[DEFAULT] # Standard from Swift [pipeline:main] # Standard from Swift, this is just an example of where to put swauth pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server [app:proxy-server] # Standard from Swift, main point to note is the inclusion of # allow_account_management = true (only for the proxy servers where you want to # be able to create/delete accounts). use = egg:swift#proxy allow_account_management = true [filter:swauth] use = egg:swauth#swauth # You can override the default log routing for this filter here: # set log_name = swauth # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # The reseller prefix will verify a token begins with this prefix before even # attempting to validate it. Also, with authorization, only Swift storage # accounts with this prefix will be authorized by this middleware. Useful if # multiple auth systems are in use for one Swift cluster. # reseller_prefix = AUTH # If you wish to use a Swauth service on a remote cluster with this cluster: # swauth_remote = http://remotehost:port/auth # swauth_remote_timeout = 10 # When using swauth_remote, the rest of these settings have no effect. # # The auth prefix will cause requests beginning with this prefix to be routed # to the auth subsystem, for granting tokens, creating accounts, users, etc. # auth_prefix = /auth/ # Cluster strings are of the format name#url where name is a short name for the # Swift cluster and url is the url to the proxy server(s) for the cluster. # default_swift_cluster = local#http://127.0.0.1:8080/v1 # You may also use the format name#url#url where the first url is the one # given to users to access their account (public url) and the second is the one # used by swauth itself to create and delete accounts (private url). This is # useful when a load balancer url should be used by users, but swauth itself is # behind the load balancer. Example: # default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1 # Number of seconds a newly issued token should be valid for, by default. # token_life = 86400 # Maximum number of seconds a newly issued token can be valid for. # max_token_life = # Specifies how the user key is stored. The default is 'plaintext', leaving the # key unsecured but available for key-signing features if such are ever added. # An alternative is 'sha1' which stores only a one-way hash of the key leaving # it secure but unavailable for key-signing. # auth_type = plaintext # Used if the auth_type is sha1 or another method that can make use of a salt. # auth_type_salt = swauthsalt # This allows middleware higher in the WSGI pipeline to override auth # processing, useful for middleware such as tempurl and formpost. If you know # you're not going to use such middleware and you want a bit of extra security, # you can set this to false. # allow_overrides = true # Highly recommended to change this. If you comment this out, the Swauth # administration features will be disabled for this proxy. super_admin_key = swauthkey [filter:ratelimit] # Standard from Swift use = egg:swift#ratelimit [filter:cache] # Standard from Swift use = egg:swift#memcache [filter:healthcheck] # Standard from Swift use = egg:swift#healthcheck [filter:catch_errors] # Standard from Swift use = egg:swift#catch_errors