From 8d1278cae8069977577c0394e0e7fb34350f1d54 Mon Sep 17 00:00:00 2001 From: David Goetz Date: Thu, 6 Mar 2014 07:47:42 -0800 Subject: [PATCH] copy over swift.authorize stuff into subrequests If auth is setup in the env then it needs to be copied over with the make_request wsgi helper. Also renamed make_request to make_subrequest- when I grepped for make_request I got > 250 results, this'll make it easier to find references to this function in the future. Updated docs and sample confs to show tempurl needs to be before dlo and slo as well as auth. Change-Id: I9750555727f520a7c9fedd5f4fd31ff0f63d8088 --- doc/manpages/proxy-server.conf.5 | 2 +- doc/saio/swift/proxy-server.conf | 2 +- etc/proxy-server.conf-sample | 2 +- swift/common/middleware/dlo.py | 4 ++-- swift/common/middleware/slo.py | 6 +++--- swift/common/request_helpers.py | 4 ++-- swift/common/wsgi.py | 13 +++++++------ test/unit/common/middleware/helpers.py | 5 +++++ test/unit/common/middleware/test_dlo.py | 13 +++++++++++++ 9 files changed, 35 insertions(+), 16 deletions(-) diff --git a/doc/manpages/proxy-server.conf.5 b/doc/manpages/proxy-server.conf.5 index 305a6293a3..385b27af4a 100644 --- a/doc/manpages/proxy-server.conf.5 +++ b/doc/manpages/proxy-server.conf.5 @@ -394,7 +394,7 @@ Logging level. The default is INFO. .IP "\fB[filter:tempurl]\fR" .RE -Note: Put tempurl just before your auth filter(s) in the pipeline +Note: Put tempurl before slo, dlo, and your auth filter(s) in the pipeline .RS 3 .IP \fBincoming_remove_headers\fR diff --git a/doc/saio/swift/proxy-server.conf b/doc/saio/swift/proxy-server.conf index 0b409c3d4f..4ed132197c 100644 --- a/doc/saio/swift/proxy-server.conf +++ b/doc/saio/swift/proxy-server.conf @@ -8,7 +8,7 @@ eventlet_debug = true [pipeline:main] # Yes, proxy-logging appears twice. This is so that # middleware-originated requests get logged too. -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk slo dlo ratelimit crossdomain tempurl tempauth staticweb container-quotas account-quotas proxy-logging proxy-server +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk tempurl slo dlo ratelimit crossdomain tempauth staticweb container-quotas account-quotas proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index afa24e4cf2..07cf682505 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -406,7 +406,7 @@ use = egg:swift#cname_lookup [filter:staticweb] use = egg:swift#staticweb -# Note: Put tempurl just before your auth filter(s) in the pipeline +# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline [filter:tempurl] use = egg:swift#tempurl # The methods allowed with Temp URLs. diff --git a/swift/common/middleware/dlo.py b/swift/common/middleware/dlo.py index a08b818160..69ab7be502 100644 --- a/swift/common/middleware/dlo.py +++ b/swift/common/middleware/dlo.py @@ -24,7 +24,7 @@ from swift.common.swob import Request, Response, \ from swift.common.utils import get_logger, json, \ RateLimitedIterator, read_conf_dir, quote from swift.common.request_helpers import SegmentedIterable -from swift.common.wsgi import WSGIContext, make_request +from swift.common.wsgi import WSGIContext, make_subrequest from urllib import unquote @@ -36,7 +36,7 @@ class GetContext(WSGIContext): def _get_container_listing(self, req, version, account, container, prefix, marker=''): - con_req = make_request( + con_req = make_subrequest( req.environ, path='/'.join(['', version, account, container]), method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, diff --git a/swift/common/middleware/slo.py b/swift/common/middleware/slo.py index cf23a25fee..1dcdf07d0a 100644 --- a/swift/common/middleware/slo.py +++ b/swift/common/middleware/slo.py @@ -151,7 +151,7 @@ from swift.common.request_helpers import SegmentedIterable, \ closing_if_possible, close_if_possible from swift.common.constraints import check_utf8, MAX_BUFFERED_SLO_SEGMENTS from swift.common.http import HTTP_NOT_FOUND, HTTP_UNAUTHORIZED, is_success -from swift.common.wsgi import WSGIContext, make_request +from swift.common.wsgi import WSGIContext, make_subrequest from swift.common.middleware.bulk import get_response_body, \ ACCEPTABLE_FORMATS, Bulk @@ -216,7 +216,7 @@ class SloGetContext(WSGIContext): Fetch the submanifest, parse it, and return it. Raise exception on failures. """ - sub_req = make_request( + sub_req = make_subrequest( req.environ, path='/'.join(['', version, acc, con, obj]), method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, @@ -385,7 +385,7 @@ class SloGetContext(WSGIContext): close_if_possible(resp_iter) del req.environ['swift.non_client_disconnect'] - get_req = make_request( + get_req = make_subrequest( req.environ, method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, agent=('%(orig)s ' + 'SLO MultipartGET'), swift_source='SLO') diff --git a/swift/common/request_helpers.py b/swift/common/request_helpers.py index a75c3452aa..a6f0c985e1 100644 --- a/swift/common/request_helpers.py +++ b/swift/common/request_helpers.py @@ -29,7 +29,7 @@ from swift.common.exceptions import ListingIterError, SegmentError from swift.common.http import is_success, HTTP_SERVICE_UNAVAILABLE from swift.common.swob import HTTPBadRequest, HTTPNotAcceptable from swift.common.utils import split_path, validate_device_partition -from swift.common.wsgi import make_request +from swift.common.wsgi import make_subrequest def get_param(req, name, default=None): @@ -281,7 +281,7 @@ class SegmentedIterable(object): 'ERROR: While processing manifest %s, ' 'max LO GET time of %ds exceeded' % (self.name, self.max_get_time)) - seg_req = make_request( + seg_req = make_subrequest( self.req.environ, path=seg_path, method='GET', headers={'x-auth-token': self.req.headers.get( 'x-auth-token')}, diff --git a/swift/common/wsgi.py b/swift/common/wsgi.py index 041117163b..eab0988b17 100644 --- a/swift/common/wsgi.py +++ b/swift/common/wsgi.py @@ -575,7 +575,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None, 'PATH_INFO', 'QUERY_STRING', 'REMOTE_USER', 'REQUEST_METHOD', 'SCRIPT_NAME', 'SERVER_NAME', 'SERVER_PORT', 'HTTP_ORIGIN', 'SERVER_PROTOCOL', 'swift.cache', 'swift.source', - 'swift.trans_id'): + 'swift.trans_id', 'swift.authorize_override', + 'swift.authorize'): if name in env: newenv[name] = env[name] if method: @@ -598,8 +599,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None, return newenv -def make_request(env, method=None, path=None, body=None, headers=None, - agent='Swift', swift_source=None, make_env=make_env): +def make_subrequest(env, method=None, path=None, body=None, headers=None, + agent='Swift', swift_source=None, make_env=make_env): """ Makes a new swob.Request based on the current env but with the parameters specified. @@ -623,7 +624,7 @@ def make_request(env, method=None, path=None, body=None, headers=None, have no HTTP_USER_AGENT. :param swift_source: Used to mark the request as originating out of middleware. Will be logged in proxy logs. - :param make_env: make_request calls this make_env to help build the + :param make_env: make_subrequest calls this make_env to help build the swob.Request. :returns: Fresh swob.Request object. """ @@ -655,7 +656,7 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift', def make_pre_authed_request(env, method=None, path=None, body=None, headers=None, agent='Swift', swift_source=None): - """Same as :py:func:`make_request` but with preauthorization.""" - return make_request( + """Same as :py:func:`make_subrequest` but with preauthorization.""" + return make_subrequest( env, method=method, path=path, body=body, headers=headers, agent=agent, swift_source=swift_source, make_env=make_pre_authed_env) diff --git a/test/unit/common/middleware/helpers.py b/test/unit/common/middleware/helpers.py index 0ea957b534..52cc624e2f 100644 --- a/test/unit/common/middleware/helpers.py +++ b/test/unit/common/middleware/helpers.py @@ -42,6 +42,11 @@ class FakeSwift(object): if env.get('QUERY_STRING'): path += '?' + env['QUERY_STRING'] + if 'swift.authorize' in env: + resp = env['swift.authorize']() + if resp: + return resp(env, start_response) + headers = swob.Request(env).headers self._calls.append((method, path, headers)) self.swift_sources.append(env.get('swift.source')) diff --git a/test/unit/common/middleware/test_dlo.py b/test/unit/common/middleware/test_dlo.py index de495f1bc0..3f01eecfe0 100644 --- a/test/unit/common/middleware/test_dlo.py +++ b/test/unit/common/middleware/test_dlo.py @@ -758,6 +758,19 @@ class TestDloGetManifest(DloTestCase): self.assertEqual(body, 'aaaaabbbbbcccc') self.assertTrue(isinstance(exc, exceptions.SegmentError)) + def test_get_with_auth_overridden(self): + auth_got_called = [0] + + def my_auth(): + auth_got_called[0] += 1 + return None + + req = swob.Request.blank('/v1/AUTH_test/mancon/manifest', + environ={'REQUEST_METHOD': 'GET', + 'swift.authorize': my_auth}) + status, headers, body = self.call_dlo(req) + self.assertTrue(auth_got_called[0] > 1) + def fake_start_response(*args, **kwargs): pass