TempURL

The TempURL middleware allows URLs to be created to provide temporary access to objects. This may be handy when needing to provide download link for large objects from a Swift account which does not have public access.

Configuring TempURL

Click on the TempURL link on the Manage Cluster page Middleware tab to enable the TempURL middleware.

../../_images/temp-url.png

incoming_remove_headers and incoming_allow_headers let the administrator specify what headers / metadata the unauthenticated users are allowed to set.

outgoing_remove_headers and outgoing_allow_headers let the administrator specify what headers / metadata the unauthenticated users are allowed to see.

methods let the administrator set the allowed methods for TempURLs (GET HEAD POST PUT DELETE).

Setting the Key

In addition to enabling the middleware, a secret key must be configured on the account for use in decrypting the TempURL query string.

Using the `swift` command line tool

swift post -m 'Temp-URL-Key:<secret>' [-A AUTH_URL] [-U USERNAME] [-K PASSWORD]

Using `curl`

See Authentication and Authorization for instructions on getting the TOKEN and STORAGE_URL.

curl -i -X POST <STORAGE_URL> -H 'X-Account-Meta-Temp-URL-Key: <secret>' -H 'X-Auth-Token: <TOKEN>'

$ curl -i -X POST https://swift.example.com/v1/AUTH_bob \
>         -H 'X-Account-Meta-Temp-URL-Key: secret' \
>         -H 'X-Auth-Token: AUTH_tke9a821bd80984f31ac106e8e445a3372' -i
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txe9c628936ea54372bb78e-00523cc51d
Date: Fri, 20 Sep 2013 21:58:53 GMT

Generating a URL

You can generate TempURLs with the Swift command line client or the /opt/ss/bin/swift-temp-url utility on one of your nodes.

Using the `swift` command line tool

swift tempurl <method> <seconds> <path> <key>

Using `swift-temp-url`

/opt/ss/bin/swift-temp-url <method> <seconds> <path> <key>

method One of GET PUT POST DELETE
seconds How long the request should be allowed
path The full path of the resource to be accessed Example: /v1/AUTH_bob/pictures/grandma.png
key The secret key set above. 
$ swift tempurl GET 60 /v1/AUTH_bob/everyone_can_read_container/plan.txt secret
/v1/AUTH_bob/everyone_can_read_container/plan.txt?temp_url_sig=fed1c1db8b25fce2cbfa04e42003cb8c774b58f4&temp_url_expires=1379714858

Note

See http://docs.openstack.org/developer/swift/middleware.html#tempurl for instructions on how to generate TempURLs in Python.

Using the URL

curl https://<hostname><output from swift-temp-url>

$ curl -i "http://swift.example.com/v1/AUTH_bob/everyone_can_read_container/plan.txt?temp_url_sig=bc0e05d787ca0818ecbd8d61fa086e0e8514209a&temp_url_expires=1379716925"
HTTP/1.1 200 OK
Content-Length: 15
Accept-Ranges: bytes
Last-Modified: Fri, 20 Sep 2013 22:14:15 GMT
Etag: 303be4e2ed7266b1c9a6e53c842e3c6a
X-Timestamp: 1379715255.56903
Content-Type: text/plain
Content-Disposition: attachment; filename="plan.txt"
X-Trans-Id: tx2dbe017af2194a34853a3-00523cce4b
Date: Fri, 20 Sep 2013 22:38:03 GMT

it's a secret!

Note

When using TempURL and curl it is important to put the URL in quotes so that the & doesn't get treated as a special shell character.