the phrygian cap


luisbg

@luisbg

luis@debethencourt.com



Ohloh profile for Luis de Bethencourt
Blogalia




<Junio 2018
Lu Ma Mi Ju Vi Sa Do
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
             

Creative Commons License


planet gnome
planet ubuntu
alberto ruiz
andy wingo
jeff fortin
slomo's blog
jan schmidt
vincent's random waffle



"all religions, arts and sciences are branches of the same tree. all these aspirations are directed toward ennobling man's life, lifting it from the sphere of mere physical existence and leading the individual towards freedom." albert einstein

OpenStack Swift and Temporary URLs How To



One of the many amazing features of Swift, OpenStack's object storage component, is how it creates URLs to provide temporary public access to objects. Thanks to the middleware component called tempurl. For example, imagine a website wants to provide a link to a media file stored in Swift for HTML5 playback. Instead of needing a Swift account with public access, and all the problems that would bring, Swift can generate a URL with limited access time to the resource. This way the browser can access the object directly instead of needing the website to act as a proxy and objects can selectively be made publicly accessible without compromising the rest or using expensive copies between private to public accounts. If the link is accidentally leaked, the access is time limited until the expiration time set.

So how do you use this temporary urls? Glad you asked.

Let's assume you have the following Swift installation:
http://192.168.1.42:8080

Account: AUTH_data
Container: media
Object: example_obj


The first thing we need to do is add temporary URL secret keys to the Swift account. Since tempurl will look at the Temp-URL-Key and Temp-URL-Key-2 metas when an object is requested through a temporary URL to decide if access is allowed. Only one key is neccessary, but a second one is useful to rotate through keys while keeping existing temporary urls validated. Any arbitrary string can serve as a secret key.

We add the temporary urls secret keys with the command:
$ swift post -m "Temp-URL-Key:secrete_key_a"
$ swift post -m "Temp-URL-Key-2:secrete_key_b"


Once we have the keys we can allow public access to objects. The easiest way is to use the tool swift-temp-url which returns a temporary URL. The arguments it needs are; HTTP method, availability period in seconds, object path and one temp-url-key. For example to GET the object we mentioned above:

$ swift-temp-url GET 60 /v1/AUTH_data/media/example_obj secret_key_a

/v1/AUTH_data/media/example_Obj?temp_url_sig=b9746f2e38313635257877abdb8340c48ebd622c&temp_url_expires=1392925673


Now you can retrieve the file via this temporary URL, you just need to add the hostname to have the full URL.

$ curl http://192.168.1.42:8080/v1/AUTH_data/media/example_Obj?temp_url_sig=b9746f2e38313635257877abdb8340c48ebd622c&temp_url_expires=1392925673


Eventhough you probably already guessed it, let's note the format of the temporary URL. Typical object path, plus temp_url_sig, and temp_url_expires.
In this example:

http://192.168.1.42:8080/v1/AUTH_data/media/example_Obj?
temp_url_sig=b9746f2e38313635257877abdb8340c48ebd622c&
temp_url_expires=1392925673


There you have it. Notice we set it up for a GET method. You could do the same with a PUT method to allow a user to push data to a specified path. Perhaps using this in combination with browser form post translation middleware to allow direct-from-browser uploads to specific locations in Swift. Besides GET and PUSH, you can use HEAD to retrieve the header of the object.

At this stage you must be happy to see how easy and convenient this is, but wondering how you can integrate it with your code. You can replicate swift-temp-url with the following block of Python code:

import hmac
from hashlib import sha1
from time import time

# Get a temporary public url for the object
method = 'GET'
duration_in_seconds = 60*60*3
expires = int(time() + duration_in_seconds)
path = '/v1/AUTH_test/%s/%s' % (self.container, track)
key = self.temp_url_key
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
s = 'https://{host}/{path}?temp_url_sig={sig}&temp_url_expires={expires}'
url = s.format(host=self.url, path=path, sig=sig, expires=expires)



Have in mind that any alteration of the resource path or query arguments results in a 401 Unauthorized error. Similarly, a PUT where GET was the allowed method returns a 401. HEAD is allowed if GET or PUT is allowed. Changing the X-Account-Meta-Temp-URL-Key invalidates any previously generated temporary URLs within 60 seconds (the memcache time for the key).

That's all for now. What else would you like to learn regarding Swift?

5 Comentarios


Referencias (TrackBacks)

URL de trackback de esta historia http://luisbg.blogalia.com//trackbacks/74348

Comentarios

1
De: The Electrician Fecha: 2018-04-16 20:12

Wow, this was just the information that I needed - The Electrician



2
De: uphill rush 6 Fecha: 2018-05-17 11:22

Thank you very much for this great post.



3
De: Yayan Fecha: 2018-05-22 08:27

jual gaun pengantin.
Harga Spinner Peniris Minyak -
Septic Tank Bio -
san diego hills harga -
Jasa kontraktor lapangan futsal -
jasa desain rumah -
Contoh PTK Kurikulum 2013 -
Download Call of Duty 2 Full Version -
jasa konsultan pajak -
Buat NPWP Online -
grosir training spack -
kain batik solo -
cara mengatasi impotensi -
luggage tag karet -
Jual Vinyl Murah -
Rumah jawa --
Live Draw Hongkong Pools --
jual genset --
Datsun Go --
Honda CR-V --
Download The Sims 1 PC Full Version --
kontraktor bangunan --
Paket wisata jogja --
Batu bata merah --
toko aki --
aki mobil --
Membobol Password Wifi Android Orang Lain _
Cara Terbaik Memilih Power Bank Baru _
Tempat WISATA DELI SERDANG _
Contoh soal cpns _
contoh soal toefl Listening _
Contoh Soal Psikotes Kerja _
Jasa Guru Les Privat Bahasa Inggris di Medan Datang ke Rumah _
Soal Ujian Polmed Medan _
Toko bunga murah di Surabaya _
penirum asli _
Dealer Toyota Bogor _
konveksi tas bandung _
pabrik tas _
membuat CV menarik fresh graduate _
jasa toko online _
villa murah di puncak _
Zenius Education _
Jual Tas Wanita Import Murah Model Terbaru _
Lelang komputer Jakarta _
villa di ciater dengan kolam renang air panas. _
cara mengecilkan perut. _
mesin cuci 2 tabung terbaik. _
Service ac bandung. _
Download Internet Download Manager (IDM) Full Version Gratis. _
Download Need For Speed Most Wanted Full Repack Gratis. _
Kampung Kurma. _
Kavling Tanah. _
Kampung Kurma. _
prediksi togel. _
keluaran togel hk. _
prediksi togel hongkong. _
Paket seminar kit. _
Jual Tas Branded. _
usaha online menguntungkan. _
TEPUNG PUDING INSTAN. _
jasa backlink. _
jasa pembuatan website. _
cara membuat website. _
jasa foto prewedding makassar. _
Cara Membuat Tempat Sampah Dari Ban Bekas.
service ac Jakarta.
Sewa avanza di bali.
Sekolah Kedinasan.
HP Driver Mac.
surat -
surat -
surat dan artinya -
Obat pembesar alat vital -
obat kuat tahan lama -
testo ultra -
obat kuat -
alat bantu hubungan intim -
hammer of thor asli -
Data Keluaran Togel -
Data keluaran togel -
keluaran togel hk -
keluaran togel hk -
keluaran togel hk -
Data Pengeluaran togel Singapore --
Titan gel --
Live draw SGP --
obat kuat tahan lama --
obat hammer of thor _
testo ultra _
titan gel _
Titan gel asli _
hammer of thor _
obat kuat pria _
situs judi online terpercaya.
daftar judi.
maxisize.
Royal Kiraz.



4
De: ezaaa Fecha: 2018-05-30 15:37

Saya sarankan agar tidak terlalu benyak menggunakan komentar dengan link aktif di kolom komentar blog orang lain, karena bisa dianggap komentar spam.



5
De: Brayni Caze Fecha: 2018-06-14 12:47

thanks for share. I liked this article OpenStack Swift and Temporary.



Nombre
Correo-e
URL
Dirección IP: 54.144.16.135 (b768b8143f)
Comentario
¿Cuánto es: diez mil + uno?

©2007-2015 luis de bethencourt guimera
powered by Blogalia