Merge "Tolerate absolute-form request targets"

swift/common/http_protocol.py

@@ -132,6 +132,12 @@ class SwiftHttpProtocol(wsgi.HttpProtocol):
                     400,
                     "Bad HTTP/0.9 request type (%r)" % command)
                 return False
+
+        if path.startswith(('http://', 'https://')):
+            host, sep, rest = path.partition('//')[2].partition('/')
+            if sep:
+                path = '/' + rest
+
         self.command, self.path = command, path
 
         # Examine the headers and look for a Connection directive.

test/functional/s3api/test_presigned.py

@@ -17,6 +17,7 @@ import os
 
 import requests
 
+from swift.common.bufferedhttp import http_connect_raw
 from swift.common.middleware.s3api.etree import fromstring
 
 import test.functional as tf
@@ -223,6 +224,35 @@ class TestS3ApiPresignedUrls(S3ApiBase):
         status, _junk, _junk = self.conn.make_request('DELETE', bucket)
         self.assertEqual(status, 204)
 
+    def test_absolute_form_request(self):
+        bucket = 'test-bucket'
+
+        put_url, headers = self.conn.generate_url_and_headers(
+            'PUT', bucket)
+        resp = http_connect_raw(
+            self.conn.host,
+            self.conn.port,
+            'PUT',
+            put_url,  # whole URL, not just the path/query!
+            headers=headers,
+            ssl=put_url.startswith('https:'),
+        ).getresponse()
+        self.assertEqual(resp.status, 200,
+                         'Got %d %s' % (resp.status, resp.read()))
+
+        delete_url, headers = self.conn.generate_url_and_headers(
+            'DELETE', bucket)
+        resp = http_connect_raw(
+            self.conn.host,
+            self.conn.port,
+            'DELETE',
+            delete_url,  # whole URL, not just the path/query!
+            headers=headers,
+            ssl=delete_url.startswith('https:'),
+        ).getresponse()
+        self.assertEqual(resp.status, 204,
+                         'Got %d %s' % (resp.status, resp.read()))
+
 
 class TestS3ApiPresignedUrlsSigV4(TestS3ApiPresignedUrls):
     @classmethod

test/s3api/test_request_target_style.py

@@ -0,0 +1,56 @@
+# Copyright (c) 2022 Nvidia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from unittest import SkipTest
+
+from test.s3api import BaseS3TestCase
+
+
+class AlwaysAbsoluteURLProxyConfig(object):
+
+    def __init__(self):
+        self.settings = {'proxy_use_forwarding_for_https': True}
+
+    def proxy_url_for(self, request_url):
+        return request_url
+
+    def proxy_headers_for(self, proxy_url):
+        return {}
+
+
+class TestRequestTargetStyle(BaseS3TestCase):
+
+    def setUp(self):
+        self.client = self.get_s3_client(1)
+        if not self.client._endpoint.host.startswith('https:'):
+            raise SkipTest('Absolute URL test requires https')
+
+        self.bucket_name = self.create_name('test-address-style')
+        resp = self.client.create_bucket(Bucket=self.bucket_name)
+        self.assertEqual(200, resp['ResponseMetadata']['HTTPStatusCode'])
+
+    def tearDown(self):
+        self.clear_bucket(self.client, self.bucket_name)
+        super(TestRequestTargetStyle, self).tearDown()
+
+    def test_absolute_url(self):
+        sess = self.client._endpoint.http_session
+        sess._proxy_config = AlwaysAbsoluteURLProxyConfig()
+        self.assertEqual({'use_forwarding_for_https': True},
+                         sess._proxies_kwargs())
+        resp = self.client.list_buckets()
+        self.assertEqual(200, resp['ResponseMetadata']['HTTPStatusCode'])
+        self.assertIn(self.bucket_name, {
+            info['Name'] for info in resp['Buckets']})

test/unit/common/test_http_protocol.py

@@ -180,6 +180,48 @@ class TestSwiftHttpProtocolSomeMore(ProtocolTest):
         lines = [l for l in bytes_out.split(b"\r\n") if l]
         self.assertEqual(lines[-1], b'/oh\xffboy%what$now%E2%80%bd')
 
+    def test_absolute_target(self):
+        bytes_out = self._run_bytes_through_protocol((
+            b"GET https://cluster.domain/bucket/key HTTP/1.0\r\n"
+            b"\r\n"
+        ))
+
+        lines = [l for l in bytes_out.split(b"\r\n") if l]
+        self.assertEqual(lines[-1], b'/bucket/key')
+
+        bytes_out = self._run_bytes_through_protocol((
+            b"GET http://cluster.domain/v1/acct/cont/obj HTTP/1.0\r\n"
+            b"\r\n"
+        ))
+
+        lines = [l for l in bytes_out.split(b"\r\n") if l]
+        self.assertEqual(lines[-1], b'/v1/acct/cont/obj')
+
+        # clients talking nonsense
+        bytes_out = self._run_bytes_through_protocol((
+            b"GET ftp://cluster.domain/bucket/key HTTP/1.0\r\n"
+            b"\r\n"
+        ))
+
+        lines = [l for l in bytes_out.split(b"\r\n") if l]
+        self.assertEqual(lines[-1], b'ftp://cluster.domain/bucket/key')
+
+        bytes_out = self._run_bytes_through_protocol((
+            b"GET https://cluster.domain HTTP/1.0\r\n"
+            b"\r\n"
+        ))
+
+        lines = [l for l in bytes_out.split(b"\r\n") if l]
+        self.assertEqual(lines[-1], b'https://cluster.domain')
+
+        bytes_out = self._run_bytes_through_protocol((
+            b"GET http:omg//wtf/bbq HTTP/1.0\r\n"
+            b"\r\n"
+        ))
+
+        lines = [l for l in bytes_out.split(b"\r\n") if l]
+        self.assertEqual(lines[-1], b'http:omg//wtf/bbq')
+
     def test_bad_request(self):
         bytes_out = self._run_bytes_through_protocol((
             b"ONLY-METHOD\r\n"

test/unit/proxy/test_server.py

@@ -2851,6 +2851,36 @@ class TestReplicatedObjectController(
         self.assertIn(b'X-Object-Meta-\xf0\x9f\x8c\xb4: \xf0\x9f\x91\x8d',
                       headers.split(b'\r\n'))
 
+    @unpatch_policies
+    def test_HEAD_absolute_uri(self):
+        prolis = _test_sockets[0]
+        sock = connect_tcp(('localhost', prolis.getsockname()[1]))
+        fd = sock.makefile('rwb')
+
+        # sanity, this resource is created in setup
+        path = b'/v1/a'
+        fd.write(b'HEAD %s HTTP/1.1\r\n'
+                 b'Host: localhost\r\n'
+                 b'Connection: keep-alive\r\n'
+                 b'X-Storage-Token: t\r\n'
+                 b'\r\n' % (path,))
+        fd.flush()
+        headers = readuntil2crlfs(fd)
+        exp = b'HTTP/1.1 204'
+        self.assertEqual(headers[:len(exp)], exp)
+
+        # RFC says we should accept this, too
+        abs_path = b'http://saio.example.com:8080/v1/a'
+        fd.write(b'HEAD %s HTTP/1.1\r\n'
+                 b'Host: localhost\r\n'
+                 b'Connection: keep-alive\r\n'
+                 b'X-Storage-Token: t\r\n'
+                 b'\r\n' % (abs_path,))
+        fd.flush()
+        headers = readuntil2crlfs(fd)
+        exp = b'HTTP/1.1 204'
+        self.assertEqual(headers[:len(exp)], exp)
+
     @unpatch_policies
     def test_GET_short_read(self):
         prolis = _test_sockets[0]