Add POST and DELETE to tempurl default methods

The tempurl middleware supports any configured HTTP methods, but the default set was only GET, PUT, and HEAD, so cluster operators had to take action to enable POST and DELETE. This commit changes the defaults to include POST and DELETE. Note that this doesn't affect any existing temporary URLs at all; the method is baked into the signature (temp_url_sig query param), so no new access is granted to a holder of a temporary URL by this change. It simply gives more flexibility to creators of temporary URLs. Change-Id: I5bc15bbd2968ab7bedcd7c0df10f2ec825537191
2014-07-11 11:27:11 -07:00 · 2014-07-11 11:27:11 -07:00 · 134e864fa1
commit 134e864fa1
parent 698919e67b
3 changed files with 14 additions and 12 deletions
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@ -415,7 +415,7 @@ use = egg:swift#staticweb
 [filter:tempurl]
 use = egg:swift#tempurl
 # The methods allowed with Temp URLs.
-# methods = GET HEAD PUT
+# methods = GET HEAD PUT POST DELETE
 #
 # The headers to remove from incoming requests. Simply a whitespace delimited
 # list of header names and names can optionally end with '*' to indicate a
--- a/swift/common/middleware/tempurl.py
+++ b/swift/common/middleware/tempurl.py
@ -212,7 +212,8 @@ class TempURL(object):
    :param conf: The configuration dict for the middleware.
    """

-    def __init__(self, app, conf, methods=('GET', 'HEAD', 'PUT')):
+    def __init__(self, app, conf,
+                 methods=('GET', 'HEAD', 'PUT', 'POST', 'DELETE')):
        #: The next WSGI application/filter in the paste.deploy pipeline.
        self.app = app
        #: The filter configuration dict.
@ -513,7 +514,7 @@ def filter_factory(global_conf, **local_conf):
    conf = global_conf.copy()
    conf.update(local_conf)

-    methods = conf.get('methods', 'GET HEAD PUT').split()
+    methods = conf.get('methods', 'GET HEAD PUT POST DELETE').split()
    register_swift_info('tempurl', methods=methods)

    return lambda app: TempURL(app, conf, methods=methods)
--- a/test/unit/common/middleware/test_tempurl.py
+++ b/test/unit/common/middleware/test_tempurl.py
@ -487,7 +487,8 @@ class TestTempURL(unittest.TestCase):
        self.assertEquals(resp.status_int, 401)
        self.assertTrue('Www-Authenticate' in resp.headers)

-    def test_post_not_allowed(self):
+    def test_post_when_forbidden_by_config(self):
+        self.tempurl.methods.remove('POST')
        method = 'POST'
        expires = int(time() + 86400)
        path = '/v1/a/c/o'
@ -504,7 +505,8 @@ class TestTempURL(unittest.TestCase):
        self.assertTrue('Temp URL invalid' in resp.body)
        self.assertTrue('Www-Authenticate' in resp.headers)

-    def test_delete_not_allowed(self):
+    def test_delete_when_forbidden_by_config(self):
+        self.tempurl.methods.remove('DELETE')
        method = 'DELETE'
        expires = int(time() + 86400)
        path = '/v1/a/c/o'
@ -521,8 +523,7 @@ class TestTempURL(unittest.TestCase):
        self.assertTrue('Temp URL invalid' in resp.body)
        self.assertTrue('Www-Authenticate' in resp.headers)

-    def test_delete_allowed_with_conf(self):
-        self.tempurl.methods.append('DELETE')
+    def test_delete_allowed(self):
        method = 'DELETE'
        expires = int(time() + 86400)
        path = '/v1/a/c/o'
@ -708,9 +709,9 @@ class TestTempURL(unittest.TestCase):
        self.assertEquals(self.tempurl._get_account({
            'REQUEST_METHOD': 'PUT', 'PATH_INFO': '/v1/a/c/o'}), 'a')
        self.assertEquals(self.tempurl._get_account({
-            'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), None)
+            'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), 'a')
        self.assertEquals(self.tempurl._get_account({
-            'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), None)
+            'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), 'a')
        self.assertEquals(self.tempurl._get_account({
            'REQUEST_METHOD': 'UNKNOWN', 'PATH_INFO': '/v1/a/c/o'}), None)
        self.assertEquals(self.tempurl._get_account({
@ -953,14 +954,14 @@ class TestSwiftInfo(unittest.TestCase):
        swift_info = utils.get_swift_info()
        self.assertTrue('tempurl' in swift_info)
        self.assertEqual(set(swift_info['tempurl']['methods']),
-                         set(('GET', 'HEAD', 'PUT')))
+                         set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))

    def test_non_default_methods(self):
-        tempurl.filter_factory({'methods': 'GET HEAD PUT POST DELETE'})
+        tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'})
        swift_info = utils.get_swift_info()
        self.assertTrue('tempurl' in swift_info)
        self.assertEqual(set(swift_info['tempurl']['methods']),
-                         set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
+                         set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))


 if __name__ == '__main__':