Exemplo n.º 1
0
def get_acl(headers, body, bucket_owner, object_owner=None):
    """
    Get ACL instance from S3 (e.g. x-amz-grant) headers or S3 acl xml body.
    """
    acl = ACL.from_headers(headers, bucket_owner, object_owner,
                           as_private=False)

    if acl is None:
        # Get acl from request body if possible.
        if not body:
            msg = 'Your request was missing a required header'
            raise MissingSecurityHeader(msg, missing_header_name='x-amz-acl')
        try:
            elem = fromstring(body, ACL.root_tag)
            acl = ACL.from_elem(elem)
        except(XMLSyntaxError, DocumentInvalid):
            raise MalformedACLError()
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            LOGGER.error(e)
            raise exc_type, exc_value, exc_traceback
    else:
        if body:
            # Specifying grant with both header and xml is not allowed.
            raise UnexpectedContent()

    return acl
Exemplo n.º 2
0
def get_acl(headers, body, bucket_owner, object_owner=None):
    """
    Get ACL instance from S3 (e.g. x-amz-grant) headers or S3 acl xml body.
    """
    acl = ACL.from_headers(headers,
                           bucket_owner,
                           object_owner,
                           as_private=False)

    if acl is None:
        # Get acl from request body if possible.
        if not body:
            msg = 'Your request was missing a required header'
            raise MissingSecurityHeader(msg, missing_header_name='x-amz-acl')
        try:
            elem = fromstring(body, ACL.root_tag)
            acl = ACL.from_elem(elem)
        except (XMLSyntaxError, DocumentInvalid):
            raise MalformedACLError()
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            LOGGER.error(e)
            raise exc_type, exc_value, exc_traceback
    else:
        if body:
            # Specifying grant with both header and xml is not allowed.
            raise UnexpectedContent()

    return acl
    def _test_object_acl_PUT(self, account, permission='FULL_CONTROL'):
        acl = ACL(self.default_owner, [Grant(User(account), permission)])
        req = Request.blank('/bucket/object?acl',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers={'Authorization': 'AWS %s:hmac' % account},
                            body=tostring(acl.elem()))

        return self.call_swift3(req)
Exemplo n.º 4
0
    def _test_object_acl_PUT(self, account, permission='FULL_CONTROL'):
        acl = ACL(self.default_owner, [Grant(User(account), permission)])
        req = Request.blank('/bucket/object?acl',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers={'Authorization': 'AWS %s:hmac' % account},
                            body=tostring(acl.elem()))

        return self.call_swift3(req)
Exemplo n.º 5
0
 def test_from_headers_x_amz_acl_invalid(self):
     with self.assertRaises(InvalidArgument) as cm:
         ACL.from_headers({'x-amz-acl': 'invalid'},
                          Owner('test:tester', 'test:tester'))
     self.assertTrue('argument_name' in cm.exception.info)
     self.assertEquals(cm.exception.info['argument_name'], 'x-amz-acl')
     self.assertTrue('argument_value' in cm.exception.info)
     self.assertEquals(cm.exception.info['argument_value'], 'invalid')
Exemplo n.º 6
0
 def test_from_headers_x_amz_acl_invalid(self):
     with self.assertRaises(InvalidArgument) as cm:
         ACL.from_headers({'x-amz-acl': 'invalid'},
                          Owner('test:tester', 'test:tester'))
     self.assertTrue('argument_name' in cm.exception.info)
     self.assertEquals(cm.exception.info['argument_name'], 'x-amz-acl')
     self.assertTrue('argument_value' in cm.exception.info)
     self.assertEquals(cm.exception.info['argument_value'], 'invalid')
Exemplo n.º 7
0
def _gen_test_acl_header(owner, permission=None, grantee=None,
                         resource='container'):
    if permission is None:
        return ACL(owner, [])

    if grantee is None:
        grantee = User('test:tester')
    return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
Exemplo n.º 8
0
 def _test_set_container_permission(self, account, permission):
     grants = [Grant(User(account), permission)]
     headers = \
         encode_acl('container',
                    ACL(Owner('test:tester', 'test:tester'), grants))
     self.swift.register('HEAD', '/v1/AUTH_test/bucket',
                         swob.HTTPNoContent, headers, None)
Exemplo n.º 9
0
    def test_from_headers_x_amz_acl(self):
        canned_acls = ['public-read', 'public-read-write',
                       'authenticated-read', 'bucket-owner-read',
                       'bucket-owner-full-control', 'log-delivery-write']

        owner = Owner('test:tester', 'test:tester')
        grantee_map = canned_acl_grantees(owner)

        for acl_str in canned_acls:
            acl = ACL.from_headers({'x-amz-acl': acl_str}, owner)
            expected = grantee_map[acl_str]

            self.assertEquals(len(acl.grants), len(expected))  # sanity

            # parse Grant object to permission and grantee
            actual_grants = [(grant.permission, grant.grantee)
                             for grant in acl.grants]

            assertions = zip(sorted(expected), sorted(actual_grants))

            for (expected_permission, expected_grantee), \
                    (permission, grantee) in assertions:
                self.assertEquals(expected_permission, permission)
                self.assertTrue(
                    isinstance(grantee, expected_grantee.__class__))
                if isinstance(grantee, User):
                    self.assertEquals(expected_grantee.id, grantee.id)
                    self.assertEquals(expected_grantee.display_name,
                                      grantee.display_name)
Exemplo n.º 10
0
    def test_from_headers_x_amz_acl(self):
        canned_acls = [
            'public-read', 'public-read-write', 'authenticated-read',
            'bucket-owner-read', 'bucket-owner-full-control',
            'log-delivery-write'
        ]

        owner = Owner('test:tester', 'test:tester')
        grantee_map = canned_acl_grantees(owner)

        for acl_str in canned_acls:
            acl = ACL.from_headers({'x-amz-acl': acl_str}, owner)
            expected = grantee_map[acl_str]

            self.assertEquals(len(acl.grants), len(expected))  # sanity

            # parse Grant object to permission and grantee
            actual_grants = [(grant.permission, grant.grantee)
                             for grant in acl.grants]

            assertions = zip(sorted(expected), sorted(actual_grants))

            for (expected_permission, expected_grantee), \
                    (permission, grantee) in assertions:
                self.assertEquals(expected_permission, permission)
                self.assertTrue(isinstance(grantee,
                                           expected_grantee.__class__))
                if isinstance(grantee, User):
                    self.assertEquals(expected_grantee.id, grantee.id)
                    self.assertEquals(expected_grantee.display_name,
                                      grantee.display_name)
Exemplo n.º 11
0
    def _test_object_PUT_copy(self, head_resp, put_header={}):
        account = 'test:tester'
        grants = [Grant(User(account), 'FULL_CONTROL')]
        head_headers = \
            encode_acl('object',
                       ACL(Owner(account, account), grants))
        head_headers.update({'last-modified': self.last_modified})
        self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp,
                            head_headers, None)

        put_headers = {
            'Authorization': 'AWS test:tester:hmac',
            'X-Amz-Copy-Source': '/some/source',
            'Date': self.get_date_header()
        }
        put_headers.update(put_header)

        req = Request.blank('/bucket/object',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)

        req.date = datetime.now()
        req.content_type = 'text/plain'
        with patch('swift3.utils.time.time', return_value=1396353600.000000):
            return self.call_swift3(req)
Exemplo n.º 12
0
 def PUT(self, app):
     if not self.obj:
         # Initiate Multipart Uploads (put +segment container)
         resp = self._handle_acl(app, 'HEAD')
         req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner,
                                    Owner(self.user_id, self.user_id))
         acl_headers = encode_acl('object', req_acl)
         self.req.headers[sysmeta_header('object', 'tmpacl')] = \
             acl_headers[sysmeta_header('object', 'acl')]
Exemplo n.º 13
0
 def PUT(self, app):
     if not self.acl_checked:
         resp = self._handle_acl(app, 'HEAD', obj='')
         req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner,
                                    Owner(self.user_id, self.user_id))
         acl_headers = encode_acl('object', req_acl)
         self.req.headers[sysmeta_header('object', 'tmpacl')] = \
             acl_headers[sysmeta_header('object', 'acl')]
         self.acl_checked = True
Exemplo n.º 14
0
 def test_object_PUT_copy_without_dst_obj_permission(self):
     account = 'test:other'
     grants = [Grant(User(account), 'WRITE')]
     headers = encode_acl('container', ACL(Owner(account, account), grants))
     self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent,
                         headers, None)
     status, headers, body = \
         self._test_object_copy_for_s3acl(account, 'READ')
     self.assertEquals(status.split()[0], '403')
Exemplo n.º 15
0
 def PUT(self, app):
     if not self.obj:
         # Initiate Multipart Uploads (put +segment container)
         resp = self._handle_acl(app, 'HEAD')
         req_acl = ACL.from_headers(self.req.headers,
                                    resp.bucket_acl.owner,
                                    Owner(self.user_id, self.user_id))
         acl_headers = encode_acl('object', req_acl)
         self.req.headers[sysmeta_header('object', 'tmpacl')] = \
             acl_headers[sysmeta_header('object', 'acl')]
Exemplo n.º 16
0
 def PUT(self, app):
     b_resp = self._handle_acl(app, 'HEAD', obj='')
     inherits = None
     if CONF.s3_acl and CONF.s3_acl_inherit:
         inherits = b_resp.bucket_acl.grants
     req_acl = ACL.from_headers(self.req.headers,
                                b_resp.bucket_acl.owner,
                                Owner(self.user_id, self.user_id),
                                inherit_grants=inherits)
     self.req.object_acl = req_acl
Exemplo n.º 17
0
 def _test_object_PUT_copy_self(self, head_resp, put_header={}):
     account = 'test:tester'
     grants = [Grant(User(account), 'FULL_CONTROL')]
     head_headers = \
         encode_acl('object',
                    ACL(Owner(account, account), grants))
     head_headers.update({'last-modified': self.last_modified})
     self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp,
                         head_headers, None)
     return self._call_object_copy('/bucket/object', put_header)
Exemplo n.º 18
0
 def _test_object_PUT_copy(self, head_resp, put_header=None,
                           src_path='/some/source', timestamp=None):
     account = 'test:tester'
     grants = [Grant(User(account), 'FULL_CONTROL')]
     head_headers = \
         encode_acl('object',
                    ACL(Owner(account, account), grants))
     head_headers.update({'last-modified': self.last_modified})
     self.swift.register('HEAD', '/v1/AUTH_test/some/source',
                         head_resp, head_headers, None)
     put_header = put_header or {}
     return self._call_object_copy(src_path, put_header, timestamp)
Exemplo n.º 19
0
 def test_acl_from_elem_by_id_only(self):
     elem = ACLPrivate(Owner(id='test:tester', name='test:tester')).elem()
     elem.find('./Owner').remove(elem.find('./Owner/DisplayName'))
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(
         self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
Exemplo n.º 20
0
 def test_acl_from_elem_by_id_only(self):
     elem = ACLPrivate(Owner(id='test:tester',
                             name='test:tester')).elem()
     elem.find('./Owner').remove(elem.find('./Owner/DisplayName'))
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'WRITE_ACP'))
Exemplo n.º 21
0
    def PUT(self, app):
        req_acl = ACL.from_headers(self.req.headers,
                                   Owner(self.user_id, self.user_id))

        # To avoid overwriting the existing bucket's ACL, we send PUT
        # request first before setting the ACL to make sure that the target
        # container does not exist.
        self.req.get_acl_response(app, 'PUT')

        # update metadata
        self.req.bucket_acl = req_acl

        # FIXME If this request is failed, there is a possibility that the
        # bucket which has no ACL is left.
        return self.req.get_acl_response(app, 'POST')
Exemplo n.º 22
0
    def PUT(self, app):
        req_acl = ACL.from_headers(self.req.headers,
                                   Owner(self.user_id, self.user_id))

        # To avoid overwriting the existing bucket's ACL, we send PUT
        # request first before setting the ACL to make sure that the target
        # container does not exist.
        self.req.get_acl_response(app, 'PUT')

        # update metadata
        self.req.bucket_acl = req_acl

        # FIXME If this request is failed, there is a possibility that the
        # bucket which has no ACL is left.
        return self.req.get_acl_response(app, 'POST')
Exemplo n.º 23
0
 def test_acl_from_elem(self):
     # check translation from element
     acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
     elem = acl.elem()
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(
         self.check_permission(acl, 'test:tester2', 'WRITE_ACP'))
Exemplo n.º 24
0
 def test_acl_from_elem(self):
     # check translation from element
     acl = ACLPrivate(Owner(id='test:tester',
                            name='test:tester'))
     elem = acl.elem()
     acl = ACL.from_elem(elem)
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'READ_ACP'))
     self.assertTrue(self.check_permission(acl, 'test:tester', 'WRITE_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'READ'))
     self.assertFalse(self.check_permission(acl, 'test:tester2', 'WRITE'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'READ_ACP'))
     self.assertFalse(self.check_permission(acl, 'test:tester2',
                                            'WRITE_ACP'))
Exemplo n.º 25
0
    def test_encode_acl_many_grant(self):
        headers = {}
        users = []
        for i in range(0, 99):
            users.append('id=test:tester%s' % str(i))
        users = ','.join(users)
        headers['x-amz-grant-read'] = users
        acl = ACL.from_headers(headers, Owner('test:tester', 'test:tester'))
        acp = encode_acl('container', acl)

        header_value = acp[sysmeta_header('container', 'acl')]
        header_value = json.loads(header_value)

        self.assertTrue('Owner' in header_value)
        self.assertTrue('Grant' in header_value)
        self.assertEqual('test:tester', header_value['Owner'])
        self.assertEqual(len(header_value['Grant']), 99)
Exemplo n.º 26
0
    def test_encode_acl_many_grant(self):
        headers = {}
        users = []
        for i in range(0, 99):
            users.append('id=test:tester%s' % str(i))
        users = ','.join(users)
        headers['x-amz-grant-read'] = users
        acl = ACL.from_headers(headers, Owner('test:tester', 'test:tester'))
        acp = encode_acl('container', acl)

        header_value = acp[sysmeta_header('container', 'acl')]
        header_value = json.loads(header_value)

        self.assertTrue('Owner' in header_value)
        self.assertTrue('Grant' in header_value)
        self.assertEqual('test:tester', header_value['Owner'])
        self.assertEqual(len(header_value['Grant']), 99)
Exemplo n.º 27
0
    def _test_object_copy_for_s3acl(self, account, src_permission=None,
                                    src_path='/src_bucket/src_obj'):
        owner = 'test:tester'
        grants = [Grant(User(account), src_permission)] \
            if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
        src_o_headers = \
            encode_acl('object', ACL(Owner(owner, owner), grants))
        self.swift.register(
            'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')),
            swob.HTTPOk, src_o_headers, None)

        req = Request.blank(
            '/bucket/object',
            environ={'REQUEST_METHOD': 'PUT'},
            headers={'Authorization': 'AWS %s:hmac' % account,
                     'X-Amz-Copy-Source': src_path})

        return self.call_swift3(req)
Exemplo n.º 28
0
    def PUT(self, req):
        """
        Handle PUT Bucket request
        """
        xml = req.xml(MAX_PUT_BUCKET_BODY_SIZE)
        if xml:
            # check location
            try:
                elem = fromstring(xml, 'CreateBucketConfiguration')
                location = elem.find('./LocationConstraint').text
            except (XMLSyntaxError, DocumentInvalid):
                raise MalformedXML()
            except Exception as e:
                LOGGER.error(e)
                raise

            if location != CONF.location:
                # Swift3 cannot support multiple reagions now.
                raise InvalidLocationConstraint()

        if CONF.s3_acl:
            req_acl = ACL.from_headers(req.headers,
                                       Owner(req.user_id, req.user_id))

            # To avoid overwriting the existing bucket's ACL, we send PUT
            # request first before setting the ACL to make sure that the target
            # container does not exist.
            resp = req.get_response(self.app)

            # update metadata
            req.bucket_acl = req_acl
            # FIXME If this request is failed, there is a possibility that the
            # bucket which has no ACL is left.
            req.get_response(self.app, 'POST')
        else:
            if 'HTTP_X_AMZ_ACL' in req.environ:
                handle_acl_header(req)

            resp = req.get_response(self.app)

        resp.status = HTTP_OK
        resp.location = '/' + req.container_name

        return resp
Exemplo n.º 29
0
    def _test_object_PUT_copy(self, head_resp, put_header={}):
        account = 'test:tester'
        grants = [Grant(User(account), 'FULL_CONTROL')]
        head_headers = \
            encode_acl('object',
                       ACL(Owner(account, account), grants))
        self.swift.register('HEAD', '/v1/AUTH_test/some/source',
                            head_resp, head_headers, None)

        put_headers = {'Authorization': 'AWS test:tester:hmac',
                       'X-Amz-Copy-Source': '/some/source'}
        put_headers.update(put_header)

        req = Request.blank('/bucket/object',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)

        req.date = datetime.now()
        req.content_type = 'text/plain'
        return self.call_swift3(req)
Exemplo n.º 30
0
    def test_service_GET_without_owner_bucket(self):
        bucket_list = []
        for var in range(0, 10):
            user_id = 'test:other'
            bucket = 'bucket%s' % var
            owner = Owner(user_id, user_id)
            headers = encode_acl('container', ACL(owner, []))
            self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
                                swob.HTTPNoContent, headers, None)
            bucket_list.append((bucket, var, 300 + var))

        status, headers, body = \
            self._test_service_GET_for_check_bucket_owner(bucket_list)
        self.assertEquals(status.split()[0], '200')

        elem = fromstring(body, 'ListAllMyBucketsResult')

        resp_buckets = elem.find('./Buckets')
        buckets = resp_buckets.iterchildren('Bucket')
        self.assertEquals(len(list(buckets)), 0)
Exemplo n.º 31
0
    def test_service_GET_bucekt_list(self):
        bucket_list = []
        for var in range(0, 10):
            if var % 3 == 0:
                user_id = 'test:tester'
            else:
                user_id = 'test:other'
            bucket = 'bucket%s' % var
            owner = Owner(user_id, user_id)
            headers = encode_acl('container', ACL(owner, []))
            # set register to get owner of buckets
            if var % 3 == 2:
                self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
                                    swob.HTTPNotFound, {}, None)
            else:
                self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
                                    swob.HTTPNoContent, headers, None)
            bucket_list.append((bucket, var, 300 + var))

        status, headers, body = \
            self._test_service_GET_for_check_bucket_owner(bucket_list)
        self.assertEquals(status.split()[0], '200')

        elem = fromstring(body, 'ListAllMyBucketsResult')
        resp_buckets = elem.find('./Buckets')
        buckets = resp_buckets.iterchildren('Bucket')
        listing = list(list(buckets)[0])
        self.assertEquals(len(listing), 2)

        names = []
        for b in resp_buckets.iterchildren('Bucket'):
            names.append(b.find('./Name').text)

        # Check whether getting bucket only locate in multiples of 3 in
        # bucket_list which mean requested user is owner.
        expected_buckets = [b for i, b in enumerate(bucket_list) if i % 3 == 0]
        self.assertEquals(len(names), len(expected_buckets))
        for i in expected_buckets:
            self.assertTrue(i[0] in names)
        self.assertEquals(len(self.swift.calls_with_headers), 11)
Exemplo n.º 32
0
    def PUT(self, req):
        """
        Handle PUT Object and PUT Object (Copy) request
        """
        if CONF.s3_acl:
            if 'X-Amz-Copy-Source' in req.headers:
                src_path = req.headers['X-Amz-Copy-Source']
                src_path = src_path if src_path.startswith('/') else \
                    ('/' + src_path)
                src_bucket, src_obj = split_path(src_path, 0, 2, True)
                req.get_response(self.app,
                                 'HEAD',
                                 src_bucket,
                                 src_obj,
                                 permission='READ')
            b_resp = req.get_response(self.app, 'HEAD', obj='')
            # To avoid overwriting the existing object by unauthorized user,
            # we send HEAD request first before writing the object to make
            # sure that the target object does not exist or the user that sent
            # the PUT request have write permission.
            try:
                req.get_response(self.app, 'HEAD')
            except NoSuchKey:
                pass
            req_acl = ACL.from_headers(req.headers, b_resp.bucket_acl.owner,
                                       Owner(req.user_id, req.user_id))

            req.object_acl = req_acl

        resp = req.get_response(self.app)

        if 'X-Amz-Copy-Source' in req.headers:
            elem = Element('CopyObjectResult')
            SubElement(elem, 'ETag').text = '"%s"' % resp.etag
            body = tostring(elem, use_s3ns=False)
            return HTTPOk(body=body, headers=resp.headers)

        resp.status = HTTP_OK

        return resp
Exemplo n.º 33
0
    def _test_copy_for_s3acl(self,
                             account,
                             src_permission=None,
                             src_path='/src_bucket/src_obj',
                             head_resp=swob.HTTPOk,
                             put_header={}):
        owner = 'test:tester'
        grants = [Grant(User(account), src_permission)] \
            if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
        src_o_headers = encode_acl('object', ACL(Owner(owner, owner), grants))
        self.swift.register('HEAD', '/v1/AUTH_test/src_bucket/src_obj',
                            head_resp, src_o_headers, None)

        put_headers = {
            'Authorization': 'AWS %s:hmac' % account,
            'X-Amz-Copy-Source': src_path
        }
        put_headers.update(put_header)
        req = Request.blank('/bucket/object?partNumber=1&uploadId=X',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)
        return self.call_swift3(req)
Exemplo n.º 34
0
    def PUT(self, req):
        """
        Handle PUT Object and PUT Object (Copy) request
        """
        if CONF.s3_acl:
            if 'X-Amz-Copy-Source' in req.headers:
                src_path = req.headers['X-Amz-Copy-Source']
                src_path = src_path if src_path.startswith('/') else \
                    ('/' + src_path)
                src_bucket, src_obj = split_path(src_path, 0, 2, True)
                req.get_response(self.app, 'HEAD', src_bucket, src_obj,
                                 permission='READ')
            b_resp = req.get_response(self.app, 'HEAD', obj='')
            # To avoid overwriting the existing object by unauthorized user,
            # we send HEAD request first before writing the object to make
            # sure that the target object does not exist or the user that sent
            # the PUT request have write permission.
            try:
                req.get_response(self.app, 'HEAD')
            except NoSuchKey:
                pass
            req_acl = ACL.from_headers(req.headers,
                                       b_resp.bucket_acl.owner,
                                       Owner(req.user_id, req.user_id))

            req.object_acl = req_acl

        resp = req.get_response(self.app)

        if 'X-Amz-Copy-Source' in req.headers:
            elem = Element('CopyObjectResult')
            SubElement(elem, 'ETag').text = '"%s"' % resp.etag
            body = tostring(elem, use_s3ns=False)
            return HTTPOk(body=body, headers=resp.headers)

        resp.status = HTTP_OK

        return resp
Exemplo n.º 35
0
 def PUT(self, app):
     b_resp = self._handle_acl(app, 'HEAD', obj='')
     req_acl = ACL.from_headers(self.req.headers, b_resp.bucket_acl.owner,
                                Owner(self.user_id, self.user_id))
     self.req.object_acl = req_acl
Exemplo n.º 36
0
def _gen_test_headers(owner, grants=[], resource='container'):
    if not grants:
        grants = [Grant(User('test:tester'), 'FULL_CONTROL')]
    return encode_acl(resource, ACL(owner, grants))
Exemplo n.º 37
0
 def PUT(self, app):
     b_resp = self._handle_acl(app, 'HEAD', obj='')
     req_acl = ACL.from_headers(self.req.headers,
                                b_resp.bucket_acl.owner,
                                Owner(self.user_id, self.user_id))
     self.req.object_acl = req_acl