Usabilty with any Openstack environment

[LeonBezzina]

Hi,

I was wondering if swift-browser-ui can be used by any Openstack environment or it is designed to work only for CSC Pouta platform?

[blankdots]

Hi,

Thank you for your interest in the project.

The functionality we implemented around this project was designed and tested against the Openstack version we are working with (CSC Pouta platform) and we did implement certain features with our own goals in sight.

This being said we tried to keep the implementation as much as possible agnostic of the Openstack platform provider, however we don't guarantee it will work out of the box, but you are welcome to try it out and provide feedback.

Related issue: #108

[LeonBezzina]

Hi,

Thanks for the quick reply, I am trying to implement the swift-browser-ui with our Openstack environment and I have a question about the token id that needs to be provided at the object browser login process. Does the token id required, needs to be fetched through the federated authentication method (WebSSO) or can you enter the token that is issued through Openstack using the token issue command?

Because I tried the second option, I issued a token through Openstack cli then copied and paste the token manually in the object browser login process and got "-1: Token is malformed" after i submitted the query.

[blankdots]

It would be nice to know also Openstack version, and the exact command you ran, so we can figure out if it is something we can help.

In principle you will need an unscoped token:
https://docs.openstack.org/keystone/latest/api_curl_examples.html#tokens from response headers the X-Subject-Token
or https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_unscoped_token

[sampsapenna]

The token being malformed would imply that there's either an issue with

• Pasting – there's an additional whitespace, or something similar
• Token scoping – shouldn't cause this specific error but just to be sure, the token used for logging in is unscoped and not scoped to the object-store service
• Token type – the UI uses UUID tokens currently, if the token is a fernet one it shuoldn't work as it doesn't match the token size expected

[LeonBezzina]

The token type is the issue then, I am currently using Openstack Victoria which currently only supports Fernet and JWS as token provider and uses Fernet as a default token provider. The token i was providing was an unscoped Fernet token type which it didn't work as it doesn't match the token size expected.

https://docs.openstack.org/keystone/victoria/admin/token-provider.html

Is the UI that currently uses UUID token type just an internal check?

[sampsapenna]

The token type check is just for input validation. Openstack's authentication library should probably be fine with any token type accepted by keystone, so I think just commenting out lines swift_browser_ui/login.py:94-95, thus disabling the token length and type validation, should enable using Fernet tokens instead of the UUID one.

[blankdots]

closing as question is answered.

[blankdots]

this became apparent that we need to fix as we need to support Fernet tokens, so re-opening