Browse Source

Do not fetch content of container/object to retrieve S3 ACLs

Bucket ACLs:
The contents of the container are unnecessarily listed.

Object ACLs:
The content of the object is unnecessarily fetched.
Additionally, because the data is skipped, a 499 error is returned on a subrequest.

Change-Id: I1e6ccc8ec4a54375b5817498c4ac7f995656a794
changes/22/815322/3
Aymeric Ducroquetz 7 months ago
parent
commit
b8d7c3dcb8
  1. 3
      swift/common/middleware/s3api/acl_handlers.py
  2. 2
      swift/common/middleware/s3api/controllers/s3_acl.py
  3. 12
      test/unit/common/middleware/s3api/test_acl.py

3
swift/common/middleware/s3api/acl_handlers.py

@ -248,6 +248,9 @@ class S3AclHandler(BaseAclHandler):
"""
S3AclHandler: Handler for S3AclController
"""
def HEAD(self, app):
self._handle_acl(app, 'HEAD', permission='READ_ACP')
def GET(self, app):
self._handle_acl(app, 'HEAD', permission='READ_ACP')

2
swift/common/middleware/s3api/controllers/s3_acl.py

@ -37,7 +37,7 @@ class S3AclController(Controller):
"""
Handles GET Bucket acl and GET Object acl.
"""
resp = req.get_response(self.app)
resp = req.get_response(self.app, method='HEAD')
acl = resp.object_acl if req.is_object_request else resp.bucket_acl

12
test/unit/common/middleware/s3api/test_acl.py

@ -46,13 +46,17 @@ class TestS3ApiAcl(S3ApiTestCase):
name = elem.find('./AccessControlList/Grant/Grantee/ID').text
self.assertEqual(name, owner)
@s3acl
def test_bucket_acl_GET(self):
req = Request.blank('/bucket?acl',
environ={'REQUEST_METHOD': 'GET'},
headers={'Authorization': 'AWS test:tester:hmac',
'Date': self.get_date_header()})
status, headers, body = self.call_s3api(req)
self._check_acl('test:tester', body)
if not self.s3api.conf.s3_acl:
self._check_acl('test:tester', body)
self.assertSetEqual(set((('HEAD', '/v1/AUTH_test/bucket'),)),
set(self.swift.calls))
def test_bucket_acl_PUT(self):
elem = Element('AccessControlPolicy')
@ -167,13 +171,17 @@ class TestS3ApiAcl(S3ApiTestCase):
self._test_put_no_body(use_transfer_encoding=True)
self._test_put_no_body(use_transfer_encoding=True, string_to_md5=b'zz')
@s3acl
def test_object_acl_GET(self):
req = Request.blank('/bucket/object?acl',
environ={'REQUEST_METHOD': 'GET'},
headers={'Authorization': 'AWS test:tester:hmac',
'Date': self.get_date_header()})
status, headers, body = self.call_s3api(req)
self._check_acl('test:tester', body)
if not self.s3api.conf.s3_acl:
self._check_acl('test:tester', body)
self.assertSetEqual(set((('HEAD', '/v1/AUTH_test/bucket/object'),)),
set(self.swift.calls))
def test_invalid_xml(self):
req = Request.blank('/bucket?acl',

Loading…
Cancel
Save