9kEm/YhGjscHh6jDSIoOZV52XDB"}}}' -H "Content-type: application/json" http://10.76.246.143:9024/v2.0/tokens
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> POST /v2.0/tokens HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> Content-Length: 110
>
* upload completely sent off: 110 out of 110 bytes
< HTTP/1.1 200 OK
< Date: Mon, 16 May 2016 11:44:01 GMT
< Content-Type: application/xml
< Content-Length: 218
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns="http://docs.openstack.org/identity/api/v2.0">
<token id="ECS_c4dabcafd83544aab49be25153f9edc2" expires="1463468789113"/>
<user name="user1"/>
</access> 
  • Lets check the Header of the request with Wireshark
  • POST request to /v2.0/tokensSwift v2.0 auth with ECS 
  • Response with Auth v2 TokenSwift v2.0 auth with ECS

 

  • Get the list of available NameSpaces
myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_c4dabcafd83544aab49be25153f9edc2" http://10.76.246.143:9024/v2.0/tenants
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> GET /v2.0/tenants HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_c4dabcafd83544aab49be25153f9edc2
>
< HTTP/1.1 200 OK
< Date: Mon, 16 May 2016 12:20:16 GMT
< Content-Type: application/xml
< Content-Length: 179
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants
xmlns="http://docs.openstack.org/identity/api/v2.0">
<tenant description="ns1" enabled="true" name="ns1"/>
</tenants>
  • GET request to /v2.0/tenantsSwift v2.0 auth with ECS
  • Name of the NameSpaces is returnedSwift v2.0 auth with ECS
  • Authenticate with the ns1 namespace
myhost$ curl -v -d '{"auth":{"passwordCredentials":{"username": "user1", "password": "1Oz0UVShl3fQs9kEm/YhGjscHh6jDSIoOZV52XDB"}, "tenantName": "ns1"}}' -H "Content-type: application/json" http://10.76.246.143:9024/v2.0/tokens
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> POST /v2.0/tokens HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> Content-Length: 131
>
* upload completely sent off: 131 out of 131 bytes
< HTTP/1.1 200 OK
< Date: Mon, 16 May 2016 12:29:32 GMT
< Content-Type: application/xml
< Content-Length: 542
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns="http://docs.openstack.org/identity/api/v2.0">
<token id="ECS_2ed70411ddb34eddbd33d1647269f63c" expires="1463468789310">
<tenant description="ns1" enabled="true" id="ns1" name="ns1"/>
</token>
<user name="user1" id="user1">
<roles>
<role name="admin"/>
</roles>
</user>
<serviceCatalog>
<service type="object-store" name="Swift">
<endpoints region="VDC1" internalURL="http://10.76.246.143:9024/v1/ns1" publicURL="http://10.76.246.143:9024/v1/ns1"/>
</service>
</serviceCatalog>
</access>
  • SSL request is secure and can’t be sniffed
myhost$ curl --insecure -v -d '{"auth":{"passwordCredentials":{"username": "user1", "password": "1Oz0UVShl3fQs9kEm/YhGjscHh6jDSIoOZV52XDB"}, "tenantName": "ns1"}}' -H "Content-type: application/json" https://10.76.246.143:9025/v2.0/tokens

 Swift v2.0 auth with ECS

  • Get a list of buckets.
  • Specify x-auth-token
  • No buckets created yet
myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63chttp://10.76.246.143:9024/v1/ns1
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> GET /v1/ns1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 204 No Content
< X-Timestamp: 1462265054
< Accept-Ranges: bytes
< X-Account-Bytes-Used: 0
< X-Account-Container-Count: 0
< X-Account-Object-Count: 0
< x-emc-request-id: 0a4cf68f:15475b21438:444:15
< X-Trans-Id: tx0a4cf68f15475b2143844-41500000000
< Date: Mon, 16 May 2016 12:45:30 GMT
< Content-Length: 0
< Content-Type: text/plain
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact
  • Lets create and check a bucket
myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1/Folder1 -X PUT
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> PUT /v1/ns1/Folder1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 201 Created
< x-emc-request-id: 0a4cf68f:15475b21438:466:17
< X-Trans-Id: tx0a4cf68f15475b2143846-61700000000
< Date: Mon, 16 May 2016 12:49:45 GMT
< Content-Type: text/html
< Content-Length: 0
< Location: http://10.76.246.143:9024/v1/ns1/Folder1
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact

myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> GET /v1/ns1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 200 OK
< X-Timestamp: 1462265054
< Accept-Ranges: bytes
< X-Account-Bytes-Used: 0
< X-Account-Container-Count: 1
< X-Account-Object-Count: 0
< x-emc-request-id: 0a4cf68f:15475b21438:467:7
< X-Trans-Id: tx0a4cf68f15475b2143846-7700000000
< Date: Mon, 16 May 2016 12:49:51 GMT
< Content-Length: 8
< Content-Type: text/plain
< Server: Jetty(7.6.4.v20120524)
<
Folder1
* Connection #0 to host 10.76.246.143 left intact
  • Bucket is created
  • User1 is the owner of the buckerq8
  • Upload a file
myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1/Folder1/testfile1 -X PUT -T testfile1
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> PUT /v1/ns1/Folder1/testfile1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
> Content-Length: 4032
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 201 Created
< x-emc-request-id: 0a4cf68f:15475b21438:488:13
< X-Trans-Id: tx0a4cf68f15475b2143848-81300000000
< Date: Mon, 16 May 2016 12:56:46 GMT
< ETag: ddf62f66ae5bff644c847d9cd9961767
< Content-Type: application/json
< Last-Modified: Mon, 16 May 2016 12:56:46 GMT
< X-Timestamp: 1463403406
< x-emc-mtime: 1463403406303
< Content-Length: 0
< Location: http://10.76.246.143:9024/v1/ns1/Folder1/testfile1
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact

myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1/Folder1
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> GET /v1/ns1/Folder1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 200 OK
< x-emc-is-stale-allowed: false
< X-Container-Object-Count: 0
< Accept-Ranges: bytes
< X-Timestamp: 1463402985694
< X-Container-Bytes-Used: 0
< Content-Length: 10
< x-emc-request-id: 0a4cf68f:15475b21438:48c:d
< X-Trans-Id: tx0a4cf68f15475b2143848-cd00000000
< Date: Mon, 16 May 2016 12:56:58 GMT
< Content-Type: text/plain
< Server: Jetty(7.6.4.v20120524)
<
testfile1
* Connection #0 to host 10.76.246.143 left intact
  • Delete the file
myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1/Folder1/testfile1 -X DELETE
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> DELETE /v1/ns1/Folder1/testfile1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 204 No Content
< x-emc-request-id: 0a4cf68f:15475b21438:4ad:17
< X-Trans-Id: tx0a4cf68f15475b214384a-d1700000000
< Date: Mon, 16 May 2016 13:00:11 GMT
< Content-Type: text/plain
< Content-Length: 0
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact

myhost$ curl -v -H "Content-type: application/json" -H "x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c" http://10.76.246.143:9024/v1/ns1/Folder1
*   Trying 10.76.246.143...
* Connected to 10.76.246.143 (10.76.246.143) port 9024 (#0)
> GET /v1/ns1/Folder1 HTTP/1.1
> Host: 10.76.246.143:9024
> User-Agent: curl/7.43.0
> Accept: */*
> Content-type: application/json
> x-auth-token: ECS_2ed70411ddb34eddbd33d1647269f63c
>
< HTTP/1.1 204 No Content
< x-emc-is-stale-allowed: false
< X-Container-Object-Count: 0
< Accept-Ranges: bytes
< X-Timestamp: 1463402985694
< X-Container-Bytes-Used: 0
< Content-Length: 0
< x-emc-request-id: 0a4cf68f:15475b21438:4ae:b
< X-Trans-Id: tx0a4cf68f15475b214384a-eb00000000
< Date: Mon, 16 May 2016 13:00:20 GMT
< Content-Type: text/plain
< Server: Jetty(7.6.4.v20120524)
<
* Connection #0 to host 10.76.246.143 left intact

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s