copy over swift.authorize stuff into subrequests

If auth is setup in the env then it needs to be copied over with the make_request wsgi helper. Also renamed make_request to make_subrequest- when I grepped for make_request I got > 250 results, this'll make it easier to find references to this function in the future. Updated docs and sample confs to show tempurl needs to be before dlo and slo as well as auth. Change-Id: I9750555727f520a7c9fedd5f4fd31ff0f63d8088
2014-03-06 07:47:42 -08:00 · 2014-03-06 07:47:42 -08:00 · 8d1278cae8
commit 8d1278cae8
parent 28c0da29b0
9 changed files with 35 additions and 16 deletions
--- a/doc/manpages/proxy-server.conf.5
+++ b/doc/manpages/proxy-server.conf.5
@ -394,7 +394,7 @@ Logging level. The default is INFO.
 .IP "\fB[filter:tempurl]\fR"
 .RE
-Note: Put tempurl just before your auth filter(s) in the pipeline
+Note: Put tempurl before slo, dlo, and your auth filter(s) in the pipeline
 .RS 3
 .IP \fBincoming_remove_headers\fR
--- a/doc/saio/swift/proxy-server.conf
+++ b/doc/saio/swift/proxy-server.conf
@ -8,7 +8,7 @@ eventlet_debug = true
 [pipeline:main]
 # Yes, proxy-logging appears twice. This is so that
 # middleware-originated requests get logged too.
-pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk slo dlo ratelimit crossdomain tempurl tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk tempurl slo dlo ratelimit crossdomain tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
 [filter:catch_errors]
 use = egg:swift#catch_errors
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@ -406,7 +406,7 @@ use = egg:swift#cname_lookup
 [filter:staticweb]
 use = egg:swift#staticweb
-# Note: Put tempurl just before your auth filter(s) in the pipeline
+# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline
 [filter:tempurl]
 use = egg:swift#tempurl
 # The methods allowed with Temp URLs.
--- a/swift/common/middleware/dlo.py
+++ b/swift/common/middleware/dlo.py
@ -24,7 +24,7 @@ from swift.common.swob import Request, Response, \
 from swift.common.utils import get_logger, json, \
    RateLimitedIterator, read_conf_dir, quote
 from swift.common.request_helpers import SegmentedIterable
-from swift.common.wsgi import WSGIContext, make_request
+from swift.common.wsgi import WSGIContext, make_subrequest
 from urllib import unquote
@ -36,7 +36,7 @@ class GetContext(WSGIContext):
    def _get_container_listing(self, req, version, account, container,
                               prefix, marker=''):
-        con_req = make_request(
+        con_req = make_subrequest(
            req.environ, path='/'.join(['', version, account, container]),
            method='GET',
            headers={'x-auth-token': req.headers.get('x-auth-token')},
--- a/swift/common/middleware/slo.py
+++ b/swift/common/middleware/slo.py
@ -151,7 +151,7 @@ from swift.common.request_helpers import SegmentedIterable, \
    closing_if_possible, close_if_possible
 from swift.common.constraints import check_utf8, MAX_BUFFERED_SLO_SEGMENTS
 from swift.common.http import HTTP_NOT_FOUND, HTTP_UNAUTHORIZED, is_success
-from swift.common.wsgi import WSGIContext, make_request
+from swift.common.wsgi import WSGIContext, make_subrequest
 from swift.common.middleware.bulk import get_response_body, \
    ACCEPTABLE_FORMATS, Bulk
@ -216,7 +216,7 @@ class SloGetContext(WSGIContext):
        Fetch the submanifest, parse it, and return it.
        Raise exception on failures.
        """
-        sub_req = make_request(
+        sub_req = make_subrequest(
            req.environ, path='/'.join(['', version, acc, con, obj]),
            method='GET',
            headers={'x-auth-token': req.headers.get('x-auth-token')},
@ -385,7 +385,7 @@ class SloGetContext(WSGIContext):
            close_if_possible(resp_iter)
            del req.environ['swift.non_client_disconnect']
-            get_req = make_request(
+            get_req = make_subrequest(
                req.environ, method='GET',
                headers={'x-auth-token': req.headers.get('x-auth-token')},
                agent=('%(orig)s ' + 'SLO MultipartGET'), swift_source='SLO')
--- a/swift/common/request_helpers.py
+++ b/swift/common/request_helpers.py
@ -29,7 +29,7 @@ from swift.common.exceptions import ListingIterError, SegmentError
 from swift.common.http import is_success, HTTP_SERVICE_UNAVAILABLE
 from swift.common.swob import HTTPBadRequest, HTTPNotAcceptable
 from swift.common.utils import split_path, validate_device_partition
-from swift.common.wsgi import make_request
+from swift.common.wsgi import make_subrequest
 def get_param(req, name, default=None):
@ -281,7 +281,7 @@ class SegmentedIterable(object):
                        'ERROR: While processing manifest %s, '
                        'max LO GET time of %ds exceeded' %
                        (self.name, self.max_get_time))
-                seg_req = make_request(
+                seg_req = make_subrequest(
                    self.req.environ, path=seg_path, method='GET',
                    headers={'x-auth-token': self.req.headers.get(
                        'x-auth-token')},
--- a/swift/common/wsgi.py
+++ b/swift/common/wsgi.py
@ -575,7 +575,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
                 'PATH_INFO', 'QUERY_STRING', 'REMOTE_USER', 'REQUEST_METHOD',
                 'SCRIPT_NAME', 'SERVER_NAME', 'SERVER_PORT', 'HTTP_ORIGIN',
                 'SERVER_PROTOCOL', 'swift.cache', 'swift.source',
-                 'swift.trans_id'):
+                 'swift.trans_id', 'swift.authorize_override',
                 'swift.authorize'):
        if name in env:
            newenv[name] = env[name]
    if method:
@ -598,8 +599,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
    return newenv
-def make_request(env, method=None, path=None, body=None, headers=None,
+def make_subrequest(env, method=None, path=None, body=None, headers=None,
-                 agent='Swift', swift_source=None, make_env=make_env):
+                    agent='Swift', swift_source=None, make_env=make_env):
    """
    Makes a new swob.Request based on the current env but with the
    parameters specified.
@ -623,7 +624,7 @@ def make_request(env, method=None, path=None, body=None, headers=None,
                  have no HTTP_USER_AGENT.
    :param swift_source: Used to mark the request as originating out of
                         middleware. Will be logged in proxy logs.
-    :param make_env: make_request calls this make_env to help build the
+    :param make_env: make_subrequest calls this make_env to help build the
        swob.Request.
    :returns: Fresh swob.Request object.
    """
@ -655,7 +656,7 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift',
 def make_pre_authed_request(env, method=None, path=None, body=None,
                            headers=None, agent='Swift', swift_source=None):
-    """Same as :py:func:`make_request` but with preauthorization."""
+    """Same as :py:func:`make_subrequest` but with preauthorization."""
-    return make_request(
+    return make_subrequest(
        env, method=method, path=path, body=body, headers=headers, agent=agent,
        swift_source=swift_source, make_env=make_pre_authed_env)
--- a/test/unit/common/middleware/helpers.py
+++ b/test/unit/common/middleware/helpers.py
@ -42,6 +42,11 @@ class FakeSwift(object):
        if env.get('QUERY_STRING'):
            path += '?' + env['QUERY_STRING']
        if 'swift.authorize' in env:
            resp = env['swift.authorize']()
            if resp:
                return resp(env, start_response)
        headers = swob.Request(env).headers
        self._calls.append((method, path, headers))
        self.swift_sources.append(env.get('swift.source'))
--- a/test/unit/common/middleware/test_dlo.py
+++ b/test/unit/common/middleware/test_dlo.py
@ -758,6 +758,19 @@ class TestDloGetManifest(DloTestCase):
        self.assertEqual(body, 'aaaaabbbbbcccc')
        self.assertTrue(isinstance(exc, exceptions.SegmentError))
    def test_get_with_auth_overridden(self):
        auth_got_called = [0]
        def my_auth():
            auth_got_called[0] += 1
            return None
        req = swob.Request.blank('/v1/AUTH_test/mancon/manifest',
                                 environ={'REQUEST_METHOD': 'GET',
                                          'swift.authorize': my_auth})
        status, headers, body = self.call_dlo(req)
        self.assertTrue(auth_got_called[0] > 1)
 def fake_start_response(*args, **kwargs):
    pass