diff --git a/doc/source/logs.rst b/doc/source/logs.rst index 1a5d2656c2..30a97fb8e2 100644 --- a/doc/source/logs.rst +++ b/doc/source/logs.rst @@ -102,6 +102,7 @@ DLO :ref:`dynamic-large-objects` LE :ref:`list_endpoints` KS :ref:`keystoneauth` RL :ref:`ratelimit` +RO :ref:`read_only` VW :ref:`versioned_writes` SSC :ref:`copy` SYM :ref:`symlink` diff --git a/doc/source/middleware.rst b/doc/source/middleware.rst index eeb8e988c7..8b4752104a 100644 --- a/doc/source/middleware.rst +++ b/doc/source/middleware.rst @@ -299,10 +299,19 @@ Ratelimit :members: :show-inheritance: +.. _read_only: + +Read Only +========= + +.. automodule:: swift.common.middleware.read_only + :members: + :show-inheritance: + .. _recon: Recon -=========== +===== .. automodule:: swift.common.middleware.recon :members: diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index 00f7e3f87e..8691596821 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -679,6 +679,14 @@ use = egg:swift#ratelimit # container_listing_ratelimit_10 = 50 # container_listing_ratelimit_50 = 20 +[filter:read_only] +use = egg:swift#read_only +# read_only set to true means turn global read only on +# read_only = false +# allow_deletes set to true means to allow deletes +# allow_deletes = false +# Note: Put after ratelimit in the pipeline. + [filter:domain_remap] use = egg:swift#domain_remap # You can override the default log routing for this filter here: diff --git a/setup.cfg b/setup.cfg index bc6b1a07c0..380d86ae48 100644 --- a/setup.cfg +++ b/setup.cfg @@ -86,6 +86,7 @@ paste.filter_factory = healthcheck = swift.common.middleware.healthcheck:filter_factory crossdomain = swift.common.middleware.crossdomain:filter_factory memcache = swift.common.middleware.memcache:filter_factory + read_only = swift.common.middleware.read_only:filter_factory ratelimit = swift.common.middleware.ratelimit:filter_factory cname_lookup = swift.common.middleware.cname_lookup:filter_factory catch_errors = swift.common.middleware.catch_errors:filter_factory diff --git a/swift/common/middleware/read_only.py b/swift/common/middleware/read_only.py new file mode 100644 index 0000000000..f064e70497 --- /dev/null +++ b/swift/common/middleware/read_only.py @@ -0,0 +1,120 @@ +# Copyright (c) 2010-2015 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +from swift.common.constraints import check_account_format +from swift.common.swob import HTTPMethodNotAllowed, Request +from swift.common.utils import get_logger, config_true_value +from swift.proxy.controllers.base import get_info + +""" +========= +Read Only +========= + +The ability to make an entire cluster or individual accounts read only is +implemented as pluggable middleware. When a cluster or an account is in read +only mode, requests that would result in writes to the cluser are not allowed. +A 405 is returned on such requests. "COPY", "DELETE", "POST", and +"PUT" are the HTTP methods that are considered writes. + +------------- +Configuration +------------- + +All configuration is optional. + +============= ======= ==================================================== +Option Default Description +------------- ------- ---------------------------------------------------- +read_only false Set to 'true' to put the entire cluster in read only + mode. +allow_deletes false Set to 'true' to allow deletes. +============= ======= ==================================================== + +--------------------------- +Marking Individual Accounts +--------------------------- + +If a system administrator wants to mark individual accounts as read only, +he/she can set X-Account-Sysmeta-Read-Only on an account to 'true'. + +If a system administrator wants to allow writes to individual accounts, +when a cluster is in read only mode, he/she can set +X-Account-Sysmeta-Read-Only on an account to 'false'. + +This header will be hidden from the user, because of the gatekeeper middleware, +and can only be set using a direct client to the account nodes. +""" + + +class ReadOnlyMiddleware(object): + """ + Middleware that make an entire cluster or individual accounts read only. + """ + + def __init__(self, app, conf, logger=None): + self.app = app + self.logger = logger or get_logger(conf, log_route='read_only') + self.read_only = config_true_value(conf.get('read_only')) + self.write_methods = ['COPY', 'POST', 'PUT'] + if not config_true_value(conf.get('allow_deletes')): + self.write_methods += ['DELETE'] + + def __call__(self, env, start_response): + req = Request(env) + + if req.method not in self.write_methods: + return self.app(env, start_response) + + try: + version, account, container, obj = req.split_path(1, 4, True) + except ValueError: + return self.app(env, start_response) + + if req.method == 'COPY' and 'Destination-Account' in req.headers: + dest_account = req.headers.get('Destination-Account') + account = check_account_format(req, dest_account) + + account_read_only = self.account_read_only(req, account) + if account_read_only is False: + return self.app(env, start_response) + + if self.read_only or account_read_only: + return HTTPMethodNotAllowed()(env, start_response) + + return self.app(env, start_response) + + def account_read_only(self, req, account): + """ + Returns None if X-Account-Sysmeta-Read-Only is not set. + Returns True or False otherwise. + """ + info = get_info(self.app, req.environ, account, swift_source='RO') + read_only = info.get('sysmeta', {}).get('read-only', '') + if read_only == '': + return None + return config_true_value(read_only) + + +def filter_factory(global_conf, **local_conf): + """ + paste.deploy app factory for creating WSGI proxy apps. + """ + conf = global_conf.copy() + conf.update(local_conf) + + def read_only_filter(app): + return ReadOnlyMiddleware(app, conf) + + return read_only_filter diff --git a/test/unit/common/middleware/test_read_only.py b/test/unit/common/middleware/test_read_only.py new file mode 100644 index 0000000000..bdaefb2edb --- /dev/null +++ b/test/unit/common/middleware/test_read_only.py @@ -0,0 +1,253 @@ +# Copyright (c) 2010-2015 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import mock +import unittest + +from swift.common.middleware import read_only +from swift.common.swob import Request +from test.unit import FakeLogger + + +class FakeApp(object): + def __call__(self, env, start_response): + return ['204 No Content'] + + +def start_response(*args): + pass + + +read_methods = 'GET HEAD'.split() +write_methods = 'COPY DELETE POST PUT'.split() +ro_resp = ['
The method is not ' + + 'allowed for this resource.
'] + + +class TestReadOnly(unittest.TestCase): + def test_global_read_only_off(self): + conf = { + 'read_only': 'false', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + with mock.patch('swift.common.middleware.read_only.get_info', + return_value={}): + for method in read_methods + write_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_on(self): + conf = { + 'read_only': 'true', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + with mock.patch('swift.common.middleware.read_only.get_info', + return_value={}): + for method in read_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + for method in write_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertEqual(ro_resp, resp) + + def test_account_read_only_on(self): + conf = {} + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + return {'sysmeta': {'read-only': 'true'}} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + for method in read_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + for method in write_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertEqual(ro_resp, resp) + + def test_account_read_only_off(self): + conf = {} + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + return {'sysmeta': {'read-only': 'false'}} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + for method in read_methods + write_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_on_account_off(self): + conf = { + 'read_only': 'true', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + return {'sysmeta': {'read-only': 'false'}} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + for method in read_methods + write_methods: + req = Request.blank('/v/a') + req.method = method + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_on_allow_deletes(self): + conf = { + 'read_only': 'true', + 'allow_deletes': 'true', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + with mock.patch('swift.common.middleware.read_only.get_info', + return_value={}): + req = Request.blank('/v/a') + req.method = "DELETE" + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_account_read_only_on_allow_deletes(self): + conf = { + 'allow_deletes': 'true', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + return {'sysmeta': {'read-only': 'on'}} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + req = Request.blank('/v/a') + req.method = "DELETE" + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_on_destination_account_off_on_copy(self): + conf = { + 'read_only': 'true', + } + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + if 'b' in args: + return {'sysmeta': {'read-only': 'false'}} + return {} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + headers = {'Destination-Account': 'b'} + req = Request.blank('/v/a', headers=headers) + req.method = "COPY" + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_off_destination_account_on_on_copy(self): + conf = {} + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def get_fake_read_only(*args, **kwargs): + if 'b' in args: + return {'sysmeta': {'read-only': 'true'}} + return {} + + with mock.patch('swift.common.middleware.read_only.get_info', + get_fake_read_only): + headers = {'Destination-Account': 'b'} + req = Request.blank('/v/a', headers=headers) + req.method = "COPY" + resp = ro(req.environ, start_response) + self.assertEqual(ro_resp, resp) + + def test_global_read_only_off_src_acct_on_dest_acct_off_on_copy(self): + conf = {} + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def fake_account_read_only(self, req, account): + if account == 'a': + return 'on' + return '' + + with mock.patch( + 'swift.common.middleware.read_only.ReadOnlyMiddleware.' + + 'account_read_only', + fake_account_read_only): + headers = {'Destination-Account': 'b'} + req = Request.blank('/v/a', headers=headers) + req.method = "COPY" + resp = ro(req.environ, start_response) + self.assertTrue(resp[0].startswith('204')) + + def test_global_read_only_off_src_acct_on_dest_acct_on_on_copy(self): + conf = {} + + ro = read_only.filter_factory(conf)(FakeApp()) + ro.logger = FakeLogger() + + def fake_account_read_only(*args, **kwargs): + return 'true' + + with mock.patch( + 'swift.common.middleware.read_only.ReadOnlyMiddleware.' + + 'account_read_only', + fake_account_read_only): + headers = {'Destination-Account': 'b'} + req = Request.blank('/v/a', headers=headers) + req.method = "COPY" + resp = ro(req.environ, start_response) + self.assertEqual(ro_resp, resp) + + +if __name__ == '__main__': + unittest.main()