Beispiel #1
0
    def test_sys_meta_headers_PUT(self):
        # check that headers in sys meta namespace make it through
        # the container controller
        sys_meta_key = '%stest' % get_sys_meta_prefix('container')
        sys_meta_key = sys_meta_key.title()
        user_meta_key = 'X-Container-Meta-Test'
        controller = proxy_server.ContainerController(self.app, 'a', 'c')

        context = {}
        callback = self._make_callback_func(context)
        hdrs_in = {
            sys_meta_key: 'foo',
            user_meta_key: 'bar',
            'x-timestamp': '1.0'
        }
        req = Request.blank('/v1/a/c', headers=hdrs_in)
        with mock.patch('osd.proxyService.controllers.base.http_connect',
                        fake_http_connect(200, 200, give_connect=callback)):
            controller.PUT(req)
        self.assertEqual(context['method'], 'PUT')
        self.assertTrue(sys_meta_key in context['headers'])
        self.assertEqual(context['headers'][sys_meta_key], 'foo')
        self.assertTrue(user_meta_key in context['headers'])
        self.assertEqual(context['headers'][user_meta_key], 'bar')
        self.assertNotEqual(context['headers']['x-timestamp'], '1.0')
Beispiel #2
0
    def extract_acl_and_report_errors(self, req):
        """
        Return a user-readable string indicating the errors in the input ACL,
        or None if there are no errors.
        """
        acl_header = 'x-account-access-control'
        acl_data = req.headers.get(acl_header)
        result = parse_acl(version=2, data=acl_data)
        if result is None:
            return 'Syntax error in input (%r)' % acl_data

        tempauth_acl_keys = 'admin read-write read-only'.split()
        for key in result:
            # While it is possible to construct auth systems that collaborate
            # on ACLs, TempAuth is not such an auth system.  At this point,
            # it thinks it is authoritative.
            if key not in tempauth_acl_keys:
                return 'Key %r not recognized' % key

        for key in tempauth_acl_keys:
            if key not in result:
                continue
            if not isinstance(result[key], list):
                return 'Value for key %r must be a list' % key
            for grantee in result[key]:
                if not isinstance(grantee, str):
                    return 'Elements of %r list must be strings' % key

        # Everything looks fine, no errors found
        internal_hdr = get_sys_meta_prefix('account') + 'core-access-control'
        req.headers[internal_hdr] = req.headers.pop(acl_header)
        return None
Beispiel #3
0
 def test_headers_to_account_info_sys_meta(self):
     prefix = get_sys_meta_prefix('account')
     headers = {'%sWhatevs' % prefix: 14,
                '%ssomethingelse' % prefix: 0}
     resp = headers_to_account_info(headers.items(), 200)
     self.assertEquals(len(resp['sysmeta']), 2)
     self.assertEquals(resp['sysmeta']['whatevs'], 14)
     self.assertEquals(resp['sysmeta']['somethingelse'], 0)
Beispiel #4
0
 def add_acls_from_sys_metadata(self, resp):
     if resp.environ['REQUEST_METHOD'] in ('HEAD', 'GET', 'PUT', 'POST'):
         prefix = get_sys_meta_prefix('account') + 'core-'
         name = 'access-control'
         (extname, intname) = ('x-account-' + name, prefix + name)
         acl_dict = parse_acl(version=2, data=resp.headers.pop(intname))
         if acl_dict:  # treat empty dict as empty header
             resp.headers[extname] = format_acl(
                 version=2, acl_dict=acl_dict)
Beispiel #5
0
 def _make_user_and_sys_acl_headers_data(self):
     acl = {
         'admin': ['AUTH_alice', 'AUTH_bob'],
         'read-write': ['AUTH_carol'],
         'read-only': [],
     }
     user_prefix = 'x-account-'  # external, user-facing
     user_headers = {
         (user_prefix + 'access-control'): format_acl(version=2,
                                                      acl_dict=acl)
     }
     sys_prefix = get_sys_meta_prefix('account')  # internal, system-facing
     sys_headers = {
         (sys_prefix + 'core-access-control'):
         format_acl(version=2, acl_dict=acl)
     }
     return user_headers, sys_headers
Beispiel #6
0
"""

from osd.common.swob import Request
from osd.common.utils import get_logger
from osd.common.request_helpers import remove_items, get_sys_meta_prefix
import re

#: A list of python regular expressions that will be used to
#: match against inbound request headers. Matching headers will
#: be removed from the request.
# Exclude headers starting with a sysmeta prefix.
# If adding to this list, note that these are regex patterns,
# so use a trailing $ to constrain to an exact header match
# rather than prefix match.
inbound_exclusions = [
    get_sys_meta_prefix('account'),
    get_sys_meta_prefix('container'),
    get_sys_meta_prefix('object'), 'x-backend'
]
# 'x-object-sysmeta' is reserved in anticipation of future support
# for system metadata being applied to objects

#: A list of python regular expressions that will be used to
#: match against outbound response headers. Matching headers will
#: be removed from the response.
outbound_exclusions = inbound_exclusions


def make_exclusion_test(exclusions):
    expr = '|'.join(exclusions)
    test = re.compile(expr, re.IGNORECASE)