ViPR OpenStack Swift Object Service API Support
Table of Contents
This article applies to EMC ViPR 2.0.
This information is taken from the Object Storage API V1 section of the OpenStack API Reference documentation.
Supported OpenStack Swift calls
The following OpenStack Swift REST API calls are supported in ViPR.
Unsupported OpenStack Swift calls
The following OpenStack Swift REST API calls are not supported in ViPR.
- Acquire a UID and password from ViPR. The UID will be an LDAP or Active Directory name. Call the following ViPR REST API to generate a password.
- Call the OpenStack authentication REST API shown below. Use port 9024 for HTTP, or port 9025 for HTTPS.
The generated token expires 24 hours after creation. If you repeat the authentication request within the 24 hour period using the same UID and password, OpenStack will return the same token. Once the 24 hour expiration period expires, OpenStack will return a new token.
Before you begin
OpenStack V2 introduces unscoped tokens. These can be used to query tenant information. An unscoped token along with tenant information can be used to query a scoped token. A scoped token and a service endpoint can be used to authenticate with ViPR as described in the previous section describing V1 authentication.
The two articles listed below provide important background information.
- Retrieve an unscoped token.
The response looks like the following. The unscoped token is preceded by id.
- Retrieve tenant info associated with the unscoped token.
The response looks like the following.
- Retrieve scoped token along with storageUrl.
An example response follows. The scoped token is preceded by id.
- Use the scoped token and service endpoint URL for swift authentication. This step is the same as in V1 of OpenStack.
Swift currently supports two types of authorization:
- Referral style authorization
- Group style authorization.
ViPR 2.0 supports only group-based authorization.
Admin users can perform all operations within the account. Non-admin users can only perform operations per container based on the container's X-Container-Read and X-Container-Write Access Control Lists. The following operations can be granted to non-admin users:
Admin assigns read access to the container
This command allows users belonging to the GROUP LIST to have read access rights to container1.
After read permission is granted, users belongs to target group(s) can perform below operations:
- HEAD container - Retrieve container metadata. Only allowed if user is assigned to group that has Tenant Administrator privileges.
- GET container - List objects within a container
- GET objects with container - Read contents of the object within the container
Admin assigns write access to the container
The users in the group GROUP LIST are granted write permission. Once write permission is granted, users belongs to target group(s) can perform following operations:
- POST container - Set metadata. Start with prefix "X-Container-Meta".
- PUT objects within container - Write/override objects with container.
Additional information on authorization can be found here:http://ceph.com/docs/master/radosgw/swift/containerops/