Do not fetch content of container/object to retrieve S3 ACLs
Bucket ACLs: The contents of the container are unnecessarily listed. Object ACLs: The content of the object is unnecessarily fetched. Additionally, because the data is skipped, a 499 error is returned on a subrequest. Change-Id: I1e6ccc8ec4a54375b5817498c4ac7f995656a794
This commit is contained in:
parent
32da73f5c9
commit
b8d7c3dcb8
|
@ -248,6 +248,9 @@ class S3AclHandler(BaseAclHandler):
|
||||||
"""
|
"""
|
||||||
S3AclHandler: Handler for S3AclController
|
S3AclHandler: Handler for S3AclController
|
||||||
"""
|
"""
|
||||||
|
def HEAD(self, app):
|
||||||
|
self._handle_acl(app, 'HEAD', permission='READ_ACP')
|
||||||
|
|
||||||
def GET(self, app):
|
def GET(self, app):
|
||||||
self._handle_acl(app, 'HEAD', permission='READ_ACP')
|
self._handle_acl(app, 'HEAD', permission='READ_ACP')
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ class S3AclController(Controller):
|
||||||
"""
|
"""
|
||||||
Handles GET Bucket acl and GET Object acl.
|
Handles GET Bucket acl and GET Object acl.
|
||||||
"""
|
"""
|
||||||
resp = req.get_response(self.app)
|
resp = req.get_response(self.app, method='HEAD')
|
||||||
|
|
||||||
acl = resp.object_acl if req.is_object_request else resp.bucket_acl
|
acl = resp.object_acl if req.is_object_request else resp.bucket_acl
|
||||||
|
|
||||||
|
|
|
@ -46,13 +46,17 @@ class TestS3ApiAcl(S3ApiTestCase):
|
||||||
name = elem.find('./AccessControlList/Grant/Grantee/ID').text
|
name = elem.find('./AccessControlList/Grant/Grantee/ID').text
|
||||||
self.assertEqual(name, owner)
|
self.assertEqual(name, owner)
|
||||||
|
|
||||||
|
@s3acl
|
||||||
def test_bucket_acl_GET(self):
|
def test_bucket_acl_GET(self):
|
||||||
req = Request.blank('/bucket?acl',
|
req = Request.blank('/bucket?acl',
|
||||||
environ={'REQUEST_METHOD': 'GET'},
|
environ={'REQUEST_METHOD': 'GET'},
|
||||||
headers={'Authorization': 'AWS test:tester:hmac',
|
headers={'Authorization': 'AWS test:tester:hmac',
|
||||||
'Date': self.get_date_header()})
|
'Date': self.get_date_header()})
|
||||||
status, headers, body = self.call_s3api(req)
|
status, headers, body = self.call_s3api(req)
|
||||||
self._check_acl('test:tester', body)
|
if not self.s3api.conf.s3_acl:
|
||||||
|
self._check_acl('test:tester', body)
|
||||||
|
self.assertSetEqual(set((('HEAD', '/v1/AUTH_test/bucket'),)),
|
||||||
|
set(self.swift.calls))
|
||||||
|
|
||||||
def test_bucket_acl_PUT(self):
|
def test_bucket_acl_PUT(self):
|
||||||
elem = Element('AccessControlPolicy')
|
elem = Element('AccessControlPolicy')
|
||||||
|
@ -167,13 +171,17 @@ class TestS3ApiAcl(S3ApiTestCase):
|
||||||
self._test_put_no_body(use_transfer_encoding=True)
|
self._test_put_no_body(use_transfer_encoding=True)
|
||||||
self._test_put_no_body(use_transfer_encoding=True, string_to_md5=b'zz')
|
self._test_put_no_body(use_transfer_encoding=True, string_to_md5=b'zz')
|
||||||
|
|
||||||
|
@s3acl
|
||||||
def test_object_acl_GET(self):
|
def test_object_acl_GET(self):
|
||||||
req = Request.blank('/bucket/object?acl',
|
req = Request.blank('/bucket/object?acl',
|
||||||
environ={'REQUEST_METHOD': 'GET'},
|
environ={'REQUEST_METHOD': 'GET'},
|
||||||
headers={'Authorization': 'AWS test:tester:hmac',
|
headers={'Authorization': 'AWS test:tester:hmac',
|
||||||
'Date': self.get_date_header()})
|
'Date': self.get_date_header()})
|
||||||
status, headers, body = self.call_s3api(req)
|
status, headers, body = self.call_s3api(req)
|
||||||
self._check_acl('test:tester', body)
|
if not self.s3api.conf.s3_acl:
|
||||||
|
self._check_acl('test:tester', body)
|
||||||
|
self.assertSetEqual(set((('HEAD', '/v1/AUTH_test/bucket/object'),)),
|
||||||
|
set(self.swift.calls))
|
||||||
|
|
||||||
def test_invalid_xml(self):
|
def test_invalid_xml(self):
|
||||||
req = Request.blank('/bucket?acl',
|
req = Request.blank('/bucket?acl',
|
||||||
|
|
Loading…
Reference in New Issue