diff --git a/doc/manpages/proxy-server.conf.5 b/doc/manpages/proxy-server.conf.5 index 305a6293a3..385b27af4a 100644 --- a/doc/manpages/proxy-server.conf.5 +++ b/doc/manpages/proxy-server.conf.5 @@ -394,7 +394,7 @@ Logging level. The default is INFO. .IP "\fB[filter:tempurl]\fR" .RE -Note: Put tempurl just before your auth filter(s) in the pipeline +Note: Put tempurl before slo, dlo, and your auth filter(s) in the pipeline .RS 3 .IP \fBincoming_remove_headers\fR diff --git a/doc/saio/swift/proxy-server.conf b/doc/saio/swift/proxy-server.conf index 0b409c3d4f..4ed132197c 100644 --- a/doc/saio/swift/proxy-server.conf +++ b/doc/saio/swift/proxy-server.conf @@ -8,7 +8,7 @@ eventlet_debug = true [pipeline:main] # Yes, proxy-logging appears twice. This is so that # middleware-originated requests get logged too. -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk slo dlo ratelimit crossdomain tempurl tempauth staticweb container-quotas account-quotas proxy-logging proxy-server +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk tempurl slo dlo ratelimit crossdomain tempauth staticweb container-quotas account-quotas proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index afa24e4cf2..07cf682505 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -406,7 +406,7 @@ use = egg:swift#cname_lookup [filter:staticweb] use = egg:swift#staticweb -# Note: Put tempurl just before your auth filter(s) in the pipeline +# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline [filter:tempurl] use = egg:swift#tempurl # The methods allowed with Temp URLs. diff --git a/swift/common/middleware/dlo.py b/swift/common/middleware/dlo.py index a08b818160..69ab7be502 100644 --- a/swift/common/middleware/dlo.py +++ b/swift/common/middleware/dlo.py @@ -24,7 +24,7 @@ from swift.common.swob import Request, Response, \ from swift.common.utils import get_logger, json, \ RateLimitedIterator, read_conf_dir, quote from swift.common.request_helpers import SegmentedIterable -from swift.common.wsgi import WSGIContext, make_request +from swift.common.wsgi import WSGIContext, make_subrequest from urllib import unquote @@ -36,7 +36,7 @@ class GetContext(WSGIContext): def _get_container_listing(self, req, version, account, container, prefix, marker=''): - con_req = make_request( + con_req = make_subrequest( req.environ, path='/'.join(['', version, account, container]), method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, diff --git a/swift/common/middleware/slo.py b/swift/common/middleware/slo.py index cf23a25fee..1dcdf07d0a 100644 --- a/swift/common/middleware/slo.py +++ b/swift/common/middleware/slo.py @@ -151,7 +151,7 @@ from swift.common.request_helpers import SegmentedIterable, \ closing_if_possible, close_if_possible from swift.common.constraints import check_utf8, MAX_BUFFERED_SLO_SEGMENTS from swift.common.http import HTTP_NOT_FOUND, HTTP_UNAUTHORIZED, is_success -from swift.common.wsgi import WSGIContext, make_request +from swift.common.wsgi import WSGIContext, make_subrequest from swift.common.middleware.bulk import get_response_body, \ ACCEPTABLE_FORMATS, Bulk @@ -216,7 +216,7 @@ class SloGetContext(WSGIContext): Fetch the submanifest, parse it, and return it. Raise exception on failures. """ - sub_req = make_request( + sub_req = make_subrequest( req.environ, path='/'.join(['', version, acc, con, obj]), method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, @@ -385,7 +385,7 @@ class SloGetContext(WSGIContext): close_if_possible(resp_iter) del req.environ['swift.non_client_disconnect'] - get_req = make_request( + get_req = make_subrequest( req.environ, method='GET', headers={'x-auth-token': req.headers.get('x-auth-token')}, agent=('%(orig)s ' + 'SLO MultipartGET'), swift_source='SLO') diff --git a/swift/common/request_helpers.py b/swift/common/request_helpers.py index a75c3452aa..a6f0c985e1 100644 --- a/swift/common/request_helpers.py +++ b/swift/common/request_helpers.py @@ -29,7 +29,7 @@ from swift.common.exceptions import ListingIterError, SegmentError from swift.common.http import is_success, HTTP_SERVICE_UNAVAILABLE from swift.common.swob import HTTPBadRequest, HTTPNotAcceptable from swift.common.utils import split_path, validate_device_partition -from swift.common.wsgi import make_request +from swift.common.wsgi import make_subrequest def get_param(req, name, default=None): @@ -281,7 +281,7 @@ class SegmentedIterable(object): 'ERROR: While processing manifest %s, ' 'max LO GET time of %ds exceeded' % (self.name, self.max_get_time)) - seg_req = make_request( + seg_req = make_subrequest( self.req.environ, path=seg_path, method='GET', headers={'x-auth-token': self.req.headers.get( 'x-auth-token')}, diff --git a/swift/common/wsgi.py b/swift/common/wsgi.py index 041117163b..eab0988b17 100644 --- a/swift/common/wsgi.py +++ b/swift/common/wsgi.py @@ -575,7 +575,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None, 'PATH_INFO', 'QUERY_STRING', 'REMOTE_USER', 'REQUEST_METHOD', 'SCRIPT_NAME', 'SERVER_NAME', 'SERVER_PORT', 'HTTP_ORIGIN', 'SERVER_PROTOCOL', 'swift.cache', 'swift.source', - 'swift.trans_id'): + 'swift.trans_id', 'swift.authorize_override', + 'swift.authorize'): if name in env: newenv[name] = env[name] if method: @@ -598,8 +599,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None, return newenv -def make_request(env, method=None, path=None, body=None, headers=None, - agent='Swift', swift_source=None, make_env=make_env): +def make_subrequest(env, method=None, path=None, body=None, headers=None, + agent='Swift', swift_source=None, make_env=make_env): """ Makes a new swob.Request based on the current env but with the parameters specified. @@ -623,7 +624,7 @@ def make_request(env, method=None, path=None, body=None, headers=None, have no HTTP_USER_AGENT. :param swift_source: Used to mark the request as originating out of middleware. Will be logged in proxy logs. - :param make_env: make_request calls this make_env to help build the + :param make_env: make_subrequest calls this make_env to help build the swob.Request. :returns: Fresh swob.Request object. """ @@ -655,7 +656,7 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift', def make_pre_authed_request(env, method=None, path=None, body=None, headers=None, agent='Swift', swift_source=None): - """Same as :py:func:`make_request` but with preauthorization.""" - return make_request( + """Same as :py:func:`make_subrequest` but with preauthorization.""" + return make_subrequest( env, method=method, path=path, body=body, headers=headers, agent=agent, swift_source=swift_source, make_env=make_pre_authed_env) diff --git a/test/unit/common/middleware/helpers.py b/test/unit/common/middleware/helpers.py index 0ea957b534..52cc624e2f 100644 --- a/test/unit/common/middleware/helpers.py +++ b/test/unit/common/middleware/helpers.py @@ -42,6 +42,11 @@ class FakeSwift(object): if env.get('QUERY_STRING'): path += '?' + env['QUERY_STRING'] + if 'swift.authorize' in env: + resp = env['swift.authorize']() + if resp: + return resp(env, start_response) + headers = swob.Request(env).headers self._calls.append((method, path, headers)) self.swift_sources.append(env.get('swift.source')) diff --git a/test/unit/common/middleware/test_dlo.py b/test/unit/common/middleware/test_dlo.py index de495f1bc0..3f01eecfe0 100644 --- a/test/unit/common/middleware/test_dlo.py +++ b/test/unit/common/middleware/test_dlo.py @@ -758,6 +758,19 @@ class TestDloGetManifest(DloTestCase): self.assertEqual(body, 'aaaaabbbbbcccc') self.assertTrue(isinstance(exc, exceptions.SegmentError)) + def test_get_with_auth_overridden(self): + auth_got_called = [0] + + def my_auth(): + auth_got_called[0] += 1 + return None + + req = swob.Request.blank('/v1/AUTH_test/mancon/manifest', + environ={'REQUEST_METHOD': 'GET', + 'swift.authorize': my_auth}) + status, headers, body = self.call_dlo(req) + self.assertTrue(auth_got_called[0] > 1) + def fake_start_response(*args, **kwargs): pass