ac1ac5bd21
We are planning on creating a GlusterFS aware authentication system for gluster-swift based on SWauth. We forked from SWauth commit 41d36ebe160aa3346f6f45197fff0c80f38fde58 Change-Id: Ia28730d21e04fc8d9ce0cb317fc04d0d97583fca Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6069
79 lines
3.3 KiB
Plaintext
79 lines
3.3 KiB
Plaintext
[DEFAULT]
|
|
# Standard from Swift
|
|
|
|
[pipeline:main]
|
|
# Standard from Swift, this is just an example of where to put swauth
|
|
pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server
|
|
|
|
[app:proxy-server]
|
|
# Standard from Swift, main point to note is the inclusion of
|
|
# allow_account_management = true (only for the proxy servers where you want to
|
|
# be able to create/delete accounts).
|
|
use = egg:swift#proxy
|
|
allow_account_management = true
|
|
|
|
[filter:swauth]
|
|
use = egg:swauth#swauth
|
|
# You can override the default log routing for this filter here:
|
|
# set log_name = swauth
|
|
# set log_facility = LOG_LOCAL0
|
|
# set log_level = INFO
|
|
# set log_headers = False
|
|
# The reseller prefix will verify a token begins with this prefix before even
|
|
# attempting to validate it. Also, with authorization, only Swift storage
|
|
# accounts with this prefix will be authorized by this middleware. Useful if
|
|
# multiple auth systems are in use for one Swift cluster.
|
|
# reseller_prefix = AUTH
|
|
# If you wish to use a Swauth service on a remote cluster with this cluster:
|
|
# swauth_remote = http://remotehost:port/auth
|
|
# swauth_remote_timeout = 10
|
|
# When using swauth_remote, the rest of these settings have no effect.
|
|
#
|
|
# The auth prefix will cause requests beginning with this prefix to be routed
|
|
# to the auth subsystem, for granting tokens, creating accounts, users, etc.
|
|
# auth_prefix = /auth/
|
|
# Cluster strings are of the format name#url where name is a short name for the
|
|
# Swift cluster and url is the url to the proxy server(s) for the cluster.
|
|
# default_swift_cluster = local#http://127.0.0.1:8080/v1
|
|
# You may also use the format name#url#url where the first url is the one
|
|
# given to users to access their account (public url) and the second is the one
|
|
# used by swauth itself to create and delete accounts (private url). This is
|
|
# useful when a load balancer url should be used by users, but swauth itself is
|
|
# behind the load balancer. Example:
|
|
# default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1
|
|
# Number of seconds a newly issued token should be valid for, by default.
|
|
# token_life = 86400
|
|
# Maximum number of seconds a newly issued token can be valid for.
|
|
# max_token_life = <same as token_life>
|
|
# Specifies how the user key is stored. The default is 'plaintext', leaving the
|
|
# key unsecured but available for key-signing features if such are ever added.
|
|
# An alternative is 'sha1' which stores only a one-way hash of the key leaving
|
|
# it secure but unavailable for key-signing.
|
|
# auth_type = plaintext
|
|
# Used if the auth_type is sha1 or another method that can make use of a salt.
|
|
# auth_type_salt = swauthsalt
|
|
# This allows middleware higher in the WSGI pipeline to override auth
|
|
# processing, useful for middleware such as tempurl and formpost. If you know
|
|
# you're not going to use such middleware and you want a bit of extra security,
|
|
# you can set this to false.
|
|
# allow_overrides = true
|
|
# Highly recommended to change this. If you comment this out, the Swauth
|
|
# administration features will be disabled for this proxy.
|
|
super_admin_key = swauthkey
|
|
|
|
[filter:ratelimit]
|
|
# Standard from Swift
|
|
use = egg:swift#ratelimit
|
|
|
|
[filter:cache]
|
|
# Standard from Swift
|
|
use = egg:swift#memcache
|
|
|
|
[filter:healthcheck]
|
|
# Standard from Swift
|
|
use = egg:swift#healthcheck
|
|
|
|
[filter:catch_errors]
|
|
# Standard from Swift
|
|
use = egg:swift#catch_errors
|