read-only: Only act on Swift paths
... and they must include an account. Change-Id: I632d58697a1026a6a581db27786ab9503c62f97e
This commit is contained in:
parent
57f17ace7c
commit
00bb0f8ba6
@ -12,7 +12,7 @@
|
|||||||
# implied.
|
# implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
from swift.common.constraints import check_account_format
|
from swift.common.constraints import check_account_format, valid_api_version
|
||||||
from swift.common.swob import HTTPMethodNotAllowed, Request
|
from swift.common.swob import HTTPMethodNotAllowed, Request
|
||||||
from swift.common.utils import get_logger, config_true_value
|
from swift.common.utils import get_logger, config_true_value
|
||||||
from swift.common.registry import register_swift_info
|
from swift.common.registry import register_swift_info
|
||||||
@ -79,7 +79,9 @@ class ReadOnlyMiddleware(object):
|
|||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
version, account, container, obj = req.split_path(1, 4, True)
|
version, account, container, obj = req.split_path(2, 4, True)
|
||||||
|
if not valid_api_version(version):
|
||||||
|
raise ValueError
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={}):
|
return_value={}):
|
||||||
for method in read_methods + write_methods:
|
for method in read_methods + write_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -64,13 +64,13 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={}):
|
return_value={}):
|
||||||
for method in read_methods:
|
for method in read_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
|
|
||||||
for method in write_methods:
|
for method in write_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(ro_resp, resp)
|
self.assertEqual(ro_resp, resp)
|
||||||
@ -84,13 +84,13 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={'sysmeta': {'read-only': 'true'}}):
|
return_value={'sysmeta': {'read-only': 'true'}}):
|
||||||
for method in read_methods:
|
for method in read_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
|
|
||||||
for method in write_methods:
|
for method in write_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(ro_resp, resp)
|
self.assertEqual(ro_resp, resp)
|
||||||
@ -104,7 +104,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={'sysmeta': {'read-only': 'false'}}):
|
return_value={'sysmeta': {'read-only': 'false'}}):
|
||||||
for method in read_methods + write_methods:
|
for method in read_methods + write_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -120,7 +120,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={'sysmeta': {'read-only': 'false'}}):
|
return_value={'sysmeta': {'read-only': 'false'}}):
|
||||||
for method in read_methods + write_methods:
|
for method in read_methods + write_methods:
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = method
|
req.method = method
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -136,7 +136,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
|
|
||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={}):
|
return_value={}):
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = "DELETE"
|
req.method = "DELETE"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -151,7 +151,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
|
|
||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
return_value={'sysmeta': {'read-only': 'on'}}):
|
return_value={'sysmeta': {'read-only': 'on'}}):
|
||||||
req = Request.blank('/v/a')
|
req = Request.blank('/v1/a')
|
||||||
req.method = "DELETE"
|
req.method = "DELETE"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -172,7 +172,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
get_fake_read_only):
|
get_fake_read_only):
|
||||||
headers = {'Destination-Account': 'b'}
|
headers = {'Destination-Account': 'b'}
|
||||||
req = Request.blank('/v/a', headers=headers)
|
req = Request.blank('/v1/a', headers=headers)
|
||||||
req.method = "COPY"
|
req.method = "COPY"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -191,7 +191,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
with mock.patch('swift.common.middleware.read_only.get_info',
|
with mock.patch('swift.common.middleware.read_only.get_info',
|
||||||
get_fake_read_only):
|
get_fake_read_only):
|
||||||
headers = {'Destination-Account': 'b'}
|
headers = {'Destination-Account': 'b'}
|
||||||
req = Request.blank('/v/a', headers=headers)
|
req = Request.blank('/v1/a', headers=headers)
|
||||||
req.method = "COPY"
|
req.method = "COPY"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(ro_resp, resp)
|
self.assertEqual(ro_resp, resp)
|
||||||
@ -212,7 +212,7 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
'account_read_only',
|
'account_read_only',
|
||||||
fake_account_read_only):
|
fake_account_read_only):
|
||||||
headers = {'Destination-Account': 'b'}
|
headers = {'Destination-Account': 'b'}
|
||||||
req = Request.blank('/v/a', headers=headers)
|
req = Request.blank('/v1/a', headers=headers)
|
||||||
req.method = "COPY"
|
req.method = "COPY"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(resp, [b'Some Content'])
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
@ -228,11 +228,39 @@ class TestReadOnly(unittest.TestCase):
|
|||||||
'account_read_only',
|
'account_read_only',
|
||||||
return_value='true'):
|
return_value='true'):
|
||||||
headers = {'Destination-Account': 'b'}
|
headers = {'Destination-Account': 'b'}
|
||||||
req = Request.blank('/v/a', headers=headers)
|
req = Request.blank('/v1/a', headers=headers)
|
||||||
req.method = "COPY"
|
req.method = "COPY"
|
||||||
resp = ro(req.environ, start_response)
|
resp = ro(req.environ, start_response)
|
||||||
self.assertEqual(ro_resp, resp)
|
self.assertEqual(ro_resp, resp)
|
||||||
|
|
||||||
|
def test_global_read_only_non_swift_path(self):
|
||||||
|
conf = {}
|
||||||
|
|
||||||
|
ro = read_only.filter_factory(conf)(FakeApp())
|
||||||
|
ro.logger = debug_logger()
|
||||||
|
|
||||||
|
def fake_account_read_only(self, req, account):
|
||||||
|
return 'on'
|
||||||
|
|
||||||
|
with mock.patch(
|
||||||
|
'swift.common.middleware.read_only.ReadOnlyMiddleware.' +
|
||||||
|
'account_read_only',
|
||||||
|
fake_account_read_only):
|
||||||
|
req = Request.blank('/auth/v3.14')
|
||||||
|
req.method = "POST"
|
||||||
|
resp = ro(req.environ, start_response)
|
||||||
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
|
|
||||||
|
req = Request.blank('/v1')
|
||||||
|
req.method = "PUT"
|
||||||
|
resp = ro(req.environ, start_response)
|
||||||
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
|
|
||||||
|
req = Request.blank('/v1.0/')
|
||||||
|
req.method = "DELETE"
|
||||||
|
resp = ro(req.environ, start_response)
|
||||||
|
self.assertEqual(resp, [b'Some Content'])
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user