S3 API Middleware

Registered by Chuck Thier

A large part of the s3 api should be able to be provided in swift by creating a piece of middleware that massages the S3 style request into a swift request, and massage the swift return values to XML understood by S3 clients.

Blueprint information

Status:
Complete
Approver:
Rick Clark
Priority:
Low
Drafter:
Chuck Thier
Direction:
Needs approval
Assignee:
Chuck Thier
Definition:
Pending Approval
Series goal:
Accepted for 1.2
Implementation:
Implemented
Milestone target:
milestone icon 1.2.0
Started by
Chuck Thier
Completed by
Thierry Carrez

Sprints

Whiteboard

2011-01-13: added unit tests (asked by Chuck Thier)
2011-01-06: GET and HEAD handling was improved (many thanks to Mike, again!) and s3.py was renamed to swift3.py (suggested by Chuck Thier)
2011-01-05: I updated the branch (clean up the response and error handling code, many thanks to Mike Barton).

Too late? I've just uploaded the updated branch and made a proposal to merge the branch.
Not too late, comment was based on your update :) -- ttx

Seems that the following operations work with boto:

- List of buckets
- Create bucket
- Delete bucket
- List of objects in a bucket
- PUT object
- GET object
- DELETE object
- HEAD object

Swift account (something like AUTH_89308df71f274e33af17779606f08fa0) is used as AWSAccessKeyId.
Swift password (passed to swift-auth-add-user) is used as AWS Secret Access Key.

S3 client concatenates selected elements of a request to form a string, uses AWS Secret Access Key to calculate the HMAC of that string, and then put the HMAC value to the HTTPAuthorization header.

The proxy server sends the account info, the formed string of a request, and the HMAC value included with the request to the auth server. The auth server finds AWS Secret Access Key from the account info, use the key to calculate the HMAC of the string, and sees if it matches the HMAC value.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.