copy over swift.authorize stuff into subrequests
If auth is setup in the env then it needs to be copied over with the make_request wsgi helper. Also renamed make_request to make_subrequest- when I grepped for make_request I got > 250 results, this'll make it easier to find references to this function in the future. Updated docs and sample confs to show tempurl needs to be before dlo and slo as well as auth. Change-Id: I9750555727f520a7c9fedd5f4fd31ff0f63d8088
This commit is contained in:
David Goetz
Samuel Merritt
parent
28c0da29b0
commit
8d1278cae8
@ -394,7 +394,7 @@ Logging level. The default is INFO.
|
||||
.IP "\fB[filter:tempurl]\fR"
|
||||
.RE
|
||||
|
||||
Note: Put tempurl just before your auth filter(s) in the pipeline
|
||||
Note: Put tempurl before slo, dlo, and your auth filter(s) in the pipeline
|
||||
|
||||
.RS 3
|
||||
.IP \fBincoming_remove_headers\fR
|
||||
|
||||
@ -8,7 +8,7 @@ eventlet_debug = true
|
||||
[pipeline:main]
|
||||
# Yes, proxy-logging appears twice. This is so that
|
||||
# middleware-originated requests get logged too.
|
||||
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk slo dlo ratelimit crossdomain tempurl tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
|
||||
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk tempurl slo dlo ratelimit crossdomain tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
|
||||
|
||||
[filter:catch_errors]
|
||||
use = egg:swift#catch_errors
|
||||
|
||||
@ -406,7 +406,7 @@ use = egg:swift#cname_lookup
|
||||
[filter:staticweb]
|
||||
use = egg:swift#staticweb
|
||||
|
||||
# Note: Put tempurl just before your auth filter(s) in the pipeline
|
||||
# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline
|
||||
[filter:tempurl]
|
||||
use = egg:swift#tempurl
|
||||
# The methods allowed with Temp URLs.
|
||||
|
||||
@ -24,7 +24,7 @@ from swift.common.swob import Request, Response, \
|
||||
from swift.common.utils import get_logger, json, \
|
||||
RateLimitedIterator, read_conf_dir, quote
|
||||
from swift.common.request_helpers import SegmentedIterable
|
||||
from swift.common.wsgi import WSGIContext, make_request
|
||||
from swift.common.wsgi import WSGIContext, make_subrequest
|
||||
from urllib import unquote
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ class GetContext(WSGIContext):
|
||||
|
||||
def _get_container_listing(self, req, version, account, container,
|
||||
prefix, marker=''):
|
||||
con_req = make_request(
|
||||
con_req = make_subrequest(
|
||||
req.environ, path='/'.join(['', version, account, container]),
|
||||
method='GET',
|
||||
headers={'x-auth-token': req.headers.get('x-auth-token')},
|
||||
|
||||
@ -151,7 +151,7 @@ from swift.common.request_helpers import SegmentedIterable, \
|
||||
closing_if_possible, close_if_possible
|
||||
from swift.common.constraints import check_utf8, MAX_BUFFERED_SLO_SEGMENTS
|
||||
from swift.common.http import HTTP_NOT_FOUND, HTTP_UNAUTHORIZED, is_success
|
||||
from swift.common.wsgi import WSGIContext, make_request
|
||||
from swift.common.wsgi import WSGIContext, make_subrequest
|
||||
from swift.common.middleware.bulk import get_response_body, \
|
||||
ACCEPTABLE_FORMATS, Bulk
|
||||
|
||||
@ -216,7 +216,7 @@ class SloGetContext(WSGIContext):
|
||||
Fetch the submanifest, parse it, and return it.
|
||||
Raise exception on failures.
|
||||
"""
|
||||
sub_req = make_request(
|
||||
sub_req = make_subrequest(
|
||||
req.environ, path='/'.join(['', version, acc, con, obj]),
|
||||
method='GET',
|
||||
headers={'x-auth-token': req.headers.get('x-auth-token')},
|
||||
@ -385,7 +385,7 @@ class SloGetContext(WSGIContext):
|
||||
close_if_possible(resp_iter)
|
||||
del req.environ['swift.non_client_disconnect']
|
||||
|
||||
get_req = make_request(
|
||||
get_req = make_subrequest(
|
||||
req.environ, method='GET',
|
||||
headers={'x-auth-token': req.headers.get('x-auth-token')},
|
||||
agent=('%(orig)s ' + 'SLO MultipartGET'), swift_source='SLO')
|
||||
|
||||
@ -29,7 +29,7 @@ from swift.common.exceptions import ListingIterError, SegmentError
|
||||
from swift.common.http import is_success, HTTP_SERVICE_UNAVAILABLE
|
||||
from swift.common.swob import HTTPBadRequest, HTTPNotAcceptable
|
||||
from swift.common.utils import split_path, validate_device_partition
|
||||
from swift.common.wsgi import make_request
|
||||
from swift.common.wsgi import make_subrequest
|
||||
|
||||
|
||||
def get_param(req, name, default=None):
|
||||
@ -281,7 +281,7 @@ class SegmentedIterable(object):
|
||||
'ERROR: While processing manifest %s, '
|
||||
'max LO GET time of %ds exceeded' %
|
||||
(self.name, self.max_get_time))
|
||||
seg_req = make_request(
|
||||
seg_req = make_subrequest(
|
||||
self.req.environ, path=seg_path, method='GET',
|
||||
headers={'x-auth-token': self.req.headers.get(
|
||||
'x-auth-token')},
|
||||
|
||||
@ -575,7 +575,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
|
||||
'PATH_INFO', 'QUERY_STRING', 'REMOTE_USER', 'REQUEST_METHOD',
|
||||
'SCRIPT_NAME', 'SERVER_NAME', 'SERVER_PORT', 'HTTP_ORIGIN',
|
||||
'SERVER_PROTOCOL', 'swift.cache', 'swift.source',
|
||||
'swift.trans_id'):
|
||||
'swift.trans_id', 'swift.authorize_override',
|
||||
'swift.authorize'):
|
||||
if name in env:
|
||||
newenv[name] = env[name]
|
||||
if method:
|
||||
@ -598,8 +599,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
|
||||
return newenv
|
||||
|
||||
|
||||
def make_request(env, method=None, path=None, body=None, headers=None,
|
||||
agent='Swift', swift_source=None, make_env=make_env):
|
||||
def make_subrequest(env, method=None, path=None, body=None, headers=None,
|
||||
agent='Swift', swift_source=None, make_env=make_env):
|
||||
"""
|
||||
Makes a new swob.Request based on the current env but with the
|
||||
parameters specified.
|
||||
@ -623,7 +624,7 @@ def make_request(env, method=None, path=None, body=None, headers=None,
|
||||
have no HTTP_USER_AGENT.
|
||||
:param swift_source: Used to mark the request as originating out of
|
||||
middleware. Will be logged in proxy logs.
|
||||
:param make_env: make_request calls this make_env to help build the
|
||||
:param make_env: make_subrequest calls this make_env to help build the
|
||||
swob.Request.
|
||||
:returns: Fresh swob.Request object.
|
||||
"""
|
||||
@ -655,7 +656,7 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift',
|
||||
|
||||
def make_pre_authed_request(env, method=None, path=None, body=None,
|
||||
headers=None, agent='Swift', swift_source=None):
|
||||
"""Same as :py:func:`make_request` but with preauthorization."""
|
||||
return make_request(
|
||||
"""Same as :py:func:`make_subrequest` but with preauthorization."""
|
||||
return make_subrequest(
|
||||
env, method=method, path=path, body=body, headers=headers, agent=agent,
|
||||
swift_source=swift_source, make_env=make_pre_authed_env)
|
||||
|
||||
@ -42,6 +42,11 @@ class FakeSwift(object):
|
||||
if env.get('QUERY_STRING'):
|
||||
path += '?' + env['QUERY_STRING']
|
||||
|
||||
if 'swift.authorize' in env:
|
||||
resp = env['swift.authorize']()
|
||||
if resp:
|
||||
return resp(env, start_response)
|
||||
|
||||
headers = swob.Request(env).headers
|
||||
self._calls.append((method, path, headers))
|
||||
self.swift_sources.append(env.get('swift.source'))
|
||||
|
||||
@ -758,6 +758,19 @@ class TestDloGetManifest(DloTestCase):
|
||||
self.assertEqual(body, 'aaaaabbbbbcccc')
|
||||
self.assertTrue(isinstance(exc, exceptions.SegmentError))
|
||||
|
||||
def test_get_with_auth_overridden(self):
|
||||
auth_got_called = [0]
|
||||
|
||||
def my_auth():
|
||||
auth_got_called[0] += 1
|
||||
return None
|
||||
|
||||
req = swob.Request.blank('/v1/AUTH_test/mancon/manifest',
|
||||
environ={'REQUEST_METHOD': 'GET',
|
||||
'swift.authorize': my_auth})
|
||||
status, headers, body = self.call_dlo(req)
|
||||
self.assertTrue(auth_got_called[0] > 1)
|
||||
|
||||
|
||||
def fake_start_response(*args, **kwargs):
|
||||
pass
|
||||
|
||||
Loading…
Reference in New Issue
Block a user