Skip to content

Crystal-SDS/acl-middleware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
crystal_acl_middleware
crystal_acl_middleware
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Crystal Access Control Middleware for OpenStack Swift

Please visit Crystal Installation for an overview of all Crystal components.

Crystal ACL is a middleware for OpenStack Swift that dynamically manages the access control to the storage cluster. This filter manages the control to the swift objects based on the rules introduced by the Crystal dashboard (Policies --> Access Control panel).

The authtoken middleware will take care of validating the user and crystal_acl will authorize access, overriding the functionality of the keystoneauth middleware. In the case where there is no rule in the Crystal dashboard, the keystoneauth will not be overridden.

Requirements

Installation

To install the module, clone the repository and run the installation command in the root directory:

git clone https://github.com/Crystal-SDS/acl-middleware
cd acl-middleware
sudo python setup.py install

After that, it is necessary to configure OpenStack Swift to add the middleware to the Proxy servers.

Proxy

Edit the /etc/swift/proxy-server.conf file in each Proxy Node, and perform the following changes:

  1. Add the Crystal ACL Middleware to the pipeline. This filter must be added between the authtoken and the keystoneauth middlewares.
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken crystal_acl keystoneauth container-quotas account-quotas crystal_metrics crystal_filters copy slo dlo proxy-logging proxy-server
  1. Add the configuration of the filter. Copy the lines below to the bottom part of the file:
[filter:crystal_acl]
use = egg:swift_crystal_acl_middleware#crystal_acl

#Keystone Credentials (same as in authtoken filter)
auth_url = http://controller:35357
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = swift

#Reddis Configuration
redis_host = controller
redis_port = 6379
redis_db = 0

The last step is to restart the proxy-server/object-server services:

sudo swift-init proxy restart

Support

Please open an issue for support.

Contributing

Please contribute using Github Flow. Create a branch, add commits, and open a pull request.

About

Crystal access control middleware for enhanced Swift access policies.

cloudlab.urv.cat/crystal

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages