X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fdoc%2Fradosgw%2Fswift%2Ftempurl.rst;fp=src%2Fceph%2Fdoc%2Fradosgw%2Fswift%2Ftempurl.rst;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=517e5c35dbf779896be29c4bc94ef4b522622d68;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/doc/radosgw/swift/tempurl.rst b/src/ceph/doc/radosgw/swift/tempurl.rst deleted file mode 100644 index 517e5c3..0000000 --- a/src/ceph/doc/radosgw/swift/tempurl.rst +++ /dev/null @@ -1,84 +0,0 @@ -==================== - Temp URL Operations -==================== - -To allow temporary access (for eg for `GET` requests) to objects -without the need to share credentials, temp url functionality is -supported by swift endpoint of radosgw. For this functionality, -initially the value of `X-Account-Meta-Temp-URL-Key` and optionally -`X-Account-Meta-Temp-URL-Key-2` should be set. The Temp URL -functionality relies on a HMAC-SHA1 signature against these secret -keys. - -POST Temp-URL Keys -================== - -A ``POST`` request to the swift account with the required Key will set -the secret temp url key for the account against which temporary url -access can be provided to accounts. Up to two keys are supported, and -signatures are checked against both the keys, if present, so that keys -can be rotated without invalidating the temporary urls. - -Syntax -~~~~~~ - -:: - - POST /{api version}/{account} HTTP/1.1 - Host: {fqdn} - X-Auth-Token: {auth-token} - -Request Headers -~~~~~~~~~~~~~~~ - -``X-Account-Meta-Temp-URL-Key`` - -:Description: A user-defined key that takes an arbitrary string value. -:Type: String -:Required: Yes - -``X-Account-Meta-Temp-URL-Key-2`` - -:Description: A user-defined key that takes an arbitrary string value. -:Type: String -:Required: No - - -GET Temp-URL Objects -==================== - -Temporary URL uses a cryptographic HMAC-SHA1 signature, which includes -the following elements: - -#. The value of the Request method, "GET" for instance -#. The expiry time, in format of seconds since the epoch, ie Unix time -#. The request path starting from "v1" onwards - -The above items are normalized with newlines appended between them, -and a HMAC is generated using the SHA-1 hashing algorithm against one -of the Temp URL Keys posted earlier. - -A sample python script to demonstrate the above is given below: - - -.. code-block:: python - - import hmac - from hashlib import sha1 - from time import time - - method = 'GET' - host = 'https://objectstore.example.com/swift' - duration_in_seconds = 300 # Duration for which the url is valid - expires = int(time() + duration_in_seconds) - path = '/v1/your-bucket/your-object' - key = 'secret' - hmac_body = '%s\n%s\n%s' % (method, expires, path) - sig = hmac.new(key, hmac_body, sha1).hexdigest() - rest_uri = "{host}{path}?temp_url_sig={sig}&temp_url_expires={expires}".format( - host=host, path=path, sig=sig, expires=expires) - print rest_uri - - # Example Output - # https://objectstore.example.com/swift/v1/your-bucket/your-object?temp_url_sig=ff4657876227fc6025f04fcf1e82818266d022c6&temp_url_expires=1423200992 -