MAUTH – Pluggable OpenStack Swift Auth Middleware
OpenStack Swift has become a leader in the open source object storage space. Swift is a production ready object storage platform developed by Rackspace under the Cloudfiles brand. Rackspace open sourced the software in partnership with the OpenStack foundation making it widely available and supported by the Openstack community.
Object storage platforms like Swift offer highly redundant and scalable storage solutions that can scale to petabytes of data. Unlike traditional file system storage, object stores use a distributed storage mechanism, providing high data durability by storing many copies of each object across the system. This distributed mechanism caters to horizontal scaling, allowing you to simply add servers to the storage cluster as your storage demands increase.
Swift allows for extension through a plugin system which they refer to as ‘middleware’. There are many things you can do with the plugin framework, but I am going to keep this discussion to just the Auth middleware mechanism. There are a few Auth middlewares which are widely used, namely; keystone, swauth and tempauth. All of these middlewares share a similar mechanism in that the users who can access Swift are actually stored inside Swift. This is fine in some cases, but many organizations already have a standard in place for authenticating their users and they don’t want to have to manage another user silo. This use case prompted the development of MAUTH so we could use our existing auth systems with Swift.
MAUTH is a Swift Auth middleware which enables users to log into Swift using an existing account on a 3rd party system. MAUTH is an extensible middleware, making it possible to build integration with pretty much any web service enabled auth system. I have included an extension for authenticating against CloudStack as part of the core code. The CloudStack integration is a good template for building additional extensions for other 3rd party applications.
To authenticate Swift users, you need to first create a request for authentication to log the user into the system with an ‘X-Auth-User’ and ‘X-Auth-Key’. On successful login, Swift will return an ‘X-Auth-Token’ and a ‘X-Storage-Url’ which will be used for all subsequent calls to Swift. The ‘X-Auth-Token’ identifies the logged in user and the ‘X-Storage-Url’ defines where in the system to find the user’s objects. Check the README file in the code for more information.
All this code is licensed under the Apache II license, so you are invited grab it and get your hands dirty.
Git the source: https://github.com/cloudops/mauth
If you’re looking to get this all from a product instead of DIY, checkout our friends at SwiftStack.