diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index 8d19f644..baa44c6b 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -71,6 +71,11 @@ use = egg:swift3#swift3 # Specify a host name of your Swift cluster. This enables virtual-hosted style # requests. # storage_domain = +# +# Enable pipeline order check for SLO, s3token, authtoken, keystoneauth +# If the order is incorrect, it raises a except to stop proxy. +# pipeline_check = True +# [filter:catch_errors] use = egg:swift#catch_errors diff --git a/swift3/cfg.py b/swift3/cfg.py index 1520d981..f6239ef1 100644 --- a/swift3/cfg.py +++ b/swift3/cfg.py @@ -58,4 +58,5 @@ CONF = Config({ 'max_multi_delete_objects': 1000, 's3_acl': False, 'storage_domain': '', + 'pipeline_check': True, }) diff --git a/swift3/middleware.py b/swift3/middleware.py index 9736bdc2..28fd8b19 100644 --- a/swift3/middleware.py +++ b/swift3/middleware.py @@ -120,7 +120,8 @@ class Swift3Middleware(object): pipeline = str(PipelineWrapper(ctx)).split(' ') # Add compatible with 3rd party middleware. - if check_filter_order(pipeline, ['swift3', 'proxy-server']): + if check_filter_order(pipeline, + ['swift3', 'proxy-server']): auth_pipeline = pipeline[pipeline.index('swift3') + 1: pipeline.index('proxy-server')] @@ -136,9 +137,10 @@ class Swift3Middleware(object): LOGGER.debug('Use tempauth middleware.') return elif 'keystoneauth' in auth_pipeline: - if check_filter_order(auth_pipeline, ['s3token', - 'authtoken', - 'keystoneauth']): + if check_filter_order(auth_pipeline, + ['s3token', + 'authtoken', + 'keystoneauth']): LOGGER.debug('Use keystone middleware.') return @@ -146,7 +148,8 @@ class Swift3Middleware(object): LOGGER.debug('Use third party(unknown) auth middleware.') return - raise ValueError('Invalid proxy pipeline: %s' % pipeline) + if conf.pipeline_check: + raise ValueError('Invalid proxy pipeline: %s' % pipeline) def check_filter_order(pipeline, required_filters): diff --git a/swift3/test/unit/test_middleware.py b/swift3/test/unit/test_middleware.py index ddd414b0..bd019d51 100644 --- a/swift3/test/unit/test_middleware.py +++ b/swift3/test/unit/test_middleware.py @@ -320,6 +320,7 @@ class TestSwift3Middleware(Swift3TestCase): patch("swift3.middleware.PipelineWrapper"), patch("swift3.middleware.loadcontext")) as \ (conf, pipeline, _): + conf.pipeline_check = True conf.__file__ = '' pipeline.return_value = 'swift3 tempauth proxy-server' @@ -345,6 +346,28 @@ class TestSwift3Middleware(Swift3TestCase): with self.assertRaises(ValueError): self.swift3.check_pipeline(conf) + # Disable pipeline check + conf.pipeline_check = False + pipeline.return_value = 'swift3 tempauth proxy-server' + self.swift3.check_pipeline(conf) + + pipeline.return_value = 'swift3 s3token authtoken keystoneauth ' \ + 'proxy-server' + self.swift3.check_pipeline(conf) + + pipeline.return_value = 'swift3 swauth proxy-server' + self.swift3.check_pipeline(conf) + + pipeline.return_value = 'swift3 authtoken s3token keystoneauth ' \ + 'proxy-server' + self.swift3.check_pipeline(conf) + + pipeline.return_value = 'swift3 proxy-server' + self.swift3.check_pipeline(conf) + + pipeline.return_value = 'proxy-server' + self.swift3.check_pipeline(conf) + if __name__ == '__main__': unittest.main()