def fromstring(text, root_tag=None):
try:
elem = lxml.etree.fromstring(text, parser)
except lxml.etree.XMLSyntaxError as e:
LOGGER.debug(e)
raise XMLSyntaxError(e)
cleanup_namespaces(elem)
if root_tag is not None:
# validate XML
try:
path = 'schema/%s.rng' % camel_to_snake(root_tag)
with resource_stream(__name__, path) as rng:
lxml.etree.RelaxNG(file=rng).assertValid(elem)
except IOError as e:
# Probably, the schema file doesn't exist.
exc_type, exc_value, exc_traceback = sys.exc_info()
LOGGER.error(e)
raise exc_type, exc_value, exc_traceback
except lxml.etree.DocumentInvalid as e:
LOGGER.debug(e)
raise DocumentInvalid(e)
return elem
def PUT(self, app):
if self.req.is_object_request:
b_resp = self.req.get_acl_response(app, 'HEAD', obj='')
o_resp = self._handle_acl(app, 'HEAD', permission='WRITE-ACL')
req_acl = get_acl(self.req.headers,
self.req.xml(ACL.max_xml_length),
b_resp.bucket_acl.owner,
o_resp.object_acl.owner)
# Don't change the owner of the resource by PUT acl request.
o_resp.object_acl.check_owner(req_acl.owner.id)
g = req_acl.grant
LOGGER.debug('Grant %s permission on the object /%s/%s' %
(g, self.req.container_name,
self.req.object_name))
if 'X-Oss-Acl' not in self.req.headers:
if req_acl=='private':
req_acl=='default'
try:
resp =self.req.get_acl_response(app, 'GET')
if resp.object_acl:
req_acl=resp.object_acl
except :
pass
self.req.object_acl = req_acl
else:
self._handle_acl(app, self.method)
def wrapped(self, req):
if not req.is_bucket_request:
if err_resp:
raise err_resp(msg=err_msg)
LOGGER.debug('A key is specified for bucket API.')
req.object_name = None
return func(self, req)
def handle_request(self, req):
LOGGER.debug('Calling Oss2Swift Middleware')
LOGGER.debug(req.__dict__)
controller = req.controller(self.app)
if hasattr(controller, req.method):
handler = getattr(controller, req.method)
if not getattr(handler, 'publicly_accessible', False):
raise MethodNotAllowed(req.method,
req.controller.resource_type())
res = handler(req)
else:
raise MethodNotAllowed(req.method, req.controller.resource_type())
return res
def POST(self, app):
if self.req.is_bucket_request:
resp = self._handle_acl(app, 'HEAD', permission='WRITE-ACL')
req_acl = get_acl(self.req.headers,
self.req.xml(ACL.max_xml_length),
resp.bucket_acl.owner)
# Don't change the owner of the resource by PUT acl request.
resp.bucket_acl.check_owner(req_acl.owner.id)
g = req_acl.grant
LOGGER.debug('Grant %s permission on the bucket /%s' %
(g,self.req.container_name))
self.req.bucket_acl = req_acl
else:
self._handle_acl(app, self.method)
def check_filter_order(pipeline, required_filters):
"""
Check that required filters are present in order in the pipeline.
"""
indexes = []
missing_filters = []
for filter in required_filters:
try:
indexes.append(pipeline.index(filter))
except ValueError as e:
LOGGER.debug(e)
missing_filters.append(filter)
if missing_filters:
raise ValueError('Invalid pipeline %r: missing filters %r' %
(pipeline, missing_filters))
if indexes != sorted(indexes):
raise ValueError('Invalid pipeline %r: expected filter %s' %
(pipeline, ' before '.join(required_filters)))
def decode_acl(resource, headers, owner):
value = ''
key = sysmeta_header(resource, 'acl')
if key in headers:
value = headers[key]
if value == '':
return ACL(Owner(None, None), [])
try:
id = None
name = None
if owner is not None:
id = owner
name = owner
if id is not None and name is not None:
return ACL(Owner(id, name), value)
except Exception as e:
LOGGER.debug(e)
pass
raise InvalidSubresource((resource, 'acl', value))
def check_pipeline(self, conf):
"""
Check that proxy-server.conf has an appropriate pipeline for 2swift.
"""
if conf.get('__file__', None) is None:
return
ctx = loadcontext(loadwsgi.APP, conf.__file__)
pipeline = str(PipelineWrapper(ctx)).split(' ')
# Add compatible with 3rd party middleware.
check_filter_order(pipeline, ['oss2swift', 'proxy-server'])
auth_pipeline = pipeline[pipeline.index('oss2swift') +
1:pipeline.index('proxy-server')]
# Check SLO middleware
if self.slo_enabled and 'slo' not in auth_pipeline:
self.slo_enabled = False
LOGGER.warning('oss2swift middleware requires SLO middleware '
'to support multi-part upload, please add it '
'in pipeline')
if not conf.auth_pipeline_check:
LOGGER.debug('Skip pipeline auth check.')
return
if 'tempauth' in auth_pipeline:
LOGGER.debug('Use tempauth middleware.')
elif 'keystoneauth' in auth_pipeline:
check_filter_order(auth_pipeline,
['osstoken', 'authtoken', 'keystoneauth'])
LOGGER.debug('Use keystone middleware.')
elif len(auth_pipeline):
LOGGER.debug('Use third party(unknown) auth middleware.')
else:
raise ValueError('Invalid pipeline %r: expected auth between '
'oss2swift and proxy-server ' % pipeline)