1 files changed, 78 insertions, 0 deletions

diff --git a/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample b/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample
new file mode 100644
index 0000000..a5f4ea1
--- /dev/null
+++ b/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample
@@ -0,0 +1,78 @@
+[DEFAULT]
+# Standard from Swift
+
+[pipeline:main]
+# Standard from Swift, this is just an example of where to put swauth
+pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server
+
+[app:proxy-server]
+# Standard from Swift, main point to note is the inclusion of
+# allow_account_management = true (only for the proxy servers where you want to
+# be able to create/delete accounts).
+use = egg:swift#proxy
+allow_account_management = true
+
+[filter:swauth]
+use = egg:swauth#swauth
+# You can override the default log routing for this filter here:
+#   set log_name = swauth
+#   set log_facility = LOG_LOCAL0
+#   set log_level = INFO
+#   set log_headers = False
+# The reseller prefix will verify a token begins with this prefix before even
+# attempting to validate it. Also, with authorization, only Swift storage
+# accounts with this prefix will be authorized by this middleware. Useful if
+# multiple auth systems are in use for one Swift cluster.
+#   reseller_prefix = AUTH
+# If you wish to use a Swauth service on a remote cluster with this cluster:
+#   swauth_remote = http://remotehost:port/auth
+#   swauth_remote_timeout = 10
+# When using swauth_remote, the rest of these settings have no effect.
+#
+# The auth prefix will cause requests beginning with this prefix to be routed
+# to the auth subsystem, for granting tokens, creating accounts, users, etc.
+#   auth_prefix = /auth/
+# Cluster strings are of the format name#url where name is a short name for the
+# Swift cluster and url is the url to the proxy server(s) for the cluster.
+#   default_swift_cluster = local#http://127.0.0.1:8080/v1
+# You may also use the format name#url#url where the first url is the one
+# given to users to access their account (public url) and the second is the one
+# used by swauth itself to create and delete accounts (private url). This is
+# useful when a load balancer url should be used by users, but swauth itself is
+# behind the load balancer. Example:
+#   default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1
+# Number of seconds a newly issued token should be valid for, by default.
+#   token_life = 86400
+# Maximum number of seconds a newly issued token can be valid for.
+#   max_token_life = <same as token_life>
+# Specifies how the user key is stored. The default is 'plaintext', leaving the
+# key unsecured but available for key-signing features if such are ever added.
+# An alternative is 'sha1' which stores only a one-way hash of the key leaving
+# it secure but unavailable for key-signing.
+#   auth_type = plaintext
+# Used if the auth_type is sha1 or another method that can make use of a salt.
+#   auth_type_salt = swauthsalt
+# This allows middleware higher in the WSGI pipeline to override auth
+# processing, useful for middleware such as tempurl and formpost. If you know
+# you're not going to use such middleware and you want a bit of extra security,
+# you can set this to false.
+#   allow_overrides = true
+# Highly recommended to change this. If you comment this out, the Swauth
+# administration features will be disabled for this proxy.
+super_admin_key = swauthkey
+
+[filter:ratelimit]
+# Standard from Swift
+use = egg:swift#ratelimit
+
+[filter:cache]
+# Standard from Swift
+use = egg:swift#memcache
+
+[filter:healthcheck]
+# Standard from Swift
+use = egg:swift#healthcheck
+
+[filter:catch_errors]
+# Standard from Swift
+use = egg:swift#catch_errors