Use RequestBodySizeLimiter from oslo.middleware

Keystone had its own implementation of RequestBodySizeLimiter,
which is unnecessary since there's a RequestBodySizeLimiter in
oslo.middleware. The RequestBodySizeLimiter in keystone.middleware
is now deprecated in favor of the one in oslo_middleware.sizelimit.

bp oslo-middleware-size-limiter

Change-Id: Iebe880eae706eb1ebbda2608f05e1aac65fbfedb

config-generator/keystone.conf

@@ -8,6 +8,7 @@ namespace = keystone.openstack.common.log
 namespace = keystone.openstack.common.policy
 namespace = oslo.messaging
 namespace = oslo.db
+namespace = oslo.middleware
 # We don't use oslo.concurrency config options in
 # keystone now, just in case it slips through unnoticed.
 #namespace = oslo.concurrency

etc/keystone-paste.ini

@@ -52,7 +52,7 @@ paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
 paste.filter_factory = keystone.middleware:NormalizingFilter.factory
 
 [filter:sizelimit]
-paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
+paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
 
 [app:public_service]
 paste.app_factory = keystone.service:public_app_factory

etc/keystone.conf.sample

@@ -62,10 +62,6 @@
 # to number of CPUs (minimum of 2). (integer value)
 #admin_workers = <None>
 
-# Enforced by optional sizelimit middleware
-# (keystone.middleware:RequestBodySizeLimiter). (integer value)
-#max_request_body_size = 114688
-
 # Limit the sizes of user & project ID/names. (integer value)
 #max_param_size = 64
 
@@ -1245,6 +1241,18 @@
 #allow_insecure_clients = false
 
 
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each  request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+
 [paste_deploy]
 
 #

keystone/common/config.py

@@ -89,10 +89,6 @@ FILE_OPTIONS = {
                    help='The number of worker processes to serve the admin '
                         'WSGI application. Defaults to number of CPUs '
                         '(minimum of 2).'),
-        # default max request size is 112k
-        cfg.IntOpt('max_request_body_size', default=114688,
-                   help='Enforced by optional sizelimit middleware '
-                        '(keystone.middleware:RequestBodySizeLimiter).'),
         cfg.IntOpt('max_param_size', default=64,
                    help='Limit the sizes of user & project ID/names.'),
         # we allow tokens to be a bit larger to accommodate PKI

keystone/common/utils.py

@@ -243,39 +243,6 @@ def setup_remote_pydev_debug():
             raise
 
 
-class LimitingReader(object):
-    """Reader to limit the size of an incoming request."""
-    def __init__(self, data, limit):
-        """Create an iterator on the underlying data.
-
-        :param data: Underlying data object
-        :param limit: maximum number of bytes the reader should allow
-        """
-        self.data = data
-        self.limit = limit
-        self.bytes_read = 0
-
-    def __iter__(self):
-        for chunk in self.data:
-            self.bytes_read += len(chunk)
-            if self.bytes_read > self.limit:
-                raise exception.RequestTooLarge()
-            else:
-                yield chunk
-
-    def read(self, i=None):
-        # NOTE(jamielennox): We can't simply provide the default to the read()
-        # call as the expected default differs between mod_wsgi and eventlet
-        if i is None:
-            result = self.data.read()
-        else:
-            result = self.data.read(i)
-        self.bytes_read += len(result)
-        if self.bytes_read > self.limit:
-            raise exception.RequestTooLarge()
-        return result
-
-
 def get_unix_user(user=None):
     '''Get the uid and user name.
 

keystone/exception.py

@@ -325,12 +325,6 @@ class Conflict(Error):
     title = 'Conflict'
 
 
-class RequestTooLarge(Error):
-    message_format = _("Request is too large.")
-    code = 413
-    title = 'Request is too large.'
-
-
 class UnexpectedError(SecurityError):
     """Avoids exposing details of failures, unless in debug mode."""
     _message_format = _("An unexpected error prevented the server "

keystone/middleware/core.py

@@ -13,17 +13,17 @@
 # under the License.
 
 from oslo.serialization import jsonutils
+from oslo_middleware import sizelimit
 import six
-import webob.dec
 
 from keystone.common import authorization
 from keystone.common import config
-from keystone.common import utils
 from keystone.common import wsgi
 from keystone import exception
 from keystone.i18n import _LW
 from keystone.models import token_model
 from keystone.openstack.common import log
+from keystone.openstack.common import versionutils
 
 CONF = config.CONF
 LOG = log.getLogger(__name__)
@@ -185,23 +185,15 @@ class NormalizingFilter(wsgi.Middleware):
             request.environ['PATH_INFO'] = '/'
 
 
-class RequestBodySizeLimiter(wsgi.Middleware):
-    """Limit the size of an incoming request."""
-
+class RequestBodySizeLimiter(sizelimit.RequestBodySizeLimiter):
+    @versionutils.deprecated(
+        versionutils.deprecated.KILO,
+        in_favor_of='oslo_middleware.sizelimit.RequestBodySizeLimiter',
+        remove_in=+1,
+        what='keystone.middleware.RequestBodySizeLimiter')
     def __init__(self, *args, **kwargs):
         super(RequestBodySizeLimiter, self).__init__(*args, **kwargs)
 
-    @webob.dec.wsgify()
-    def __call__(self, req):
-        if req.content_length is None:
-            if req.is_body_readable:
-                limiter = utils.LimitingReader(req.body_file,
-                                               CONF.max_request_body_size)
-                req.body_file = limiter
-        elif req.content_length > CONF.max_request_body_size:
-            raise exception.RequestTooLarge()
-        return self.application
-
 
 class AuthContextMiddleware(wsgi.Middleware):
     """Build the authentication context from the request auth token."""

keystone/tests/test_sizelimit.py

@@ -1,57 +0,0 @@
-# Copyright (c) 2013 OpenStack Foundation
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import webob
-
-from keystone import config
-from keystone import exception
-from keystone import middleware
-from keystone import tests
-
-
-CONF = config.CONF
-MAX_REQUEST_BODY_SIZE = CONF.max_request_body_size
-
-
-class TestRequestBodySizeLimiter(tests.TestCase):
-
-    def setUp(self):
-        super(TestRequestBodySizeLimiter, self).setUp()
-
-        @webob.dec.wsgify()
-        def fake_app(req):
-            return webob.Response(req.body)
-
-        self.middleware = middleware.RequestBodySizeLimiter(fake_app)
-        self.request = webob.Request.blank('/', method='POST')
-
-    def test_content_length_acceptable(self):
-        self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE
-        self.request.body = b"0" * MAX_REQUEST_BODY_SIZE
-        response = self.request.get_response(self.middleware)
-        self.assertEqual(200, response.status_int)
-
-    def test_content_length_too_large(self):
-        self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE + 1
-        self.request.body = b"0" * (MAX_REQUEST_BODY_SIZE + 1)
-        self.assertRaises(exception.RequestTooLarge,
-                          self.request.get_response,
-                          self.middleware)
-
-    def test_request_too_large_no_content_length(self):
-        self.request.body = b"0" * (MAX_REQUEST_BODY_SIZE + 1)
-        self.request.headers['Content-Length'] = None
-        self.assertRaises(exception.RequestTooLarge,
-                          self.request.get_response,
-                          self.middleware)

keystone/tests/unit/common/test_utils.py

@@ -157,26 +157,3 @@ class ServiceHelperTests(tests.TestCase):
 
     def test_fail_gracefully(self):
         self.assertRaises(tests.UnexpectedExit, self._do_test)
-
-
-class LimitingReaderTests(tests.TestCase):
-
-    def test_read_default_value(self):
-
-        class FakeData(object):
-            def read(self, *args, **kwargs):
-                self.read_args = args
-                self.read_kwargs = kwargs
-                return 'helloworld'
-
-        data = FakeData()
-        common_utils.LimitingReader(data, 100)
-
-        self.assertEqual('helloworld', data.read())
-        self.assertEqual(0, len(data.read_args))
-        self.assertEqual(0, len(data.read_kwargs))
-
-        self.assertEqual('helloworld', data.read(10))
-        self.assertEqual(1, len(data.read_args))
-        self.assertEqual(0, len(data.read_kwargs))
-        self.assertEqual(10, data.read_args[0])

requirements.txt

@@ -23,6 +23,7 @@ oslo.config>=1.6.0  # Apache-2.0
 oslo.messaging>=1.4.0,!=1.5.0
 oslo.db>=1.4.1  # Apache-2.0
 oslo.i18n>=1.3.0  # Apache-2.0
+oslo.middleware>=0.3.0                  # Apache-2.0
 oslo.serialization>=1.2.0               # Apache-2.0
 oslo.utils>=1.2.0                       # Apache-2.0
 oauthlib>=0.6