Similar to Nova, swift can be configured to use Keystone for authentication rather than its built in 'tempauth'.
Add a service endpoint for Swift to Keystone
In order to enable to S3 compatibility, add the following lines to the keystone.conf file :
Add the following filter :
[filter:s3_extension] paste.filter_factory = keystone.contrib.s3:S3Extension.factory
And update the "admin_api" pipeline, by updating the following line :
[pipeline:admin_api] pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
With :
[pipeline:admin_api] pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`)
Reconfigure Swift's proxy server to use Keystone instead of TempAuth. Here's an example `/etc/swift/proxy-server.conf`:
[DEFAULT] bind_port = 8888 user = <user> [pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = true [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory # Delaying the auth decision is required to support token-less # usage for anonymous referrers ('.r:*'). delay_auth_decision = true service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = ADMIN admin_token = ADMIN [filter:cache] use = egg:swift#memcache set log_name = cache [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheckRestart swift services.
Verify that the Identity service, Keystone, is providing authentication to Object Storage (Swift).
$ swift -V 2 -A http://localhost:5000/v2.0 -U admin:admin -K ADMIN stat
