From 906cce614f789e0e65c168890230156f4be644e3 Mon Sep 17 00:00:00 2001
From: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date: Sun, 19 Oct 2014 19:51:19 -0700
Subject: [PATCH] Fix X-AMZ-ACL header is not applied

Current swift generates wrong ACL header (e.g. HTTP_HTTP_Container-Read)
because it is based on old swift3 specification to apply the header to
an "enviroment" variable of eventlet. However, now we use the header property
of swift3.request.Request (also swift.common.swob.Request) which doesn't need "HTTP"
prefix for a given property key.

Change-Id: Ie62468ad144772537610adb359c75f46d460fc64
Closes-Bug: 1381548
---
 swift3/controllers/acl.py       | 10 +++++-----
 swift3/test/unit/test_acl.py    | 20 ++++++++++++++++++++
 swift3/test/unit/test_bucket.py | 11 +++++++++++
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/swift3/controllers/acl.py b/swift3/controllers/acl.py
index 1626bebd..c64364a0 100644
--- a/swift3/controllers/acl.py
+++ b/swift3/controllers/acl.py
@@ -79,11 +79,11 @@ def swift_acl_translate(acl, group='', user='', xml=False):
     that yet.
     """
     swift_acl = {}
-    swift_acl['public-read'] = [['HTTP_X_CONTAINER_READ', '.r:*,.rlistings']]
+    swift_acl['public-read'] = [['X-Container-Read', '.r:*,.rlistings']]
     # Swift does not support public write:
     # https://answers.launchpad.net/swift/+question/169541
-    swift_acl['public-read-write'] = [['HTTP_X_CONTAINER_WRITE', '.r:*'],
-                                      ['HTTP_X_CONTAINER_READ',
+    swift_acl['public-read-write'] = [['X-Container-Write', '.r:*'],
+                                      ['X-Container-Read',
                                        '.r:*,.rlistings']]
 
     # TODO: if there's a way to get group and user, this should work for
@@ -91,8 +91,8 @@ def swift_acl_translate(acl, group='', user='', xml=False):
     # swift_acl['private'] = \
     #     [['HTTP_X_CONTAINER_WRITE',  group + ':' + user], \
     #      ['HTTP_X_CONTAINER_READ', group + ':' + user]]
-    swift_acl['private'] = [['HTTP_X_CONTAINER_WRITE', '.'],
-                            ['HTTP_X_CONTAINER_READ', '.']]
+    swift_acl['private'] = [['X-Container-Write', '.'],
+                            ['X-Container-Read', '.']]
     if xml:
         # We are working with XML and need to parse it
         try:
diff --git a/swift3/test/unit/test_acl.py b/swift3/test/unit/test_acl.py
index 45b60978..2bbc1a1b 100644
--- a/swift3/test/unit/test_acl.py
+++ b/swift3/test/unit/test_acl.py
@@ -19,6 +19,7 @@ from swift.common.swob import Request
 
 from swift3.test.unit import Swift3TestCase
 from swift3.etree import fromstring, tostring, Element, SubElement
+from swift3.controllers.acl import handle_acl_header
 
 XMLNS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
 
@@ -77,5 +78,24 @@ class TestSwift3Acl(Swift3TestCase):
         status, headers, body = self.call_swift3(req)
         self.assertEquals(self._get_error_code(body), 'MalformedACLError')
 
+    def test_handle_acl_header(self):
+        def check_generated_acl_header(acl, targets):
+            req = Request.blank('/bucket',
+                                headers={'X-Amz-Acl': acl})
+            handle_acl_header(req)
+            for target in targets:
+                self.assertTrue(target[0] in req.headers)
+                self.assertEquals(req.headers[target[0]], target[1])
+
+        check_generated_acl_header('public-read',
+                                   [('X-Container-Read', '.r:*,.rlistings')])
+        check_generated_acl_header('public-read-write',
+                                   [('X-Container-Read', '.r:*,.rlistings'),
+                                    ('X-Container-Write', '.r:*')])
+        check_generated_acl_header('private',
+                                   [('X-Container-Read', '.'),
+                                    ('X-Container-Write', '.')])
+
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/swift3/test/unit/test_bucket.py b/swift3/test/unit/test_bucket.py
index 11bdd391..3d367643 100644
--- a/swift3/test/unit/test_bucket.py
+++ b/swift3/test/unit/test_bucket.py
@@ -231,6 +231,17 @@ class TestSwift3Bucket(Swift3TestCase):
         status, headers, body = self.call_swift3(req)
         self.assertEquals(status.split()[0], '200')
 
+    def test_bucket_PUT_with_canned_acl(self):
+        req = Request.blank('/bucket',
+                            environ={'REQUEST_METHOD': 'PUT'},
+                            headers={'Authorization': 'AWS test:tester:hmac',
+                                     'X-Amz-Acl': 'public-read'})
+        status, headers, body = self.call_swift3(req)
+        self.assertEquals(status.split()[0], '200')
+        _, _, headers = self.swift.calls_with_headers[-1]
+        self.assertTrue('X-Container-Read' in headers)
+        self.assertEquals(headers.get('X-Container-Read'), '.r:*,.rlistings')
+
     def test_bucket_PUT_with_location_error(self):
         elem = Element('CreateBucketConfiguration')
         SubElement(elem, 'LocationConstraint').text = 'XXX'