openstack/swift
Code Issues Proposed changes
b20278907b
swift/test/unit/proxy/controllers/test_account.py

158 lines
6.9 KiB
Python
Raw Normal View History

Change OpenStack LLC to Foundation Change-Id: I7c3df47c31759dbeb3105f8883e2688ada848d58 Closes-bug: #1214176
2013-09-20 01:00:54 +08:00
# Copyright (c) 2010-2012 OpenStack Foundation
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
import unittest
from swift.common.swob import Request
from swift.proxy import server as proxy_server
from swift.proxy.controllers.base import headers_to_account_info
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
from swift.common.constraints import MAX_ACCOUNT_NAME_LENGTH as MAX_ANAME_LEN
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
from test.unit import fake_http_connect, FakeRing, FakeMemcache
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
from swift.common.request_helpers import get_sys_meta_prefix
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
class TestAccountController(unittest.TestCase):
def setUp(self):
self.app = proxy_server.Application(None, FakeMemcache(),
account_ring=FakeRing(),
container_ring=FakeRing(),
Local write affinity for object PUT requests. The proxy can now be configured to prefer local object servers for PUT requests, where "local" is governed by the "write_affinity". The "write_affinity_node_count" setting controls how many local object servers to try before giving up and going on to remote ones. I chose to simply re-order the object servers instead of filtering out nonlocal ones so that, if all of the local ones are down, clients can still get successful responses (just slower). The goal is to trade availability for throughput. By writing to local object servers across fast LAN links, clients get better throughput than if the object servers were far away over slow WAN links. The downside, of course, is that data availability (not durability) may suffer when drives fail. The default configuration has no write affinity in it, so the default behavior is unchanged. Added some words about these settings to the admin guide. DocImpact Change-Id: I09a0bd00524544ff627a3bccdcdc48f40720a86e
2013-06-13 11:24:29 -07:00
object_ring=FakeRing())
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
def test_account_info_in_response_env(self):
controller = proxy_server.AccountController(self.app, 'AUTH_bob')
with mock.patch('swift.proxy.controllers.base.http_connect',
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
fake_http_connect(200, body='')):
Stop mutating PATH_INFO in proxy server The proxy server was calling swob.Request.path_info_pop() prior to instantiating a controller so that req.path_info was just /a/c/o (sans /v1). The version got moved over into SCRIPT_NAME. This lead to some unfortunate behavior when trying to re-use a request from middleware. Something like this: # Imagine we're a WSGIContext object here. # # To start, SCRIPT_NAME = '' and PATH_INFO='/v1/a/c/o' resp_iter = self._app_call(env, start_response) # Now SCRIPT_NAME='/v1' and PATH_INFO ='/a/c/o' if something_special in self._response_headers: env['REQUEST_METHOD'] = 'GET' env.pop('HTTP_RANGE', None) # 404 SURPRISE! The proxy calls path_info_pop() again, # and now SCRIPT_NAME='/v1/a' and PATH_INFO='/c/o', so this # gets treated as a container request. Yikes. resp_iter = self._app_call(env, start_response) Now we just leave SCRIPT_NAME and PATH_INFO alone. To make life easy for everyone who does want just /a/c/o, I defined swob.Request.swift_entity_path, which just strips off the /v1. Note that there's still one call to path_info_pop() in tempauth, but that's only for requests going to /auth, so it won't affect Swift API requests. It might be a good idea to remove that one later, but let's do one thing at a time. Change-Id: I87557a11c01f3f3889b610578cda6ba7d3933e7a
2013-12-03 22:18:46 -08:00
req = Request.blank('/v1/AUTH_bob', {'PATH_INFO': '/v1/AUTH_bob'})
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
resp = controller.HEAD(req)
self.assertEqual(2, resp.status_int // 100)
self.assertTrue('swift.account/AUTH_bob' in resp.environ)
self.assertEqual(headers_to_account_info(resp.headers),
resp.environ['swift.account/AUTH_bob'])
Implements configurable swift_owner_headers These are headers that will be stripped unless the WSGI environment contains a true value for 'swift_owner'. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities. DocImpact Change-Id: I972772fbbd235414e00130ca663428e8750cabca
2013-06-27 14:11:25 +00:00
def test_swift_owner(self):
owner_headers = {
'x-account-meta-temp-url-key': 'value',
'x-account-meta-temp-url-key-2': 'value'}
controller = proxy_server.AccountController(self.app, 'a')
Stop mutating PATH_INFO in proxy server The proxy server was calling swob.Request.path_info_pop() prior to instantiating a controller so that req.path_info was just /a/c/o (sans /v1). The version got moved over into SCRIPT_NAME. This lead to some unfortunate behavior when trying to re-use a request from middleware. Something like this: # Imagine we're a WSGIContext object here. # # To start, SCRIPT_NAME = '' and PATH_INFO='/v1/a/c/o' resp_iter = self._app_call(env, start_response) # Now SCRIPT_NAME='/v1' and PATH_INFO ='/a/c/o' if something_special in self._response_headers: env['REQUEST_METHOD'] = 'GET' env.pop('HTTP_RANGE', None) # 404 SURPRISE! The proxy calls path_info_pop() again, # and now SCRIPT_NAME='/v1/a' and PATH_INFO='/c/o', so this # gets treated as a container request. Yikes. resp_iter = self._app_call(env, start_response) Now we just leave SCRIPT_NAME and PATH_INFO alone. To make life easy for everyone who does want just /a/c/o, I defined swob.Request.swift_entity_path, which just strips off the /v1. Note that there's still one call to path_info_pop() in tempauth, but that's only for requests going to /auth, so it won't affect Swift API requests. It might be a good idea to remove that one later, but let's do one thing at a time. Change-Id: I87557a11c01f3f3889b610578cda6ba7d3933e7a
2013-12-03 22:18:46 -08:00
req = Request.blank('/v1/a')
Implements configurable swift_owner_headers These are headers that will be stripped unless the WSGI environment contains a true value for 'swift_owner'. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities. DocImpact Change-Id: I972772fbbd235414e00130ca663428e8750cabca
2013-06-27 14:11:25 +00:00
with mock.patch('swift.proxy.controllers.base.http_connect',
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
fake_http_connect(200, headers=owner_headers)):
Implements configurable swift_owner_headers These are headers that will be stripped unless the WSGI environment contains a true value for 'swift_owner'. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities. DocImpact Change-Id: I972772fbbd235414e00130ca663428e8750cabca
2013-06-27 14:11:25 +00:00
resp = controller.HEAD(req)
self.assertEquals(2, resp.status_int // 100)
for key in owner_headers:
self.assertTrue(key not in resp.headers)
Stop mutating PATH_INFO in proxy server The proxy server was calling swob.Request.path_info_pop() prior to instantiating a controller so that req.path_info was just /a/c/o (sans /v1). The version got moved over into SCRIPT_NAME. This lead to some unfortunate behavior when trying to re-use a request from middleware. Something like this: # Imagine we're a WSGIContext object here. # # To start, SCRIPT_NAME = '' and PATH_INFO='/v1/a/c/o' resp_iter = self._app_call(env, start_response) # Now SCRIPT_NAME='/v1' and PATH_INFO ='/a/c/o' if something_special in self._response_headers: env['REQUEST_METHOD'] = 'GET' env.pop('HTTP_RANGE', None) # 404 SURPRISE! The proxy calls path_info_pop() again, # and now SCRIPT_NAME='/v1/a' and PATH_INFO='/c/o', so this # gets treated as a container request. Yikes. resp_iter = self._app_call(env, start_response) Now we just leave SCRIPT_NAME and PATH_INFO alone. To make life easy for everyone who does want just /a/c/o, I defined swob.Request.swift_entity_path, which just strips off the /v1. Note that there's still one call to path_info_pop() in tempauth, but that's only for requests going to /auth, so it won't affect Swift API requests. It might be a good idea to remove that one later, but let's do one thing at a time. Change-Id: I87557a11c01f3f3889b610578cda6ba7d3933e7a
2013-12-03 22:18:46 -08:00
req = Request.blank('/v1/a', environ={'swift_owner': True})
Implements configurable swift_owner_headers These are headers that will be stripped unless the WSGI environment contains a true value for 'swift_owner'. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities. DocImpact Change-Id: I972772fbbd235414e00130ca663428e8750cabca
2013-06-27 14:11:25 +00:00
with mock.patch('swift.proxy.controllers.base.http_connect',
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
fake_http_connect(200, headers=owner_headers)):
Implements configurable swift_owner_headers These are headers that will be stripped unless the WSGI environment contains a true value for 'swift_owner'. The exact definition of a swift_owner is up to the auth system in use, but usually indicates administrative responsibilities. DocImpact Change-Id: I972772fbbd235414e00130ca663428e8750cabca
2013-06-27 14:11:25 +00:00
resp = controller.HEAD(req)
self.assertEquals(2, resp.status_int // 100)
for key in owner_headers:
self.assertTrue(key in resp.headers)
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
def test_get_deleted_account(self):
resp_headers = {
'x-account-status': 'deleted',
}
controller = proxy_server.AccountController(self.app, 'a')
Stop mutating PATH_INFO in proxy server The proxy server was calling swob.Request.path_info_pop() prior to instantiating a controller so that req.path_info was just /a/c/o (sans /v1). The version got moved over into SCRIPT_NAME. This lead to some unfortunate behavior when trying to re-use a request from middleware. Something like this: # Imagine we're a WSGIContext object here. # # To start, SCRIPT_NAME = '' and PATH_INFO='/v1/a/c/o' resp_iter = self._app_call(env, start_response) # Now SCRIPT_NAME='/v1' and PATH_INFO ='/a/c/o' if something_special in self._response_headers: env['REQUEST_METHOD'] = 'GET' env.pop('HTTP_RANGE', None) # 404 SURPRISE! The proxy calls path_info_pop() again, # and now SCRIPT_NAME='/v1/a' and PATH_INFO='/c/o', so this # gets treated as a container request. Yikes. resp_iter = self._app_call(env, start_response) Now we just leave SCRIPT_NAME and PATH_INFO alone. To make life easy for everyone who does want just /a/c/o, I defined swob.Request.swift_entity_path, which just strips off the /v1. Note that there's still one call to path_info_pop() in tempauth, but that's only for requests going to /auth, so it won't affect Swift API requests. It might be a good idea to remove that one later, but let's do one thing at a time. Change-Id: I87557a11c01f3f3889b610578cda6ba7d3933e7a
2013-12-03 22:18:46 -08:00
req = Request.blank('/v1/a')
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(404, headers=resp_headers)):
resp = controller.HEAD(req)
self.assertEquals(410, resp.status_int)
def test_long_acct_names(self):
long_acct_name = '%sLongAccountName' % ('Very' * (MAX_ANAME_LEN // 4))
controller = proxy_server.AccountController(self.app, long_acct_name)
Stop mutating PATH_INFO in proxy server The proxy server was calling swob.Request.path_info_pop() prior to instantiating a controller so that req.path_info was just /a/c/o (sans /v1). The version got moved over into SCRIPT_NAME. This lead to some unfortunate behavior when trying to re-use a request from middleware. Something like this: # Imagine we're a WSGIContext object here. # # To start, SCRIPT_NAME = '' and PATH_INFO='/v1/a/c/o' resp_iter = self._app_call(env, start_response) # Now SCRIPT_NAME='/v1' and PATH_INFO ='/a/c/o' if something_special in self._response_headers: env['REQUEST_METHOD'] = 'GET' env.pop('HTTP_RANGE', None) # 404 SURPRISE! The proxy calls path_info_pop() again, # and now SCRIPT_NAME='/v1/a' and PATH_INFO='/c/o', so this # gets treated as a container request. Yikes. resp_iter = self._app_call(env, start_response) Now we just leave SCRIPT_NAME and PATH_INFO alone. To make life easy for everyone who does want just /a/c/o, I defined swob.Request.swift_entity_path, which just strips off the /v1. Note that there's still one call to path_info_pop() in tempauth, but that's only for requests going to /auth, so it won't affect Swift API requests. It might be a good idea to remove that one later, but let's do one thing at a time. Change-Id: I87557a11c01f3f3889b610578cda6ba7d3933e7a
2013-12-03 22:18:46 -08:00
req = Request.blank('/v1/%s' % long_acct_name)
HEAD on account returns 410 if account was deleted and not yet reaped * updated CONTRIBUTING.md * improved unit tests * 100% coverage for proxy acct controller tests * invoke fake_http_connect correctly Change-Id: I0826c5a1c52efdd5ae95f7fde8024f2bff0751ba
2013-10-28 17:28:57 -07:00
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(200)):
resp = controller.HEAD(req)
self.assertEquals(400, resp.status_int)
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(200)):
resp = controller.GET(req)
self.assertEquals(400, resp.status_int)
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(200)):
resp = controller.POST(req)
self.assertEquals(400, resp.status_int)
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
def _make_callback_func(self, context):
def callback(ipaddr, port, device, partition, method, path,
headers=None, query_string=None, ssl=False):
context['method'] = method
context['path'] = path
context['headers'] = headers or {}
return callback
def test_sys_meta_headers_PUT(self):
# check that headers in sys meta namespace make it through
# the proxy controller
sys_meta_key = '%stest' % get_sys_meta_prefix('account')
sys_meta_key = sys_meta_key.title()
user_meta_key = 'X-Account-Meta-Test'
# allow PUTs to account...
self.app.allow_account_management = True
controller = proxy_server.AccountController(self.app, 'a')
context = {}
callback = self._make_callback_func(context)
hdrs_in = {sys_meta_key: 'foo',
user_meta_key: 'bar',
'x-timestamp': '1.0'}
req = Request.blank('/v1/a', headers=hdrs_in)
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(200, 200, give_connect=callback)):
controller.PUT(req)
self.assertEqual(context['method'], 'PUT')
self.assertTrue(sys_meta_key in context['headers'])
self.assertEqual(context['headers'][sys_meta_key], 'foo')
self.assertTrue(user_meta_key in context['headers'])
self.assertEqual(context['headers'][user_meta_key], 'bar')
self.assertNotEqual(context['headers']['x-timestamp'], '1.0')
def test_sys_meta_headers_POST(self):
# check that headers in sys meta namespace make it through
# the proxy controller
sys_meta_key = '%stest' % get_sys_meta_prefix('account')
sys_meta_key = sys_meta_key.title()
user_meta_key = 'X-Account-Meta-Test'
controller = proxy_server.AccountController(self.app, 'a')
context = {}
callback = self._make_callback_func(context)
hdrs_in = {sys_meta_key: 'foo',
user_meta_key: 'bar',
'x-timestamp': '1.0'}
req = Request.blank('/v1/a', headers=hdrs_in)
with mock.patch('swift.proxy.controllers.base.http_connect',
fake_http_connect(200, 200, give_connect=callback)):
controller.POST(req)
self.assertEqual(context['method'], 'POST')
self.assertTrue(sys_meta_key in context['headers'])
self.assertEqual(context['headers'][sys_meta_key], 'foo')
self.assertTrue(user_meta_key in context['headers'])
self.assertEqual(context['headers'][user_meta_key], 'bar')
self.assertNotEqual(context['headers']['x-timestamp'], '1.0')
get_info - removes duplicate code (Take 3) Consolidate the different ways in which info of account/container is gathered, cached, used, updated, etc. This refactoring increases code reuse and is a basis for later addition of account ACLs. Changing the get_info users is left for future. This staged approach ensures the behaviour is unchanged. Change-Id: I67b58030d3f9e3bc86bcd7ece0f1dc693c4e08c3 Fixes: Bug #1162199
2013-03-30 15:55:29 +03:00
if __name__ == '__main__':
unittest.main()
Copy Permalink