Hadoop SwiftFileSystem KeyStone v3 TRUST Support Patch

README

Added configuration parameter "fs.swift.service.<name>.trust-id".
When you use "fs.swift.service.<name>.trust-id" parameter,
you have to set "fs.swift.service.sic.auth.url" to Keystone V3 URL (http://keystone-host:5000/v3/auth/tokens)

Example:
  $ hadoop fs -ls -Dfs.swift.service.sahara.auth.url=http://localhost:5000/v3/auth/tokens \
    -Dfs.swift.service.sahara.username=<swift-proxy-user> \
    -Dfs.swift.service.sahara.password=<swift-proxy-user-password> \
    -Dfs.swift.service.sahara.trust-id=<trust-id> \
    swift://<container-name>.sahara/

This patch implements minimum Keystone V3 support.
(user+pass+trust only. user+pass or token is not impelemented)

I tested at single domain only (Trustor and trustee are same domain).

patch

diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
index f5f9a8c..9018248 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/ApiKeyAuthenticationRequest.java
@@ -26,7 +26,7 @@
  * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
  * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS
  */
-public class ApiKeyAuthenticationRequest extends AuthenticationRequest {
+public class ApiKeyAuthenticationRequest extends AuthenticationRequestV2 {
   /**
    * Credentials for login
    */
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
index a2a3b55..529677b 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequest.java
@@ -26,32 +26,11 @@
  */
 public class AuthenticationRequest {
 
-  /**
-   * tenant name
-   */
-  protected String tenantName;
-
   public AuthenticationRequest() {
   }
 
-  /**
-   * @return tenant name for Keystone authorization
-   */
-  public String getTenantName() {
-    return tenantName;
-  }
-
-  /**
-   * @param tenantName tenant name for authorization
-   */
-  public void setTenantName(String tenantName) {
-    this.tenantName = tenantName;
-  }
-
   @Override
   public String toString() {
-    return "AuthenticationRequest{" +
-           "tenantName='" + tenantName + '\'' +
-           '}';
+    return "AuthenticationRequest";
   }
 }
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java
new file mode 100644
index 0000000..ff49e2d
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV2.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationRequestV2 extends AuthenticationRequest {
+
+  /**
+   * tenant name
+   */
+  protected String tenantName;
+
+  public AuthenticationRequestV2() {
+  }
+
+  /**
+   * @return tenant name for Keystone authorization
+   */
+  public String getTenantName() {
+    return tenantName;
+  }
+
+  /**
+   * @param tenantName tenant name for authorization
+   */
+  public void setTenantName(String tenantName) {
+    this.tenantName = tenantName;
+  }
+
+  @Override
+  public String toString() {
+    return "AuthenticationRequestV2{" +
+           "tenantName='" + tenantName + '\'' +
+           '}';
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java
new file mode 100644
index 0000000..08f96f5
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationRequestV3.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationRequestV3 extends AuthenticationRequest {
+
+  public AuthenticationRequestV3() {
+  }
+
+  @Override
+  public String toString() {
+    return "AuthenticationRequestV3";
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java
new file mode 100644
index 0000000..98c0ab2
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationResponseV3.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import org.apache.hadoop.fs.swift.auth.entities.CatalogV3;
+import org.apache.hadoop.fs.swift.auth.entities.Tenant;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.util.List;
+
+/**
+ * Response from KeyStone deserialized into AuthenticationResponse class.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AuthenticationResponseV3 {
+  private List<CatalogV3> catalog;
+  private String expires_at;
+  private Tenant project;
+
+  public List<CatalogV3> getCatalog() {
+    return catalog;
+  }
+
+  public void setCatalog(List<CatalogV3> catalog) {
+    this.catalog = catalog;
+  }
+
+  public String getExpires_at() {
+    return expires_at;
+  }
+
+  public void setExpires_at(String expires_at) {
+    this.expires_at = expires_at;
+  }
+
+  public Tenant getProject() {
+    return project;
+  }
+
+  public void setProject(Tenant project) {
+    this.project = project;
+  }
+
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java
new file mode 100644
index 0000000..a744095
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/AuthenticationWrapperV3.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * This class is used for correct hierarchy mapping of
+ * Keystone authentication model and java code
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class AuthenticationWrapperV3 {
+
+  /**
+   * authentication response field
+   */
+  private AuthenticationResponseV3 token;
+
+  /**
+   * @return authentication response
+   */
+  public AuthenticationResponseV3 getToken() {
+    return token;
+  }
+
+  /**
+   * @param access sets authentication response
+   */
+  public void setToken(AuthenticationResponseV3 token) {
+    this.token = token;
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
index ee519f3..d7436fa 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequest.java
@@ -24,7 +24,7 @@
  * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
  * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
  */
-public class PasswordAuthenticationRequest extends AuthenticationRequest {
+public class PasswordAuthenticationRequest extends AuthenticationRequestV2 {
   /**
    * Credentials for login
    */
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java
new file mode 100644
index 0000000..2933d98
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordAuthenticationRequestV3.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+/**
+ * Class that represents authentication request to Openstack Keystone v3.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class PasswordAuthenticationRequestV3 extends AuthenticationRequestV3 {
+  /**
+   * Credentials for login
+   */
+  private IdentityWrapper identity;
+
+  public PasswordAuthenticationRequestV3(PasswordCredentialsV3 passwordCredentials) {
+    this.identity = new IdentityWrapper(new PasswordWrapper(passwordCredentials));
+  }
+
+  public IdentityWrapper getIdentity() {
+    return identity;
+  }
+
+  public void setIdentity(IdentityWrapper identity) {
+    this.identity = identity;
+  }
+
+  @Override
+  public String toString() {
+    return "Authenticate as TODO";
+  }
+
+  public static class IdentityWrapper {
+    private PasswordWrapper password;
+    public final String[] methods;
+
+    public IdentityWrapper(PasswordWrapper password) {
+      this.password = password;
+      this.methods = new String[]{"password"};
+    }
+
+    public PasswordWrapper getPassword() {
+      return password;
+    }
+
+    public void setPassword(PasswordWrapper password) {
+      this.password = password;
+    }
+  }
+
+  public static class PasswordWrapper {
+    private PasswordCredentialsV3 user;
+
+    public PasswordWrapper(PasswordCredentialsV3 user) {
+      this.user = user;
+    }
+
+    public PasswordCredentialsV3 getUser() {
+      return user;
+    }
+
+    public void setUser(PasswordCredentialsV3 user) {
+      this.user = user;
+    }
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java
new file mode 100644
index 0000000..bf51826
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/PasswordCredentialsV3.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Describes credentials to log in Swift using Keystone v3 authentication.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class PasswordCredentialsV3 {
+  /**
+   * user login
+   */
+  private String name;
+
+  /**
+   * user password
+   */
+  private String password;
+
+  public final Map<String,String> domain;
+
+  /**
+   * @param name user login
+   * @param password user password
+   */
+  public PasswordCredentialsV3(String name, String password) {
+    this.name =name;
+    this.password = password;
+    this.domain = new HashMap();
+    this.domain.put("id", "default");
+  }
+
+  /**
+   * @return user password
+   */
+  public String getPassword() {
+    return password;
+  }
+
+  /**
+   * @param password user password
+   */
+  public void setPassword(String password) {
+    this.password = password;
+  }
+
+  /**
+   * @return login
+   */
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * @param username login
+   */
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String toString() {
+    return "user '" + name + '\'' +
+            " with password of length " + ((password == null) ? 0 : password.length());
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java
new file mode 100644
index 0000000..9d7d891
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/TrustAuthenticationRequest.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth;
+
+import org.codehaus.jackson.annotate.JsonProperty;
+
+/**
+ * Class that represents authentication request to Openstack Keystone v3.
+ * Contains basic authentication information.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+public class TrustAuthenticationRequest extends PasswordAuthenticationRequestV3 {
+  /**
+   * trust-id for login
+   */
+  private ScopeWrapper scope;
+
+  public TrustAuthenticationRequest(PasswordCredentialsV3 passwordCredentials, String trust_id) {
+    super(passwordCredentials);
+    scope = new ScopeWrapper(new TrustWrapper(trust_id));
+  }
+
+  public ScopeWrapper getScope() {
+    return scope;
+  }
+
+  public void setScope(ScopeWrapper scope) {
+    this.scope = scope;
+  }
+
+  @Override
+  public String toString() {
+    return "Authenticate as TODO";
+  }
+
+  public static class ScopeWrapper {
+    private TrustWrapper trust;
+
+    public ScopeWrapper(TrustWrapper trust) {
+      this.trust = trust;
+    }
+
+    @JsonProperty("OS-TRUST:trust")
+    public TrustWrapper getTrust() {
+      return trust;
+    }
+
+    @JsonProperty("OS-TRUST:trust")
+    public void setTrust(TrustWrapper trust) {
+      this.trust = trust;
+    }
+  }
+
+  public static class TrustWrapper {
+    private String id;
+
+    public TrustWrapper(String trust_id) {
+      id = trust_id;
+    }
+
+    public String getId() {
+      return id;
+    }
+
+    public void setId(String id) {
+      this.id = id;
+    }
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java
new file mode 100644
index 0000000..13804c5
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/CatalogV3.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth.entities;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.util.List;
+
+/**
+ * Describes Openstack Swift REST endpoints.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class CatalogV3 {
+  /**
+   * List of valid swift endpoints
+   */
+  private List<EndpointV3> endpoints;
+
+  /**
+   * Openstack REST service name. In our case name = "keystone"
+   */
+  private String name;
+
+  /**
+   * Type of REST service. In our case type = "identity"
+   */
+  private String type;
+
+  /**
+   * @return List of endpoints
+   */
+  public List<EndpointV3> getEndpoints() {
+    return endpoints;
+  }
+
+  /**
+   * @param endpoints list of endpoints
+   */
+  public void setEndpoints(List<EndpointV3> endpoints) {
+    this.endpoints = endpoints;
+  }
+
+  /**
+   * @return name of Openstack REST service
+   */
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * @param name of Openstack REST service
+   */
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  /**
+   * @return type of Openstack REST service
+   */
+  public String getType() {
+    return type;
+  }
+
+  /**
+   * @param type of REST service
+   */
+  public void setType(String type) {
+    this.type = type;
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java
new file mode 100644
index 0000000..0721114
--- /dev/null
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/auth/entities/EndpointV3.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.swift.auth.entities;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import java.net.URI;
+
+/**
+ * Openstack Swift endpoint description.
+ * THIS FILE IS MAPPED BY JACKSON TO AND FROM JSON.
+ * DO NOT RENAME OR MODIFY FIELDS AND THEIR ACCESSORS.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class EndpointV3 {
+
+  /**
+   * endpoint id
+   */
+  private String id;
+
+  /**
+   * Keystone URL
+   */
+  private URI url;
+
+  /**
+   * Openstack region name
+   */
+  private String region;
+
+  /**
+   * Keystone URL type
+   */
+  private String iface;
+
+  /**
+   * @return endpoint id
+   */
+  public String getId() {
+    return id;
+  }
+
+  /**
+   * @param id endpoint id
+   */
+  public void setId(String id) {
+    this.id = id;
+  }
+
+  /**
+   * @return Keystone URL
+   */
+  public URI getUrl() {
+    return url;
+  }
+
+  /**
+   * @param adminURL Keystone admin URL
+   */
+  public void setUrl(URI url) {
+    this.url = url;
+  }
+
+  /**
+   * @return Openstack region name
+   */
+  public String getRegion() {
+    return region;
+  }
+
+  /**
+   * @param region Openstack region name
+   */
+  public void setRegion(String region) {
+    this.region = region;
+  }
+
+  public String getInterface() {
+    return iface;
+  }
+
+  public void setInterface(String iface) {
+    this.iface = iface;
+  }
+}
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
index 25a7e93..814acd5 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/RestClientBindings.java
@@ -149,6 +149,7 @@ public static Properties bind(URI fsURI, Configuration conf) throws
     copy(conf, prefix + DOT_APIKEY, props, SWIFT_APIKEY_PROPERTY, false);
     copy(conf, prefix + DOT_PASSWORD, props, SWIFT_PASSWORD_PROPERTY,
             props.contains(SWIFT_APIKEY_PROPERTY) ? true : false);
+    copy(conf, prefix + DOT_TRUST_ID, props, SWIFT_TRUST_ID_PROPERTY, false);
     copy(conf, prefix + DOT_TENANT, props, SWIFT_TENANT_PROPERTY, false);
     copy(conf, prefix + DOT_REGION, props, SWIFT_REGION_PROPERTY, false);
     copy(conf, prefix + DOT_HTTP_PORT, props, SWIFT_HTTP_PORT_PROPERTY, false);
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
index 6d12504..68a66e4 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftProtocolConstants.java
@@ -214,6 +214,7 @@
   public static final String DOT_TENANT = ".tenant";
   public static final String DOT_USERNAME = ".username";
   public static final String DOT_PASSWORD = ".password";
+  public static final String DOT_TRUST_ID = ".trust-id";
   public static final String DOT_HTTP_PORT = ".http.port";
   public static final String DOT_HTTPS_PORT = ".https.port";
   public static final String DOT_REGION = ".region";
@@ -235,6 +236,7 @@
   public static final String SWIFT_TENANT_PROPERTY = FS_SWIFT + DOT_TENANT;
   public static final String SWIFT_USERNAME_PROPERTY = FS_SWIFT + DOT_USERNAME;
   public static final String SWIFT_PASSWORD_PROPERTY = FS_SWIFT + DOT_PASSWORD;
+  public static final String SWIFT_TRUST_ID_PROPERTY = FS_SWIFT + DOT_TRUST_ID;
   public static final String SWIFT_APIKEY_PROPERTY = FS_SWIFT + DOT_APIKEY;
   public static final String SWIFT_HTTP_PORT_PROPERTY = FS_SWIFT + DOT_HTTP_PORT;
   public static final String SWIFT_HTTPS_PORT_PROPERTY = FS_SWIFT
diff --git a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
index 28f8b47..7a5baeb 100644
--- a/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
+++ b/hadoop-tools/hadoop-openstack/src/main/java/org/apache/hadoop/fs/swift/http/SwiftRestClient.java
@@ -20,6 +20,7 @@
 
 import org.apache.commons.httpclient.DefaultHttpMethodRetryHandler;
 import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HeaderElement;
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.HttpHost;
 import org.apache.commons.httpclient.HttpMethod;
@@ -40,16 +41,24 @@
 import org.apache.hadoop.fs.swift.auth.ApiKeyAuthenticationRequest;
 import org.apache.hadoop.fs.swift.auth.ApiKeyCredentials;
 import org.apache.hadoop.fs.swift.auth.AuthenticationRequest;
+import org.apache.hadoop.fs.swift.auth.AuthenticationRequestV2;
+import org.apache.hadoop.fs.swift.auth.AuthenticationRequestV3;
 import org.apache.hadoop.fs.swift.auth.AuthenticationRequestWrapper;
 import org.apache.hadoop.fs.swift.auth.AuthenticationResponse;
+import org.apache.hadoop.fs.swift.auth.AuthenticationResponseV3;
 import org.apache.hadoop.fs.swift.auth.AuthenticationWrapper;
+import org.apache.hadoop.fs.swift.auth.AuthenticationWrapperV3;
 import org.apache.hadoop.fs.swift.auth.KeyStoneAuthRequest;
 import org.apache.hadoop.fs.swift.auth.KeystoneApiKeyCredentials;
 import org.apache.hadoop.fs.swift.auth.PasswordAuthenticationRequest;
+import org.apache.hadoop.fs.swift.auth.TrustAuthenticationRequest;
 import org.apache.hadoop.fs.swift.auth.PasswordCredentials;
+import org.apache.hadoop.fs.swift.auth.PasswordCredentialsV3;
 import org.apache.hadoop.fs.swift.auth.entities.AccessToken;
 import org.apache.hadoop.fs.swift.auth.entities.Catalog;
+import org.apache.hadoop.fs.swift.auth.entities.CatalogV3;
 import org.apache.hadoop.fs.swift.auth.entities.Endpoint;
+import org.apache.hadoop.fs.swift.auth.entities.EndpointV3;
 import org.apache.hadoop.fs.swift.exceptions.SwiftAuthenticationFailedException;
 import org.apache.hadoop.fs.swift.exceptions.SwiftBadRequestException;
 import org.apache.hadoop.fs.swift.exceptions.SwiftConfigurationException;
@@ -131,6 +140,11 @@
   private final String password;
 
   /**
+   * trust id
+   */
+  private final String trust_id;
+
+  /**
    * user api key
    */
   private final String apiKey;
@@ -454,6 +468,7 @@ private SwiftRestClient(URI filesystemURI,
     String stringAuthUri = getOption(props, SWIFT_AUTH_PROPERTY);
     username = getOption(props, SWIFT_USERNAME_PROPERTY);
     password = props.getProperty(SWIFT_PASSWORD_PROPERTY);
+    trust_id = props.getProperty(SWIFT_TRUST_ID_PROPERTY);
     apiKey = props.getProperty(SWIFT_APIKEY_PROPERTY);
     //optional
     region = props.getProperty(SWIFT_REGION_PROPERTY);
@@ -473,10 +488,16 @@ private SwiftRestClient(URI filesystemURI,
         }
         //create the (reusable) authentication request
         if (password != null) {
-            authRequest = new PasswordAuthenticationRequest(tenant,
-                    new PasswordCredentials(
-                            username,
-                            password));
+            if (trust_id == null) {
+                authRequest = new PasswordAuthenticationRequest(tenant,
+                        new PasswordCredentials(
+                                username,
+                                password));
+            } else {
+                authRequest = new TrustAuthenticationRequest(
+                        new PasswordCredentialsV3(username, password),
+                        trust_id);
+            }
         } else {
             authRequest = new ApiKeyAuthenticationRequest(tenant,
                     new ApiKeyCredentials(
@@ -1118,12 +1139,23 @@ protected void setup(AuthPostMethod method) throws IOException {
 
     @Override
     public AccessToken extractResult(AuthPostMethod method) throws IOException {
+
       //initial check for failure codes leading to authentication failures
       if (method.getStatusCode() == SC_BAD_REQUEST) {
         throw new SwiftAuthenticationFailedException(
           authenticationRequest.toString(), "POST", authUri, method);
       }
 
+      if (authenticationRequest instanceof AuthenticationRequestV2) {
+        return extractResultV2(method);
+      } else {
+        return extractResultV3(method);
+      }
+
+    }
+
+    AccessToken extractResultV2(AuthPostMethod method) throws IOException {
+
       final AuthenticationResponse access =
         JSONUtil.toObject(method.getResponseBodyAsString(),
                           AuthenticationWrapper.class).getAccess();
@@ -1218,6 +1250,76 @@ public AccessToken extractResult(AuthPostMethod method) throws IOException {
       createDefaultContainer();
       return accessToken;
     }
+
+    AccessToken extractResultV3(AuthPostMethod method) throws IOException {
+
+      final AuthenticationResponseV3 response =
+        JSONUtil.toObject(method.getResponseBodyAsString(),
+                          AuthenticationWrapperV3.class).getToken();
+
+      URI endpointURI = null;
+      for (CatalogV3 catalog : response.getCatalog()) {
+        String name = catalog.getName();
+        String type = catalog.getType();
+
+        if (!name.equals(SERVICE_CATALOG_SWIFT)
+            && !name.equals(SERVICE_CATALOG_CLOUD_FILES)
+            && !type.equals(SERVICE_CATALOG_OBJECT_STORE)) {
+          continue;
+        }
+
+        for (EndpointV3 endpoint : catalog.getEndpoints()) {
+          if (region != null && !endpoint.getRegion().equals(region)) {
+            continue;
+          }
+          if ((usePublicURL && "public".equals(endpoint.getInterface()))
+              || (!usePublicURL && "internal".equals(endpoint.getInterface()))) {
+            endpointURI = endpoint.getUrl();
+            break;
+          }
+        }
+      }
+      if (endpointURI == null) {
+        String message = "Could not find swift service from auth URL "
+                         + authUri
+                         + " and region '" + region + "'.";
+        throw new SwiftInvalidResponseException(message,
+                                                SC_OK,
+                                                "authenticating",
+                                                authUri);
+
+      }
+
+      AccessToken token = new AccessToken();
+      final Header token_header = method.getResponseHeader("X-Subject-Token");
+      if (token_header == null) {
+        throw new SwiftException("invalid Keystone response");
+      }
+      token.setId(token_header.getValue());
+      token.setExpires(response.getExpires_at());
+      token.setTenant(response.getProject());
+
+      URI objectLocation = null;
+      String path = SWIFT_OBJECT_AUTH_ENDPOINT + token.getTenant().getId();
+      try {
+        objectLocation = new URI(endpointURI.getScheme(),
+                                 null,
+                                 endpointURI.getHost(),
+                                 endpointURI.getPort(),
+                                 path,
+                                 null,
+                                 null);
+      } catch (URISyntaxException e) {
+        throw new SwiftException("object endpoint URI is incorrect: "
+                                 + endpointURI
+                                 + " + " + path,
+                                 e);
+      }
+
+      setAuthDetails(endpointURI, objectLocation, token);
+      createDefaultContainer();
+      return token;
+    }
   }
 
   private StringRequestEntity getAuthenticationRequst(AuthenticationRequest authenticationRequest)