def _get_response(self, app, method, container, obj,
headers=None, body=None, query=None):
"""
Calls the application with this request's environment. Returns a
Response object that wraps up the application's result.
"""
sw_req = self.to_swift_req(method, container, obj, headers=headers,
body=body, query=query)
if CONF.s3_acl:
sw_req.environ['swift_owner'] = True # needed to set ACL
sw_req.environ['swift.authorize_override'] = True
sw_req.environ['swift.authorize'] = lambda req: None
sw_resp = sw_req.get_response(app)
resp = Response.from_swift_resp(sw_resp)
status = resp.status_int # pylint: disable-msg=E1101
if CONF.s3_acl:
resp.bucket_acl = decode_acl('container', resp.sysmeta_headers)
resp.object_acl = decode_acl('object', resp.sysmeta_headers)
if not self.user_id:
if 'HTTP_X_USER_NAME' in sw_resp.environ:
# keystone
self.user_id = \
utf8encode("%s:%s" %
(sw_resp.environ['HTTP_X_TENANT_NAME'],
sw_resp.environ['HTTP_X_USER_NAME']))
else:
# tempauth
self.user_id = self.access_key
success_codes = self._swift_success_codes(method, container, obj)
error_codes = self._swift_error_codes(method, container, obj)
if status in success_codes:
return resp
err_msg = resp.body
if status in error_codes:
err_resp = \
error_codes[sw_resp.status_int] # pylint: disable-msg=E1101
if isinstance(err_resp, tuple):
raise err_resp[0](*err_resp[1:])
else:
raise err_resp()
if status == HTTP_BAD_REQUEST:
raise BadSwiftRequest(err_msg)
if status == HTTP_UNAUTHORIZED:
raise SignatureDoesNotMatch()
if status == HTTP_FORBIDDEN:
raise AccessDenied()
raise InternalError('unexpected status code %d' % status)
def get_acl_response(self, app, method=None, container=None, obj=None, headers=None, body=None, query=None):
"""
Wrapper method of _get_response to add s3 acl information
from response sysmeta headers.
"""
resp = self._get_response(app, method, container, obj, headers, body, query)
resp.bucket_acl = decode_acl("container", resp.sysmeta_headers)
resp.object_acl = decode_acl("object", resp.sysmeta_headers)
return resp
def get_acl_response(self, app, method=None, container=None, obj=None,
headers=None, body=None, query=None):
"""
Wrapper method of _get_response to add s3 acl information
from response sysmeta headers.
"""
resp = self._get_response(
app, method, container, obj, headers, body, query)
resp.bucket_acl = decode_acl('container', resp.sysmeta_headers)
resp.object_acl = decode_acl('object', resp.sysmeta_headers)
return resp
def test_decode_acl_undefined(self):
headers = {}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertEqual(None, acl.owner.id)
self.assertEqual(len(acl.grants), 0)
def test_decode_acl_undefined(self):
headers = {}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertIsNone(acl.owner.id)
self.assertEqual(len(acl.grants), 0)
def test_decode_acl_object(self):
access_control_policy = \
{'Owner': 'test:tester',
'Grant': [{'Permission': 'FULL_CONTROL',
'Grantee': 'test:tester'}]}
headers = {sysmeta_header('object', 'acl'):
json.dumps(access_control_policy)}
acl = decode_acl('object', headers)
self.assertEqual(type(acl), ACL)
self.assertEqual(acl.owner.id, 'test:tester')
self.assertEqual(len(acl.grants), 1)
self.assertEqual(str(acl.grants[0].grantee), 'test:tester')
self.assertEqual(acl.grants[0].permission, 'FULL_CONTROL')
def test_object_multipart_upload_complete_s3acl(self):
acl_headers = encode_acl(
'object', ACLPublicRead(Owner('test:tester', 'test:tester')))
headers = {}
headers[sysmeta_header('object', 'tmpacl')] = \
acl_headers.get(sysmeta_header('object', 'acl'))
headers['X-Object-Meta-Foo'] = 'bar'
self.swift.register('HEAD', '/v1/AUTH_test/bucket+segments/object/X',
swob.HTTPOk, headers, None)
req = Request.blank('/bucket/object?uploadId=X',
environ={'REQUEST_METHOD': 'POST'},
headers={'Authorization': 'AWS test:tester:hmac'},
body=xml)
status, headers, body = self.call_swift3(req)
fromstring(body, 'CompleteMultipartUploadResult')
self.assertEquals(status.split()[0], '200')
_, _, headers = self.swift.calls_with_headers[-2]
self.assertEquals(headers.get('X-Object-Meta-Foo'), 'bar')
self.assertEquals(
tostring(
ACLPublicRead(Owner('test:tester', 'test:tester')).elem()),
tostring(decode_acl('object', headers).elem()))
def test_decode_acl_empty_list(self):
headers = {sysmeta_header('container', 'acl'): '[]'}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertEqual(None, acl.owner.id)
self.assertEqual(len(acl.grants), 0)
def test_decode_acl_empty_list(self):
headers = {sysmeta_header('container', 'acl'): '[]'}
acl = decode_acl('container', headers)
self.assertEqual(type(acl), ACL)
self.assertIsNone(acl.owner.id)
self.assertEqual(len(acl.grants), 0)
