openstack
/
swift
Code Issues Proposed changes
swift/swift/common/middleware
History
Alistair Coles 60c04f116b s3api: Stop propagating storage policy to sub-requests 
The proxy_logging middleware needs an X-Backend-Storage-Policy-Index
header to populate the storage policy field in logs, and will look in
both request and response headers to find it.

Previously, the s3api middleware would indiscriminately copy the
X-Backend-Storage-Policy-Index from swift backend requests into the
S3Request headers [1]. This works for logging but causes the header
to leak between backend requests [2] and break mixed policy
multipart uploads. This patch sets the X-Backend-Storage-Policy-Index
header on s3api responses rather than requests.

Additionally, the middleware now looks for the
X-Backend-Storage-Policy-Index header in the swift backend request
*and* response headers, in the same way that proxy_logging would
(preferring a response header over a request header). This means that
a policy index is now logged for bucket requests, which only have
X-Backend-Storage-Policy-Index header in their response headers.

The s3api adds the value from the *final* backend request/response
pair to its response headers. Returning the policy index from the
final backend request/response is consistent with swift.backend_path
being set to that backend request's path i.e. proxy_logging will log
the correct policy index for the logged path.

The FakeSwift helper no longer looks in registered object responses
for an X-Backend-Storage-Policy-Index header to update an object
request. Real Swift object responses do not have an
X-Backend-Storage-Policy-Index header. By default, FakeSwift will now
update *all* object requests with an X-Backend-Storage-Policy-Index as
follows:

  - If a matching container HEAD response has been registered then
    any X-Backend-Storage-Policy-Index found with that is used.
  - Otherwise the default policy index is used.

Furthermore, FakeSwift now adds the X-Backend-Storage-Policy-Index
header to the request *after* the request has been captured. Tests
using FakeSwift.calls_wth_headers() to make assertions about captured
headers no longer need to make allowance for the header that FakeSwift
added.

Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
Closes-Bug: #2038459
[1] Related-Change: I5fe5ab31d6b2d9f7b6ecb3bfa246433a78e54808
[2] Related-Change: I40b252446b3a1294a5ca8b531f224ce9c16f9aba
Change-Id: I2793e335a08ad373c49cbbe6759d4e97cc420867
 		2023-11-14 15:09:18 +00:00
..
crypto encryption: Expose decrypted metadata via CORS 2023-02-24 21:24:16 +00:00
s3api s3api: Stop propagating storage policy to sub-requests 2023-11-14 15:09:18 +00:00
versioned_writes proxy: Bring back logging/metrics for get_*_info requests 2023-08-01 15:58:58 -07:00
x_profile Update hacking for Python3 2020-04-03 21:21:07 +02:00
__init__.py proxy: Bring back logging/metrics for get_*_info requests 2023-08-01 15:58:58 -07:00
account_quotas.py quotas: Add account-level per-policy quotas 2023-03-21 17:27:31 +00:00
acl.py Use `==` to compare against the empty string, not `is` 2019-10-14 17:40:42 -07:00
backend_ratelimit.py more explicit catch 2023-05-09 15:32:02 -05:00
bulk.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
catch_errors.py Merge "Content-Length enforcement fixups" 2018-06-29 05:43:39 +00:00
cname_lookup.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
container_quotas.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
container_sync.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
copy.py New Object Versioning mode 2020-01-24 17:39:56 -08:00
crossdomain.py docs: Clean up cross-domain doc formatting; call out CWE-942 2023-04-19 12:03:27 +01:00
dlo.py replace md5 with swift utils version 2020-12-15 09:52:55 -05:00
domain_remap.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
etag_quoter.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
formpost.py Fix a formpost reponse bug 2022-10-20 09:41:31 +09:00
gatekeeper.py Allow internal clients to use reserved namespace 2019-11-27 11:22:00 -06:00
healthcheck.py py3: port healthcheck 2018-06-26 13:20:49 -07:00
keystoneauth.py Add a project scope read-only role to keystoneauth 2021-08-02 14:35:32 -05:00
list_endpoints.py Update SAIO & docker image to use 62xx ports 2020-07-20 15:17:12 -07:00
listing_formats.py Fix up some Content-Type handling in account/container listings 2020-02-28 18:32:38 -08:00
memcache.py Refactor memcache config and MemcacheRing loading 2022-10-26 11:01:18 +01:00
name_check.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
proxy_logging.py docs: Clean up proxy logging docs 2023-08-04 11:30:42 -07:00
ratelimit.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
read_only.py read-only: Only act on Swift paths 2022-02-09 14:01:42 -08:00
recon.py Add and pipe reconstructor stats through recon 2021-08-20 00:03:40 +00:00
slo.py slo: refactor GET/HEAD response handling 2023-11-10 15:26:28 -06:00
staticweb.py Merge "staticweb: Allow empty listings at the root of a container" 2022-05-27 18:32:34 +00:00
symlink.py Move *_swift_info functions into a new registry module 2022-02-03 14:41:13 +00:00
tempauth.py Fix handling of non-ASCII accounts 2023-06-13 15:28:41 -07:00
tempurl.py formpost: deprecate sha1 signatures 2022-07-26 10:39:58 +10:00
xprofile.py Python3: fix test_xprofile.py 2018-12-12 20:26:10 +01:00