copy over swift.authorize stuff into subrequests

If auth is setup in the env then it needs to be copied over with the
make_request wsgi helper.  Also renamed make_request to
make_subrequest- when I grepped for make_request I got > 250 results,
this'll make it easier to find references to this function in the
future.

Updated docs and sample confs to show tempurl needs to be before dlo and
slo as well as auth.

Change-Id: I9750555727f520a7c9fedd5f4fd31ff0f63d8088
This commit is contained in:
David Goetz 2014-03-06 07:47:42 -08:00 committed by Samuel Merritt
parent 28c0da29b0
commit 8d1278cae8
9 changed files with 35 additions and 16 deletions

View File

@ -394,7 +394,7 @@ Logging level. The default is INFO.
.IP "\fB[filter:tempurl]\fR"
.RE
Note: Put tempurl just before your auth filter(s) in the pipeline
Note: Put tempurl before slo, dlo, and your auth filter(s) in the pipeline
.RS 3
.IP \fBincoming_remove_headers\fR

View File

@ -8,7 +8,7 @@ eventlet_debug = true
[pipeline:main]
# Yes, proxy-logging appears twice. This is so that
# middleware-originated requests get logged too.
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk slo dlo ratelimit crossdomain tempurl tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk tempurl slo dlo ratelimit crossdomain tempauth staticweb container-quotas account-quotas proxy-logging proxy-server
[filter:catch_errors]
use = egg:swift#catch_errors

View File

@ -406,7 +406,7 @@ use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
# Note: Put tempurl just before your auth filter(s) in the pipeline
# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline
[filter:tempurl]
use = egg:swift#tempurl
# The methods allowed with Temp URLs.

View File

@ -24,7 +24,7 @@ from swift.common.swob import Request, Response, \
from swift.common.utils import get_logger, json, \
RateLimitedIterator, read_conf_dir, quote
from swift.common.request_helpers import SegmentedIterable
from swift.common.wsgi import WSGIContext, make_request
from swift.common.wsgi import WSGIContext, make_subrequest
from urllib import unquote
@ -36,7 +36,7 @@ class GetContext(WSGIContext):
def _get_container_listing(self, req, version, account, container,
prefix, marker=''):
con_req = make_request(
con_req = make_subrequest(
req.environ, path='/'.join(['', version, account, container]),
method='GET',
headers={'x-auth-token': req.headers.get('x-auth-token')},

View File

@ -151,7 +151,7 @@ from swift.common.request_helpers import SegmentedIterable, \
closing_if_possible, close_if_possible
from swift.common.constraints import check_utf8, MAX_BUFFERED_SLO_SEGMENTS
from swift.common.http import HTTP_NOT_FOUND, HTTP_UNAUTHORIZED, is_success
from swift.common.wsgi import WSGIContext, make_request
from swift.common.wsgi import WSGIContext, make_subrequest
from swift.common.middleware.bulk import get_response_body, \
ACCEPTABLE_FORMATS, Bulk
@ -216,7 +216,7 @@ class SloGetContext(WSGIContext):
Fetch the submanifest, parse it, and return it.
Raise exception on failures.
"""
sub_req = make_request(
sub_req = make_subrequest(
req.environ, path='/'.join(['', version, acc, con, obj]),
method='GET',
headers={'x-auth-token': req.headers.get('x-auth-token')},
@ -385,7 +385,7 @@ class SloGetContext(WSGIContext):
close_if_possible(resp_iter)
del req.environ['swift.non_client_disconnect']
get_req = make_request(
get_req = make_subrequest(
req.environ, method='GET',
headers={'x-auth-token': req.headers.get('x-auth-token')},
agent=('%(orig)s ' + 'SLO MultipartGET'), swift_source='SLO')

View File

@ -29,7 +29,7 @@ from swift.common.exceptions import ListingIterError, SegmentError
from swift.common.http import is_success, HTTP_SERVICE_UNAVAILABLE
from swift.common.swob import HTTPBadRequest, HTTPNotAcceptable
from swift.common.utils import split_path, validate_device_partition
from swift.common.wsgi import make_request
from swift.common.wsgi import make_subrequest
def get_param(req, name, default=None):
@ -281,7 +281,7 @@ class SegmentedIterable(object):
'ERROR: While processing manifest %s, '
'max LO GET time of %ds exceeded' %
(self.name, self.max_get_time))
seg_req = make_request(
seg_req = make_subrequest(
self.req.environ, path=seg_path, method='GET',
headers={'x-auth-token': self.req.headers.get(
'x-auth-token')},

View File

@ -575,7 +575,8 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
'PATH_INFO', 'QUERY_STRING', 'REMOTE_USER', 'REQUEST_METHOD',
'SCRIPT_NAME', 'SERVER_NAME', 'SERVER_PORT', 'HTTP_ORIGIN',
'SERVER_PROTOCOL', 'swift.cache', 'swift.source',
'swift.trans_id'):
'swift.trans_id', 'swift.authorize_override',
'swift.authorize'):
if name in env:
newenv[name] = env[name]
if method:
@ -598,7 +599,7 @@ def make_env(env, method=None, path=None, agent='Swift', query_string=None,
return newenv
def make_request(env, method=None, path=None, body=None, headers=None,
def make_subrequest(env, method=None, path=None, body=None, headers=None,
agent='Swift', swift_source=None, make_env=make_env):
"""
Makes a new swob.Request based on the current env but with the
@ -623,7 +624,7 @@ def make_request(env, method=None, path=None, body=None, headers=None,
have no HTTP_USER_AGENT.
:param swift_source: Used to mark the request as originating out of
middleware. Will be logged in proxy logs.
:param make_env: make_request calls this make_env to help build the
:param make_env: make_subrequest calls this make_env to help build the
swob.Request.
:returns: Fresh swob.Request object.
"""
@ -655,7 +656,7 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift',
def make_pre_authed_request(env, method=None, path=None, body=None,
headers=None, agent='Swift', swift_source=None):
"""Same as :py:func:`make_request` but with preauthorization."""
return make_request(
"""Same as :py:func:`make_subrequest` but with preauthorization."""
return make_subrequest(
env, method=method, path=path, body=body, headers=headers, agent=agent,
swift_source=swift_source, make_env=make_pre_authed_env)

View File

@ -42,6 +42,11 @@ class FakeSwift(object):
if env.get('QUERY_STRING'):
path += '?' + env['QUERY_STRING']
if 'swift.authorize' in env:
resp = env['swift.authorize']()
if resp:
return resp(env, start_response)
headers = swob.Request(env).headers
self._calls.append((method, path, headers))
self.swift_sources.append(env.get('swift.source'))

View File

@ -758,6 +758,19 @@ class TestDloGetManifest(DloTestCase):
self.assertEqual(body, 'aaaaabbbbbcccc')
self.assertTrue(isinstance(exc, exceptions.SegmentError))
def test_get_with_auth_overridden(self):
auth_got_called = [0]
def my_auth():
auth_got_called[0] += 1
return None
req = swob.Request.blank('/v1/AUTH_test/mancon/manifest',
environ={'REQUEST_METHOD': 'GET',
'swift.authorize': my_auth})
status, headers, body = self.call_dlo(req)
self.assertTrue(auth_got_called[0] > 1)
def fake_start_response(*args, **kwargs):
pass