swift/test/unit/common/middleware/test_container_sync.py

# Copyright (c) 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import json
import os
import shutil
import tempfile
import unittest
import uuid
import mock

from swift.common import swob
from swift.common.middleware import container_sync
from swift.proxy.controllers.base import get_cache_key
from swift.proxy.controllers.info import InfoController

from test.unit import FakeLogger


class FakeApp(object):

    def __call__(self, env, start_response):
        if env.get('PATH_INFO') == '/info':
            controller = InfoController(
                app=None, version=None, expose_info=True,
                disallowed_sections=[], admin_key=None)
            handler = getattr(controller, env.get('REQUEST_METHOD'))
            return handler(swob.Request(env))(env, start_response)
        if env.get('swift.authorize_override'):
            body = 'Response to Authorized Request'
        else:
            body = 'Pass-Through Response'
        headers = [('Content-Length', str(len(body)))]
        if 'HTTP_X_TIMESTAMP' in env:
            headers.append(('X-Timestamp', env['HTTP_X_TIMESTAMP']))
        start_response('200 OK', headers)
        return body


class TestContainerSync(unittest.TestCase):

    def setUp(self):
        self.tempdir = tempfile.mkdtemp()
        with open(
                os.path.join(self.tempdir, 'container-sync-realms.conf'),
                'w') as fp:
            fp.write('''
[US]
key = 9ff3b71c849749dbaec4ccdd3cbab62b
key2 = 1a0a5a0cbd66448084089304442d6776
cluster_dfw1 = http://dfw1.host/v1/
            ''')
        self.app = FakeApp()
        self.conf = {'swift_dir': self.tempdir}
        self.sync = container_sync.ContainerSync(self.app, self.conf)

    def tearDown(self):
        shutil.rmtree(self.tempdir, ignore_errors=1)

    def test_current_not_set(self):
        # no 'current' option set by default
        self.assertIsNone(self.sync.realm)
        self.assertIsNone(self.sync.cluster)
        info = {}

        def capture_swift_info(key, **options):
            info[key] = options

        with mock.patch(
                'swift.common.middleware.container_sync.register_swift_info',
                new=capture_swift_info):
            self.sync.register_info()

        for realm, realm_info in info['container_sync']['realms'].items():
            for cluster, options in realm_info['clusters'].items():
                self.assertEqual(options.get('current', False), False)

    def test_current_invalid(self):
        self.conf = {'swift_dir': self.tempdir, 'current': 'foo'}
        self.sync = container_sync.ContainerSync(self.app, self.conf,
                                                 logger=FakeLogger())
        self.assertIsNone(self.sync.realm)
        self.assertIsNone(self.sync.cluster)
        info = {}

        def capture_swift_info(key, **options):
            info[key] = options

        with mock.patch(
                'swift.common.middleware.container_sync.register_swift_info',
                new=capture_swift_info):
            self.sync.register_info()

        for realm, realm_info in info['container_sync']['realms'].items():
            for cluster, options in realm_info['clusters'].items():
                self.assertEqual(options.get('current', False), False)

        error_lines = self.sync.logger.get_lines_for_level('error')
        self.assertEqual(error_lines, ['Invalid current '
                                       '//REALM/CLUSTER (foo)'])

    def test_current_in_realms_conf(self):
        self.conf = {'swift_dir': self.tempdir, 'current': '//us/dfw1'}
        self.sync = container_sync.ContainerSync(self.app, self.conf)
        self.assertEqual('US', self.sync.realm)
        self.assertEqual('DFW1', self.sync.cluster)
        info = {}

        def capture_swift_info(key, **options):
            info[key] = options

        with mock.patch(
                'swift.common.middleware.container_sync.register_swift_info',
                new=capture_swift_info):
            self.sync.register_info()

        for realm, realm_info in info['container_sync']['realms'].items():
            for cluster, options in realm_info['clusters'].items():
                if options.get('current'):
                    break
        self.assertEqual(realm, self.sync.realm)
        self.assertEqual(cluster, self.sync.cluster)

    def test_missing_from_realms_conf(self):
        self.conf = {'swift_dir': self.tempdir, 'current': 'foo/bar'}
        self.sync = container_sync.ContainerSync(self.app, self.conf,
                                                 logger=FakeLogger())
        self.assertEqual('FOO', self.sync.realm)
        self.assertEqual('BAR', self.sync.cluster)
        info = {}

        def capture_swift_info(key, **options):
            info[key] = options

        with mock.patch(
                'swift.common.middleware.container_sync.register_swift_info',
                new=capture_swift_info):
            self.sync.register_info()

        for realm, realm_info in info['container_sync']['realms'].items():
            for cluster, options in realm_info['clusters'].items():
                self.assertEqual(options.get('current', False), False)

        for line in self.sync.logger.get_lines_for_level('error'):
            self.assertEqual(line, 'Unknown current '
                             '//REALM/CLUSTER (//FOO/BAR)')

    def test_pass_through(self):
        req = swob.Request.blank('/v1/a/c')
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        self.assertEqual(resp.body, 'Pass-Through Response')

    def test_not_enough_args(self):
        req = swob.Request.blank(
            '/v1/a/c', headers={'x-container-sync-auth': 'a'})
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '401 Unauthorized')
        self.assertEqual(
            resp.body,
            'X-Container-Sync-Auth header not valid; contact cluster operator '
            'for support.')
        self.assertTrue(
            'cs:not-3-args' in req.environ.get('swift.log_info'),
            req.environ.get('swift.log_info'))

    def test_realm_miss(self):
        req = swob.Request.blank(
            '/v1/a/c', headers={'x-container-sync-auth': 'invalid nonce sig'})
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '401 Unauthorized')
        self.assertEqual(
            resp.body,
            'X-Container-Sync-Auth header not valid; contact cluster operator '
            'for support.')
        self.assertTrue(
            'cs:no-local-realm-key' in req.environ.get('swift.log_info'),
            req.environ.get('swift.log_info'))

    def test_user_key_miss(self):
        req = swob.Request.blank(
            '/v1/a/c', headers={'x-container-sync-auth': 'US nonce sig'})
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '401 Unauthorized')
        self.assertEqual(
            resp.body,
            'X-Container-Sync-Auth header not valid; contact cluster operator '
            'for support.')
        self.assertTrue(
            'cs:no-local-user-key' in req.environ.get('swift.log_info'),
            req.environ.get('swift.log_info'))

    def test_invalid_sig(self):
        req = swob.Request.blank(
            '/v1/a/c', headers={'x-container-sync-auth': 'US nonce sig'})
        infocache = req.environ.setdefault('swift.infocache', {})
        infocache[get_cache_key('a', 'c')] = {'sync_key': 'abc'}
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '401 Unauthorized')
        self.assertEqual(
            resp.body,
            'X-Container-Sync-Auth header not valid; contact cluster operator '
            'for support.')
        self.assertIn('cs:invalid-sig', req.environ.get('swift.log_info'))
        self.assertNotIn('swift.authorize_override', req.environ)
        self.assertNotIn('swift.slo_override', req.environ)

    def test_valid_sig(self):
        ts = '1455221706.726999_0123456789abcdef'
        sig = self.sync.realms_conf.get_sig(
            'GET', '/v1/a/c', ts, 'nonce',
            self.sync.realms_conf.key('US'), 'abc')
        req = swob.Request.blank('/v1/a/c', headers={
            'x-container-sync-auth': 'US nonce ' + sig,
            'x-backend-inbound-x-timestamp': ts})
        infocache = req.environ.setdefault('swift.infocache', {})
        infocache[get_cache_key('a', 'c')] = {'sync_key': 'abc'}
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        self.assertEqual(resp.body, 'Response to Authorized Request')
        self.assertIn('cs:valid', req.environ.get('swift.log_info'))
        self.assertIn('X-Timestamp', resp.headers)
        self.assertEqual(ts, resp.headers['X-Timestamp'])
        self.assertIn('swift.authorize_override', req.environ)
        self.assertIn('swift.slo_override', req.environ)

    def test_valid_sig2(self):
        sig = self.sync.realms_conf.get_sig(
            'GET', '/v1/a/c', '0', 'nonce',
            self.sync.realms_conf.key2('US'), 'abc')
        req = swob.Request.blank(
            '/v1/a/c', headers={'x-container-sync-auth': 'US nonce ' + sig})
        infocache = req.environ.setdefault('swift.infocache', {})
        infocache[get_cache_key('a', 'c')] = {'sync_key': 'abc'}
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        self.assertEqual(resp.body, 'Response to Authorized Request')
        self.assertIn('cs:valid', req.environ.get('swift.log_info'))
        self.assertIn('swift.authorize_override', req.environ)
        self.assertIn('swift.slo_override', req.environ)

    def test_info(self):
        req = swob.Request.blank('/info')
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        result = json.loads(resp.body)
        self.assertEqual(
            result.get('container_sync'),
            {'realms': {'US': {'clusters': {'DFW1': {}}}}})

    def test_info_always_fresh(self):
        req = swob.Request.blank('/info')
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        result = json.loads(resp.body)
        self.assertEqual(
            result.get('container_sync'),
            {'realms': {'US': {'clusters': {'DFW1': {}}}}})
        with open(
                os.path.join(self.tempdir, 'container-sync-realms.conf'),
                'w') as fp:
            fp.write('''
[US]
key = 9ff3b71c849749dbaec4ccdd3cbab62b
key2 = 1a0a5a0cbd66448084089304442d6776
cluster_dfw1 = http://dfw1.host/v1/

[UK]
key = 400b3b357a80413f9d956badff1d9dfe
cluster_lon3 = http://lon3.host/v1/
            ''')
        self.sync.realms_conf.reload()
        req = swob.Request.blank('/info')
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        result = json.loads(resp.body)
        self.assertEqual(
            result.get('container_sync'),
            {'realms': {
                'US': {'clusters': {'DFW1': {}}},
                'UK': {'clusters': {'LON3': {}}}}})

    def test_allow_full_urls_setting(self):
        req = swob.Request.blank(
            '/v1/a/c',
            environ={'REQUEST_METHOD': 'PUT'},
            headers={'x-container-sync-to': 'http://host/v1/a/c'})
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '200 OK')
        self.conf = {'swift_dir': self.tempdir, 'allow_full_urls': 'false'}
        self.sync = container_sync.ContainerSync(self.app, self.conf)
        req = swob.Request.blank(
            '/v1/a/c',
            environ={'REQUEST_METHOD': 'PUT'},
            headers={'x-container-sync-to': 'http://host/v1/a/c'})
        resp = req.get_response(self.sync)
        self.assertEqual(resp.status, '400 Bad Request')
        self.assertEqual(
            resp.body,
            'Full URLs are not allowed for X-Container-Sync-To values. Only '
            'realm values of the format //realm/cluster/account/container are '
            'allowed.\n')

    def test_filter(self):
        app = FakeApp()
        unique = uuid.uuid4().hex
        sync = container_sync.filter_factory(
            {'global': 'global_value', 'swift_dir': unique},
            **{'local': 'local_value'})(app)
        self.assertEqual(sync.app, app)
        self.assertEqual(sync.conf, {
            'global': 'global_value', 'swift_dir': unique,
            'local': 'local_value'})
        req = swob.Request.blank('/info')
        resp = req.get_response(sync)
        self.assertEqual(resp.status, '200 OK')
        result = json.loads(resp.body)
        self.assertEqual(result.get('container_sync'), {'realms': {}})


if __name__ == '__main__':
    unittest.main()