OpenStack Swift allows you to store a large number of files. To manage them, you need to be authenticated with a token, for each API request. This means your Swift permissions (read, write, etc ...) can be verified. The token is generated by the authentication system using your credentials.
However, if you want to share a file with a friend or co-worker without having to provide personal information related to authentication, you can create a temporary URL (tempurl) instead.
The Tempurl is a feature that allows you to choose the files you want to share and to make them available for the time you want, by setting an expiration time for the link.
How does it work?
The Tempurl function generates a temporary address which contains:
- The endpoint URL, for example:
- The full path for the object that contains your project, the container and the object name. Eg: "v1/AUTH_tenant/default/file"
- A first additional parameter tempurlsign, which is the signature that is generated with your secret key, the HTTP method, file path and expiration date.
- A second parameter url_expires, which is the link expiration date.
- Prepare the environment to use the OpenStack API
- Set OpenStack environment variables
- Python must be installed on your computer
- The Python script: swift-temp-url
Generate the key
First, you have to generate a key. This key can be used for all files in your account, it is generated once for all future temp urls, so make sure you choose a secure and long key. However, please note that you can regenerate a new key whenever you want.
To generate your key, please use a string which contains at least 20 characters. You can use various tools including:
- "/dev/urandom" on Linux
- Or just a simple: "date +%s | md5sum"
Once you have generated your key, you can configure it on your project using Swiftclient (replace the "12345" string with your key):
swift post -m "Temp-URL-Key: 12345"
Or use curl:
curl -i -X POST \ -H "X-Account-Meta-Temp-URL-Key: 12345" \ -H "X-Auth-Token: abcdef12345" \ https://storage.sbg1.cloud.ovh.net/v1/AUTH_ProjectID
The full header is X-Account-Meta-Temp-Url-Key but Swiftclient uses Temp-URL-Key and adds the X-Account prefix automatically. Now that the key is configured on your account, you can check that the header has been correctly applied using swiftclient:
curl -i -X HEAD \ -H "X-Auth-Token: abcdef12345" \ ttps://storage.sbg1.cloud.ovh.net/v1/AUTH_ProjectID
Generate the URL
The following tasks can be done offline.
Generate a temporary URL using the swift-temp-url script:
python swift-temp-url GET 60 /v1/AUTH_tenant/default/file 12345
- GET: HTTP method.
- 60: This link is available for 60 seconds, you can set your own limit.
- 12345: To be replaced with your key
- /v1/AUTH_tenant/default/file: The path to your file.
You do not need the endpoint at this stage in the process.
This will give you the temporary URL, for example:
You will then be able to see your file path, the signature, and the expiration date, as explained above.
To get your URL working, you just need to add the endpoint in front of your tempurl:
In our example, this URL lets anyone download the "file" file in the "default" container, for up to 60 seconds, without having to provide authentication. After 60 seconds, the URL will no longer work. For more advanced users who want to generate tempurls with the swift-temp-url script, there is more information available in the OpenStack documentation.