Keystone support validating S3 tokens using the same tokens as the generated EC2 tokens. When you have generated a pair of EC2 access token and secret you can access your swift cluster directly with the S3 API.
Configure the paste file for swift-proxy (`/etc/swift/proxy-server.conf`) to use S3token and Swift3 middleware. You must have the s3token middleware in the pipeline when using keystone and swift3.
Here's an example:
[DEFAULT] bind_port = 8080 user = <user> [pipeline:main] pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = true [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheck [filter:cache] use = egg:swift#memcache [filter:swift3] use = egg:swift#swift3 [filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator [filter:s3token] paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory auth_port = 35357 auth_host = 127.0.0.1 auth_protocol = http [filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_protocol = http auth_token = ADMIN admin_token = ADMIN
You can then access directly your Swift via the S3 API, here's an example with the `boto` library:
import boto import boto.s3.connection connection = boto.connect_s3( aws_access_key_id='<ec2 access key for user>', aws_secret_access_key='<ec2 secret access key for user>', port=8080, host='localhost', is_secure=False, calling_format=boto.s3.connection.OrdinaryCallingFormat())
