def _get_response(self, app, method, container, obj, headers=None, body=None, query=None): """ Calls the application with this request's environment. Returns a Response object that wraps up the application's result. """ sw_req = self.to_swift_req(method, container, obj, headers=headers, body=body, query=query) if CONF.s3_acl: sw_req.environ['swift_owner'] = True # needed to set ACL sw_req.environ['swift.authorize_override'] = True sw_req.environ['swift.authorize'] = lambda req: None sw_resp = sw_req.get_response(app) resp = Response.from_swift_resp(sw_resp) status = resp.status_int # pylint: disable-msg=E1101 if CONF.s3_acl: resp.bucket_acl = decode_acl('container', resp.sysmeta_headers) resp.object_acl = decode_acl('object', resp.sysmeta_headers) if not self.user_id: if 'HTTP_X_USER_NAME' in sw_resp.environ: # keystone self.user_id = \ utf8encode("%s:%s" % (sw_resp.environ['HTTP_X_TENANT_NAME'], sw_resp.environ['HTTP_X_USER_NAME'])) else: # tempauth self.user_id = self.access_key success_codes = self._swift_success_codes(method, container, obj) error_codes = self._swift_error_codes(method, container, obj) if status in success_codes: return resp err_msg = resp.body if status in error_codes: err_resp = \ error_codes[sw_resp.status_int] # pylint: disable-msg=E1101 if isinstance(err_resp, tuple): raise err_resp[0](*err_resp[1:]) else: raise err_resp() if status == HTTP_BAD_REQUEST: raise BadSwiftRequest(err_msg) if status == HTTP_UNAUTHORIZED: raise SignatureDoesNotMatch() if status == HTTP_FORBIDDEN: raise AccessDenied() raise InternalError('unexpected status code %d' % status)
def get_acl_response(self, app, method=None, container=None, obj=None, headers=None, body=None, query=None): """ Wrapper method of _get_response to add s3 acl information from response sysmeta headers. """ resp = self._get_response(app, method, container, obj, headers, body, query) resp.bucket_acl = decode_acl("container", resp.sysmeta_headers) resp.object_acl = decode_acl("object", resp.sysmeta_headers) return resp
def get_acl_response(self, app, method=None, container=None, obj=None, headers=None, body=None, query=None): """ Wrapper method of _get_response to add s3 acl information from response sysmeta headers. """ resp = self._get_response( app, method, container, obj, headers, body, query) resp.bucket_acl = decode_acl('container', resp.sysmeta_headers) resp.object_acl = decode_acl('object', resp.sysmeta_headers) return resp
def test_decode_acl_undefined(self): headers = {} acl = decode_acl('container', headers) self.assertEqual(type(acl), ACL) self.assertEqual(None, acl.owner.id) self.assertEqual(len(acl.grants), 0)
def test_decode_acl_undefined(self): headers = {} acl = decode_acl('container', headers) self.assertEqual(type(acl), ACL) self.assertIsNone(acl.owner.id) self.assertEqual(len(acl.grants), 0)
def test_decode_acl_object(self): access_control_policy = \ {'Owner': 'test:tester', 'Grant': [{'Permission': 'FULL_CONTROL', 'Grantee': 'test:tester'}]} headers = {sysmeta_header('object', 'acl'): json.dumps(access_control_policy)} acl = decode_acl('object', headers) self.assertEqual(type(acl), ACL) self.assertEqual(acl.owner.id, 'test:tester') self.assertEqual(len(acl.grants), 1) self.assertEqual(str(acl.grants[0].grantee), 'test:tester') self.assertEqual(acl.grants[0].permission, 'FULL_CONTROL')
def test_object_multipart_upload_complete_s3acl(self): acl_headers = encode_acl( 'object', ACLPublicRead(Owner('test:tester', 'test:tester'))) headers = {} headers[sysmeta_header('object', 'tmpacl')] = \ acl_headers.get(sysmeta_header('object', 'acl')) headers['X-Object-Meta-Foo'] = 'bar' self.swift.register('HEAD', '/v1/AUTH_test/bucket+segments/object/X', swob.HTTPOk, headers, None) req = Request.blank('/bucket/object?uploadId=X', environ={'REQUEST_METHOD': 'POST'}, headers={'Authorization': 'AWS test:tester:hmac'}, body=xml) status, headers, body = self.call_swift3(req) fromstring(body, 'CompleteMultipartUploadResult') self.assertEquals(status.split()[0], '200') _, _, headers = self.swift.calls_with_headers[-2] self.assertEquals(headers.get('X-Object-Meta-Foo'), 'bar') self.assertEquals( tostring( ACLPublicRead(Owner('test:tester', 'test:tester')).elem()), tostring(decode_acl('object', headers).elem()))
def test_decode_acl_empty_list(self): headers = {sysmeta_header('container', 'acl'): '[]'} acl = decode_acl('container', headers) self.assertEqual(type(acl), ACL) self.assertEqual(None, acl.owner.id) self.assertEqual(len(acl.grants), 0)
def test_decode_acl_empty_list(self): headers = {sysmeta_header('container', 'acl'): '[]'} acl = decode_acl('container', headers) self.assertEqual(type(acl), ACL) self.assertIsNone(acl.owner.id) self.assertEqual(len(acl.grants), 0)