def setUp(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = healthcheck catch_errors tempurl proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:tempurl]
paste.filter_factory = swift.common.middleware.tempurl:filter_factory
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
ctx = wsgi.loadcontext(loadwsgi.APP, conf_file, global_conf={})
self.pipe = wsgi.PipelineWrapper(ctx)
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline
for container_hierarchy
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf['__file__'])
pipeline = str(PipelineWrapper(ctx)).split(' ')
if 'swift3' in pipeline and not all((self.account_first,
self.strip_v1,
self.swift3_compat)):
LOG.warn('account_first, strip_v1 and swift3_compat options '
'must be enabled when using %s along with swift3',
MIDDLEWARE_NAME)
auth_index = -1
if 'tempauth' in pipeline:
LOG.debug('Use tempauth middleware.')
auth_index = pipeline.index('tempauth')
elif 'keystoneauth' in pipeline:
LOG.debug('Use keystone middleware.')
auth_index = pipeline.index('keystoneauth')
if pipeline.index(MIDDLEWARE_NAME) < auth_index:
raise ValueError(
'Invalid pipeline %r: %s must be placed after authentication'
% (pipeline, MIDDLEWARE_NAME))
if ('slo' in pipeline and
pipeline.index(MIDDLEWARE_NAME) < pipeline.index('slo')):
raise ValueError(
'Invalid pipeline %r: %s must be placed after SLO'
% (pipeline, MIDDLEWARE_NAME))
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline
for container_hierarchy.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf['__file__'])
pipeline = str(PipelineWrapper(ctx)).split(' ')
if 'swift3' in pipeline and not all(
(self.account_first, self.strip_v1, self.swift3_compat)):
LOG.warn(
'account_first, strip_v1 and swift3_compat options '
'must be enabled when using %s along with swift3',
MIDDLEWARE_NAME)
auth_index = -1
if 'tempauth' in pipeline:
LOG.debug('Use tempauth middleware.')
auth_index = pipeline.index('tempauth')
elif 'keystoneauth' in pipeline:
LOG.debug('Use keystone middleware.')
auth_index = pipeline.index('keystoneauth')
if pipeline.index(MIDDLEWARE_NAME) < auth_index:
raise ValueError(
'Invalid pipeline %r: %s must be placed after authentication' %
(pipeline, MIDDLEWARE_NAME))
if ('slo' in pipeline
and pipeline.index(MIDDLEWARE_NAME) < pipeline.index('slo')):
raise ValueError(
'Invalid pipeline %r: %s must be placed after SLO' %
(pipeline, MIDDLEWARE_NAME))
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline for swift3.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf.__file__)
pipeline = str(PipelineWrapper(ctx)).split(' ')
# Add compatible with 3rd party middleware.
if check_filter_order(pipeline,
['swift3', 'proxy-server']):
auth_pipeline = pipeline[pipeline.index('swift3') + 1:
pipeline.index('proxy-server')]
# Check SLO middleware
if 'slo' not in auth_pipeline:
self.slo_enabled = False
LOGGER.warning('swift3 middleware is required SLO middleware '
'to support multi-part upload, please add it '
'in pipline')
if not conf.auth_pipeline_check:
LOGGER.debug('Skip pipeline auth check.')
return
if 'tempauth' in auth_pipeline:
LOGGER.debug('Use tempauth middleware.')
return
elif 'keystoneauth' in auth_pipeline:
if check_filter_order(auth_pipeline,
['s3token',
'authtoken',
'keystoneauth']):
LOGGER.debug('Use keystone middleware.')
return
elif len(auth_pipeline):
LOGGER.debug('Use third party(unknown) auth middleware.')
return
raise ValueError('Invalid proxy pipeline: %s' % pipeline)
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline,
and this middleware is positioned where it should be.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf['__file__'])
pipeline = str(PipelineWrapper(ctx)).split(' ')
if 's3api' not in pipeline:
return
index = pipeline.index(MIDDLEWARE_NAME)
if index < pipeline.index('s3api'):
raise ValueError(
'Invalid pipeline %r: %s must be placed after s3api' %
(pipeline, MIDDLEWARE_NAME))
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline for swift3.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf.__file__)
pipeline = str(PipelineWrapper(ctx)).split(' ')
# Add compatible with 3rd party middleware.
if check_filter_order(pipeline, ['swift3', 'proxy-server']):
auth_pipeline = pipeline[pipeline.index('swift3') +
1:pipeline.index('proxy-server')]
# Check SLO middleware
if 'slo' not in auth_pipeline:
self.slo_enabled = False
LOGGER.warning('swift3 middleware is required SLO middleware '
'to support multi-part upload, please add it '
'in pipline')
if not conf.auth_pipeline_check:
LOGGER.debug('Skip pipeline auth check.')
return
if 'tempauth' in auth_pipeline:
LOGGER.debug('Use tempauth middleware.')
return
elif 'keystoneauth' in auth_pipeline:
if check_filter_order(
auth_pipeline,
['s3token', 'authtoken', 'keystoneauth']):
LOGGER.debug('Use keystone middleware.')
return
elif len(auth_pipeline):
LOGGER.debug('Use third party(unknown) auth middleware.')
return
raise ValueError('Invalid proxy pipeline: %s' % pipeline)
def test_startswith_no_filters(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
ctx = wsgi.loadcontext(loadwsgi.APP, conf_file, global_conf={})
pipe = wsgi.PipelineWrapper(ctx)
self.assertTrue(pipe.startswith('proxy'))
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline for s3api.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf.__file__)
pipeline = str(PipelineWrapper(ctx)).split(' ')
# Add compatible with 3rd party middleware.
self.check_filter_order(pipeline, ['s3api', 'proxy-server'])
auth_pipeline = pipeline[pipeline.index('s3api') +
1:pipeline.index('proxy-server')]
# Check SLO middleware
if self.slo_enabled and 'slo' not in auth_pipeline:
self.slo_enabled = False
self.logger.warning('s3api middleware requires SLO middleware '
'to support multi-part upload, please add it '
'in pipeline')
# Check IAM middleware position: when enabled, must be before s3api
if 'iam' in pipeline:
self.check_filter_order(pipeline, ['iam', 's3api'])
if not conf.auth_pipeline_check:
self.logger.debug('Skip pipeline auth check.')
return
if 'tempauth' in auth_pipeline:
self.logger.debug('Use tempauth middleware.')
elif 'keystoneauth' in auth_pipeline:
self.check_filter_order(auth_pipeline, ['s3token', 'keystoneauth'])
self.logger.debug('Use keystone middleware.')
elif len(auth_pipeline):
self.logger.debug('Use third party(unknown) auth middleware.')
else:
raise ValueError('Invalid pipeline %r: expected auth between '
's3api and proxy-server ' % pipeline)
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline for s3api.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf.__file__)
pipeline = str(PipelineWrapper(ctx)).split(' ')
# Add compatible with 3rd party middleware.
self.check_filter_order(pipeline, ['s3api', 'proxy-server'])
auth_pipeline = pipeline[pipeline.index('s3api') + 1:
pipeline.index('proxy-server')]
# Check SLO middleware
if self.slo_enabled and 'slo' not in auth_pipeline:
self.slo_enabled = False
self.logger.warning('s3api middleware requires SLO middleware '
'to support multi-part upload, please add it '
'in pipeline')
if not conf.auth_pipeline_check:
self.logger.debug('Skip pipeline auth check.')
return
if 'tempauth' in auth_pipeline:
self.logger.debug('Use tempauth middleware.')
elif 'keystoneauth' in auth_pipeline:
self.check_filter_order(
auth_pipeline,
['s3token', 'keystoneauth'])
self.logger.debug('Use keystone middleware.')
elif len(auth_pipeline):
self.logger.debug('Use third party(unknown) auth middleware.')
else:
raise ValueError('Invalid pipeline %r: expected auth between '
's3api and proxy-server ' % pipeline)
