pauldardeau

import sys


source_code = \
"""
def print_message(s):
	print(s)

def add_numbers(x,y):
	return x + y

pauldardeau

#!/bin/sh
SC="${HOME}/python-swiftclient/bin/swift"
CT="content-type"
DIR_UPLOAD="upload"
# download directories WITHOUT --decode-content
DIR_DL_NO_CT="dl-no-ct"
DIR_DL_CT="dl-ct"
DIR_DL_WRONG_CT="dl-wrong-ct"
# download directories WITH --decode-content
DIR_DL_DC_NO_CT="dl-dc-no-ct"

pauldardeau

**disclosure** i don't have first-hand experience with the details on this topic. the info shared here is just an attempt
to bring together some existing sources on the topic that may be helpful.

Recent OpenStack mailing list posts
===================================
http://lists.openstack.org/pipermail/openstack-dev/2016-May/094549.html
http://lists.openstack.org/pipermail/openstack-dev/2016-May/094720.html
http://lists.openstack.org/pipermail/openstack-dev/2016-June/096813.html

Historical References

pauldardeau

[filter:decrypter]
  use = egg:swift#decrypter

  [filter:keymaster]
  use = egg:swift#keymaster
  encryption_root_secret = your_secret

  [filter:encrypter]
  use = egg:swift#encrypter
  # disable_encryption = False

pauldardeau

The encryption overview document (doc/source/overview_encryption.rst) is very well written.  Please see it for the complete story.

Here’s the TL;DR version

(1) Install new dependencies for crypto (see updates made in requirements.txt)
(2) Add new middleware entries to pipeline in proxy-server.conf:

    <other existing middleware> keymaster encryption proxy-logging proxy-server

(3) Paste the following code in your proxy-server.conf:

pauldardeau

Useful Links
------------
http://docs.openstack.org/developer/swift/middleware.html
https://github.com/openstack/swift/blob/master/doc/saio/swift/proxy-server.conf
http://docs.openstack.org/developer/swift/associated_projects.html


Feature List
------------
ACLs (N/A; built-in)

pauldardeau

curl http://127.0.0.1:8080/info

{
	"bulk_delete": {
		"max_failed_deletes": 1000,
		"max_deletes_per_request": 10000
	},
	"versioned_writes": {},
	"container_quotas": {},
	"crossdomain": {},

pauldardeau

swift-recon --all
===============================================================================
--> Starting reconnaissance on 4 hosts (object)
===============================================================================
[2016-07-25 19:32:32] Checking async pendings
[async_pending] - No hosts returned valid data.
===============================================================================
[2016-07-25 19:32:32] Checking auditor stats 
[ALL_auditor] - No hosts returned valid data.
[ZBF_auditor] - No hosts returned valid data.

pauldardeau

curl -i http://localhost:6030/recon/???

From http://docs.openstack.org/developer/swift/admin_guide.html

The following metrics and telemetry are currently exposed:

Request URI	Description
/recon/load	returns 1,5, and 15 minute load average
/recon/mem	returns /proc/meminfo
/recon/mounted	returns ALL currently mounted filesystems

pauldardeau

Verify that tempurl is in proxy pipeline

Add 'methods' to tempurl config section in proxy-server.conf

[filter:tempurl]
use = egg:swift#tempurl
methods = GET HEAD PUT DELETE POST

swift post -m "Temp-URL-Key: my_super_secret_key"