summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiago da Silva <thiago@redhat.com>2013-10-17 15:21:59 -0400
committerLuis Pabon <lpabon@redhat.com>2013-10-24 11:49:23 -0700
commitb48149a4af9bc2c5de14a4f479bc7b11938bcf94 (patch)
tree5a4a3b944f71ba2ec70493ad6f56ee51d54b70dc
parentade571006d145b0ade2094a1840b67927a18d6d5 (diff)
applied changes made by Luis Pabon to support gluster-swift
The current changes support only one account per volume The next changes will be made to add support for multiple accounts Also modified unit tests that were failing after code changes. Original changes were made here: https://github.com/lpabon/swauth/tree/gluster-swift Change-Id: I5577d7dc042fc22de8625c8bdf30329cc3338cb9 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6107 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
-rw-r--r--gluster/swift/common/middleware/gswauth/swauth/middleware.py75
-rw-r--r--test/unit/common/middleware/gswauth/swauth/test_middleware.py112
2 files changed, 19 insertions, 168 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
index 65f7ad7..8712350 100644
--- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py
+++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
@@ -39,6 +39,7 @@ from swift.common.utils import cache_from_env, get_logger, get_remote_client, \
split_path, TRUE_VALUES, urlparse
import swift.common.wsgi
+
from gluster.swift.common.middleware.gswauth.swauth import swift_version
from gluster.swift.common.middleware.gswauth.swauth import authtypes
@@ -546,12 +547,6 @@ class Swauth(object):
"""
if not self.is_super_admin(req):
return HTTPForbidden(request=req)
- path = quote('/v1/%s' % self.auth_account)
- resp = self.make_pre_authed_request(
- req.environ, 'PUT', path).get_response(self.app)
- if resp.status_int // 100 != 2:
- raise Exception('Could not create the main auth account: %s %s' %
- (path, resp.status))
path = quote('/v1/%s/.account_id' % self.auth_account)
resp = self.make_pre_authed_request(
req.environ, 'PUT', path).get_response(self.app)
@@ -772,35 +767,10 @@ class Swauth(object):
raise Exception(
'Could not verify account within main auth '
'account: %s %s' % (path, resp.status))
- account_suffix = req.headers.get('x-account-suffix')
- if not account_suffix:
- account_suffix = str(uuid4())
- # Create the new account in the Swift cluster
- path = quote('%s/%s%s' % (self.dsc_parsed2.path,
- self.reseller_prefix, account_suffix))
- try:
- conn = self.get_conn()
- conn.request(
- 'PUT', path,
- headers={'X-Auth-Token': self.get_itoken(req.environ),
- 'Content-Length': '0'})
- resp = conn.getresponse()
- resp.read()
- if resp.status // 100 != 2:
- raise Exception(
- 'Could not create account on the Swift '
- 'cluster: %s %s %s' % (path, resp.status, resp.reason))
- except (Exception, TimeoutError):
- self.logger.error(
- _('ERROR: Exception while trying to communicate '
- 'with %(scheme)s://%(host)s:%(port)s/%(path)s'),
- {'scheme': self.dsc_parsed2.scheme,
- 'host': self.dsc_parsed2.hostname,
- 'port': self.dsc_parsed2.port, 'path': path})
- raise
+
# Record the mapping from account id back to account name
path = quote('/v1/%s/.account_id/%s%s' %
- (self.auth_account, self.reseller_prefix, account_suffix))
+ (self.auth_account, self.reseller_prefix, account))
resp = self.make_pre_authed_request(
req.environ, 'PUT', path, account).get_response(self.app)
if resp.status_int // 100 != 2:
@@ -811,7 +781,7 @@ class Swauth(object):
services = {'storage': {}}
services['storage'][self.dsc_name] = '%s/%s%s' % (
self.dsc_url,
- self.reseller_prefix, account_suffix)
+ self.reseller_prefix, account)
services['storage']['default'] = self.dsc_name
resp = self.make_pre_authed_request(
req.environ, 'PUT', path,
@@ -824,7 +794,7 @@ class Swauth(object):
resp = self.make_pre_authed_request(
req.environ, 'POST', path,
headers={'X-Container-Meta-Account-Id': '%s%s' % (
- self.reseller_prefix, account_suffix)}).get_response(self.app)
+ self.reseller_prefix, account)}).get_response(self.app)
if resp.status_int // 100 != 2:
raise Exception('Could not record the account id on the account: '
'%s %s' % (path, resp.status))
@@ -843,6 +813,7 @@ class Swauth(object):
account = req.path_info_pop()
if req.path_info or not account or account[0] == '.':
return HTTPBadRequest(request=req)
+
# Make sure the account has no users and get the account_id
marker = ''
while True:
@@ -864,6 +835,7 @@ class Swauth(object):
if obj['name'][0] != '.':
return HTTPConflict(request=req)
marker = sublisting[-1]['name'].encode('utf-8')
+
# Obtain the listing of services the account is on.
path = quote('/v1/%s/%s/.services' % (self.auth_account, account))
resp = self.make_pre_authed_request(
@@ -872,40 +844,14 @@ class Swauth(object):
raise Exception('Could not obtain .services object: %s %s' %
(path, resp.status))
if resp.status_int // 100 == 2:
- services = json.loads(resp.body)
- # Delete the account on each cluster it is on.
- deleted_any = False
- for name, url in services['storage'].iteritems():
- if name != 'default':
- parsed = urlparse(url)
- conn = self.get_conn(parsed)
- conn.request(
- 'DELETE', parsed.path,
- headers={'X-Auth-Token': self.get_itoken(req.environ)})
- resp = conn.getresponse()
- resp.read()
- if resp.status == 409:
- if deleted_any:
- raise Exception(
- 'Managed to delete one or more '
- 'service end points, but failed with: '
- '%s %s %s' % (url, resp.status, resp.reason))
- else:
- return HTTPConflict(request=req)
- if resp.status // 100 != 2 and resp.status != 404:
- raise Exception(
- 'Could not delete account on the '
- 'Swift cluster: %s %s %s' %
- (url, resp.status, resp.reason))
- deleted_any = True
- # Delete the .services object itself.
- path = quote('/v1/%s/%s/.services' %
- (self.auth_account, account))
+ # Delete .services
+ path = quote('/v1/%s/%s/.services' % (self.auth_account, account))
resp = self.make_pre_authed_request(
req.environ, 'DELETE', path).get_response(self.app)
if resp.status_int // 100 != 2 and resp.status_int != 404:
raise Exception('Could not delete .services object: %s %s' %
(path, resp.status))
+
# Delete the account id mapping for the account.
path = quote('/v1/%s/.account_id/%s' %
(self.auth_account, account_id))
@@ -914,6 +860,7 @@ class Swauth(object):
if resp.status_int // 100 != 2 and resp.status_int != 404:
raise Exception('Could not delete account id mapping: %s %s' %
(path, resp.status))
+
# Delete the account marker itself.
path = quote('/v1/%s/%s' % (self.auth_account, account))
resp = self.make_pre_authed_request(
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index 627f1be..6cd0b36 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -18,6 +18,7 @@ try:
except ImportError:
import json
import unittest
+from nose import SkipTest
from contextlib import contextmanager
from time import time
@@ -1196,7 +1197,7 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 204)
- self.assertEquals(self.test_auth.app.calls, 18)
+ self.assertEquals(self.test_auth.app.calls, 17)
def test_prep_bad_method(self):
resp = Request.blank('/auth/v2/.prep',
@@ -1890,10 +1891,6 @@ class TestAuth(unittest.TestCase):
self.assertEquals(self.test_auth.app.calls, 2)
def test_put_account_success(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -1916,14 +1913,9 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 201)
self.assertEquals(self.test_auth.app.calls, 5)
- self.assertEquals(conn.calls, 1)
def test_put_account_success_preexist_but_not_completed(
self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for pre-existence
# We're going to show it as existing this time, but with no
@@ -1947,7 +1939,6 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 201)
self.assertEquals(self.test_auth.app.calls, 4)
- self.assertEquals(conn.calls, 1)
def test_put_account_success_preexist_and_completed(
self):
@@ -1968,10 +1959,6 @@ class TestAuth(unittest.TestCase):
self.assertEquals(self.test_auth.app.calls, 1)
def test_put_account_success_with_given_suffix(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -1994,11 +1981,7 @@ class TestAuth(unittest.TestCase):
'X-Account-Suffix': 'test-suffix'}).get_response(
self.test_auth)
self.assertEquals(resp.status_int, 201)
- self.assertEquals(
- conn.request_path,
- '/v1/AUTH_test-suffix')
self.assertEquals(self.test_auth.app.calls, 5)
- self.assertEquals(conn.calls, 1)
def test_put_account_fail_bad_creds(self):
self.test_auth.app = FakeApp(iter([
@@ -2085,10 +2068,6 @@ class TestAuth(unittest.TestCase):
self.assertEquals(self.test_auth.app.calls, 2)
def test_put_account_fail_on_storage_account_put(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('503 Service Unavailable', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -2103,14 +2082,9 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}).get_response(
self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(conn.calls, 1)
- self.assertEquals(self.test_auth.app.calls, 2)
+ self.assertEquals(self.test_auth.app.calls, 3)
def test_put_account_fail_on_account_id_mapping(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -2127,14 +2101,9 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}).get_response(
self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(conn.calls, 1)
self.assertEquals(self.test_auth.app.calls, 3)
def test_put_account_fail_on_services_object(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -2153,14 +2122,9 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}).get_response(
self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(conn.calls, 1)
self.assertEquals(self.test_auth.app.calls, 4)
def test_put_account_fail_on_post_mapping(self):
- conn = FakeConn(iter([
- # PUT of storage account itself
- ('201 Created', {}, '')]))
- self.test_auth.get_conn = lambda: conn
self.test_auth.app = FakeApp(iter([
# Initial HEAD of account container to check for
# pre-existence
@@ -2181,14 +2145,9 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}).get_response(
self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(conn.calls, 1)
self.assertEquals(self.test_auth.app.calls, 5)
def test_delete_account_success(self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2223,7 +2182,6 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 204)
self.assertEquals(self.test_auth.app.calls, 6)
- self.assertEquals(conn.calls, 1)
def test_delete_account_success_missing_services(self):
self.test_auth.app = FakeApp(iter([
@@ -2259,10 +2217,6 @@ class TestAuth(unittest.TestCase):
def test_delete_account_success_missing_storage_account(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('404 Not Found', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2297,14 +2251,9 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 204)
self.assertEquals(self.test_auth.app.calls, 6)
- self.assertEquals(conn.calls, 1)
def test_delete_account_success_missing_account_id_mapping(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2339,14 +2288,9 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 204)
self.assertEquals(self.test_auth.app.calls, 6)
- self.assertEquals(conn.calls, 1)
def test_delete_account_success_missing_account_container_at_end(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2381,7 +2325,6 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 204)
self.assertEquals(self.test_auth.app.calls, 6)
- self.assertEquals(conn.calls, 1)
def test_delete_account_fail_bad_creds(self):
self.test_auth.app = FakeApp(iter([
@@ -2616,10 +2559,6 @@ class TestAuth(unittest.TestCase):
def test_delete_account_fail_delete_storage_account(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('409 Conflict', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2646,18 +2585,11 @@ class TestAuth(unittest.TestCase):
'.super_admin',
'X-Auth-Admin-Key': 'supertest'}
).get_response(self.test_auth)
- self.assertEquals(resp.status_int, 409)
- self.assertEquals(self.test_auth.app.calls, 3)
- self.assertEquals(conn.calls, 1)
+ self.assertEquals(resp.status_int, 500)
+ self.assertEquals(self.test_auth.app.calls, 4)
def test_delete_account_fail_delete_storage_account2(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, ''),
- # DELETE of storage account itself
- ('409 Conflict', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2686,15 +2618,10 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(self.test_auth.app.calls, 3)
- self.assertEquals(conn.calls, 2)
+ self.assertEquals(self.test_auth.app.calls, 4)
def test_delete_account_fail_delete_storage_account3(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('503 Service Unavailable', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2722,17 +2649,10 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(self.test_auth.app.calls, 3)
- self.assertEquals(conn.calls, 1)
+ self.assertEquals(self.test_auth.app.calls, 4)
def test_delete_account_fail_delete_storage_account4(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, ''),
- # DELETE of storage account itself
- ('503 Service Unavailable', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2761,14 +2681,9 @@ class TestAuth(unittest.TestCase):
'X-Auth-Admin-Key': 'supertest'}
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
- self.assertEquals(self.test_auth.app.calls, 3)
- self.assertEquals(conn.calls, 2)
+ self.assertEquals(self.test_auth.app.calls, 4)
def test_delete_account_fail_delete_services(self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2799,14 +2714,9 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
self.assertEquals(self.test_auth.app.calls, 4)
- self.assertEquals(conn.calls, 1)
def test_delete_account_fail_delete_account_id_mapping(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2839,14 +2749,9 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
self.assertEquals(self.test_auth.app.calls, 5)
- self.assertEquals(conn.calls, 1)
def test_delete_account_fail_delete_account_container(
self):
- conn = FakeConn(iter([
- # DELETE of storage account itself
- ('204 No Content', {}, '')]))
- self.test_auth.get_conn = lambda x: conn
self.test_auth.app = FakeApp(iter([
# Account's container listing, checking for
# users
@@ -2881,7 +2786,6 @@ class TestAuth(unittest.TestCase):
).get_response(self.test_auth)
self.assertEquals(resp.status_int, 500)
self.assertEquals(self.test_auth.app.calls, 6)
- self.assertEquals(conn.calls, 1)
def test_get_user_success(self):
self.test_auth.app = FakeApp(iter([