| *** openstackgerrit has joined #swift3 | 08:44 | |
| openstackgerrit | Kota Tsuyuzaki proposed openstack/swift3 master: Don't merge: Check if email can be used to replace multifile https://review.openstack.org/512543 | 08:44 |
|---|---|---|
| *** NM has joined #swift3 | 09:51 | |
| openstackgerrit | Kota Tsuyuzaki proposed openstack/swift3 master: Don't merge: Check if email can be used to replace multifile https://review.openstack.org/512543 | 09:58 |
| *** _CrustY has quit IRC | 10:24 | |
| *** NM has quit IRC | 10:25 | |
| *** _CrustY has joined #swift3 | 10:25 | |
| openstackgerrit | Kota Tsuyuzaki proposed openstack/swift3 master: Don't merge: Check if email can be used to replace multifile https://review.openstack.org/512543 | 10:26 |
| *** openstackgerrit has quit IRC | 10:33 | |
| *** NM has joined #swift3 | 10:47 | |
| *** NM has quit IRC | 10:52 | |
| *** openstackgerrit has joined #swift3 | 11:19 | |
| openstackgerrit | Kota Tsuyuzaki proposed openstack/swift3 master: Don't merge: Check if email can be used to replace multifile https://review.openstack.org/512543 | 11:19 |
| *** tgk has joined #swift3 | 13:46 | |
| *** NM has joined #swift3 | 14:54 | |
| *** chsc has joined #swift3 | 16:33 | |
| *** chsc has quit IRC | 16:33 | |
| *** chsc has joined #swift3 | 16:33 | |
| *** nikivi has quit IRC | 16:36 | |
| NM | Hi everyone! We have a custom authentication middleware before swift3 which validates our users and sets authorize_override = True. I check out that Keystone verifies this variable to bypass authentication but I didn’t find anything like that on swift3. Is it possible to sinalize to swift3 that the request was already authenticated? | 16:48 |
| timburke | NM: swift3 should only care about the request if there's an Authorization header or query params that make it look like an S3 request -- normal swift requests pass right through | 16:55 |
| *** nikivi has joined #swift3 | 16:57 | |
| NM | timburke: I see. The problem is that our custom middleware also uses the Authorization header. (It was 'inspired' on swauth) | 16:57 |
| timburke | what's the Authorization header look like? | 16:58 |
| NM | Authorization: Bearer AREALLYBIGHASHWITHLETTERSANDNUMBER1234567890l+Dw== | 17:00 |
| timburke | ugh. we should have broken https://github.com/openstack/swift3/blob/1.12/swift3/request.py#L555-L556 out to two cases -- not auth_str.startswith('AWS ') should really raise NotS3Request... | 17:02 |
| timburke | sorry :-( | 17:02 |
| timburke | for some reason i thought that we would pass through any Authorization headers that didn't start with either 'AWS ' or 'AWS4-HMAC-SHA256 '.... i'd really intended for that to be the case... | 17:03 |
| NM | timburke: Thanks for the explanation! We were looking for the specific part which was returning the 403. | 17:14 |
| *** caiobrentano has joined #swift3 | 17:16 | |
| *** NM has quit IRC | 19:03 | |
| *** NM has joined #swift3 | 19:07 | |
| *** NM has quit IRC | 19:42 | |
| *** NM has joined #swift3 | 19:46 | |
| *** NM has quit IRC | 20:04 | |
| *** NM has joined #swift3 | 20:05 | |
| *** NM has quit IRC | 21:09 | |
| *** caiobrentano has quit IRC | 21:16 | |
| *** tgk has quit IRC | 21:30 | |
| *** NM has joined #swift3 | 21:56 | |
| *** NM has quit IRC | 22:00 | |
| *** chsc has quit IRC | 23:38 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!