Almost in every OpenStack Swift documentation is mentioned that TempAuth is a solution just for test non-prod environment (however it's fully functional).
The key reason to don't use this approach in prod that user-creds are stored in plain configuration file that decrease overall security for Object storage.
On the other hand if App is using Object Storage internally (so it's only stores files in the internal infrastructure) and authentication and authorization is provided by App itself it seems such approach might be suitable for production usage.
Could you please share any other drawbacks of TempAuth usage on prod environment taking into account that object storage is internal (or add additional arguments that it's ok :) )?
OpenStack Swift TempAuth authentication prod usage
320 views Asked by user1459144 At
1
There are 1 answers
Related Questions in OPENSTACK
- Script shell execution failing escaping problem
- How can I upload a tar.bz2 file to Openstack Swift Object storage container using Python Swift Client?
- How do I check users inside my openstack project using openstack.cloud ansible collection?
- backup issue about openstack disk
- How to Expose OpenStack Instances to Local Host Physical Network?
- Using AWS Cloudwatch Agent to Monitor Openstack IaaS cloud
- Terraform floating ip check
- How to use Auth token in Openstack Ansible Module
- python yaml openstack how to access element of one group
- There was a problem using openstack4j for domain level authentication
- Openstack: Terraform multiple Instances with additional Disks - for_each list(object)
- Terraform: openstack_compute_instance_v2 assign multiple networks dinamically
- Issues with bash scripting syntax in Jenkins pipeline
- Imported python package unrecognized submodule
- How can I assign a port to VM without ip in openstack?
Related Questions in OPENSTACK-SWIFT
- Having issues with PyInstaller and the Python-Keystoneclient package
- the problem of swift-container-replicator on openstack swift
- multiple destination for statsd in object-server.conf of swift open stack
- MD5_CHECKSUM error while uploading a file
- Apache Flink + Openstack Swift
- Trouble Retrieving Metadata Information from OpenStack Swift Object using REST APIs: Need Help Adding Metadata from Horizon UI or REST API properly
- What issues arise when using Openstack Swift SAIO for Production use?
- is there a way to revert a expiration date for an object in openstack swift?
- Hadoop/Swift/Minio... Choosing Large Object Storage solution
- Failed to discover available identity versions when contacting http://127.0.0.1:35357/v3. Attempting to parse version from URL. Unauthorized(HTTP 401)
- Copy a lot of files - Swift
- Reducing replication on Openstack Swift
- How make API calls to OpenStack installed on local machine from outside the network?
- Thread blocks the main thread
- devstack/stackrc:833 Could not determine host ip address. See local.conf for suggestions on setting HOST_IP
Related Questions in OPENSTACK-KEYSTONE
- Having issues with PyInstaller and the Python-Keystoneclient package
- Keystone service in OpenStack consumes a lot of CPU
- Failed to discover available identity versions when contacting https://172.28.68.39:13000//v3
- OpenStack - keystone did not start
- Not able to create instance on new openstack
- How to authenticate a user in Openstack keystone who is getting authenticated in application by Azure AD
- Can external API endpoints be registered in Openstack Keystone service catalogue/registry?
- How do I enable logging of successful authorizations in keystone?
- openstack issue a token with no expire time
- Is there a way to check the life of a token?
- openstack : Deleted a project/tenant my mistake. How to restore it without rolling back the controller DB backup
- Configure the administrative account
- /etc/keystone/fernet-keys/ does not contain keys, use keystone-manage fernet_setup to create Fernet keys
- I'm curious about Openstack Token, which is about the starting point of issuing Scoped between Horizon, Keystone, and Nova
- ERROR when trying to Create projects in openstack (Missing value auth-url required for auth plugin password )
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I think the problem with tempauth is that,it is built in module in the Swift, and cant be used as an external authentication module in distributed swift storage systems. but keystone can.