Merge "Fix canned acl to be effective for s3_acl"

swift3/controllers/acl.py

@@ -22,6 +22,7 @@ from swift3.response import HTTPOk, S3NotImplemented, MalformedACLError, \
     InvalidArgument, UnexpectedContent
 from swift3.etree import Element, SubElement, fromstring, tostring, \
     XMLSyntaxError, DocumentInvalid
+from swift3.cfg import CONF
 
 XMLNS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
 
@@ -126,6 +127,13 @@ def handle_acl_header(req):
     """
     Handle the x-amz-acl header.
     """
+    # Used this method, delete 'HTTP_X_AMZ_ACL' from environ, and header for
+    # s3_acl(x-container-sysmeta-swift3-acl) becomes impossible to create.
+    # TODO: Modify to be able to use the s3_acl and swift acl
+    # (e.g. X-Container-Read) at the same time, if s3_acl is effective.
+    if CONF.s3_acl:
+        return
+
     amz_acl = req.environ['HTTP_X_AMZ_ACL']
     # Translate the Amazon ACL to something that can be
     # implemented in Swift, 501 otherwise. Swift uses POST

swift3/test/unit/test_acl.py

@@ -20,6 +20,7 @@ from swift.common.swob import Request, HTTPAccepted
 from swift3.test.unit import Swift3TestCase
 from swift3.etree import fromstring, tostring, Element, SubElement
 from swift3.controllers.acl import handle_acl_header
+from swift3.test.unit.test_s3_acl import s3acl
 
 XMLNS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
 
@@ -129,6 +130,22 @@ class TestSwift3Acl(Swift3TestCase):
                                    [('X-Container-Read', '.'),
                                     ('X-Container-Write', '.')])
 
+    @s3acl(s3acl_only=True)
+    def test_handle_acl_header_with_s3acl(self):
+        def check_generated_acl_header(acl, targets):
+            req = Request.blank('/bucket',
+                                headers={'X-Amz-Acl': acl})
+            handle_acl_header(req)
+            for target in targets:
+                self.assertTrue(target not in req.headers)
+            self.assertTrue('HTTP_X_AMZ_ACL' in req.environ)
+
+        check_generated_acl_header('public-read',
+                                   ['X-Container-Read'])
+        check_generated_acl_header('public-read-write',
+                                   ['X-Container-Read', 'X-Container-Write'])
+        check_generated_acl_header('private',
+                                   ['X-Container-Read', 'X-Container-Write'])
 
 if __name__ == '__main__':
     unittest.main()

swift3/test/unit/test_bucket.py

@@ -23,6 +23,7 @@ from swift.common.swob import Request
 from swift3.test.unit import Swift3TestCase
 from swift3.etree import Element, SubElement, fromstring, tostring
 from swift3.test.unit.test_s3_acl import s3acl
+from swift3.subresource import Owner, encode_acl, ACLPublicRead
 
 
 class TestSwift3Bucket(Swift3TestCase):
@@ -310,6 +311,24 @@ class TestSwift3Bucket(Swift3TestCase):
         _, _, headers = self.swift.calls_with_headers[-1]
         self.assertTrue('X-Container-Read' in headers)
         self.assertEquals(headers.get('X-Container-Read'), '.r:*,.rlistings')
+        self.assertTrue('X-Container-Sysmeta-Swift3-Acl' not in headers)
+
+    @s3acl(s3acl_only=True)
+    def test_bucket_PUT_with_canned_s3acl(self):
+        account = 'test:tester'
+        acl = \
+            encode_acl('container', ACLPublicRead(Owner(account, account)))
+        req = Request.blank('/bucket',
+                            environ={'REQUEST_METHOD': 'PUT'},
+                            headers={'Authorization': 'AWS test:tester:hmac',
+                                     'X-Amz-Acl': 'public-read'})
+        status, headers, body = self.call_swift3(req)
+        self.assertEquals(status.split()[0], '200')
+        _, _, headers = self.swift.calls_with_headers[-1]
+        self.assertTrue('X-Container-Read' not in headers)
+        self.assertTrue('X-Container-Sysmeta-Swift3-Acl' in headers)
+        self.assertEquals(headers.get('X-Container-Sysmeta-Swift3-Acl'),
+                          acl['x-container-sysmeta-swift3-acl'])
 
     @s3acl
     def test_bucket_PUT_with_location_error(self):