diff options
| -rw-r--r-- | gluster/swift/common/middleware/gswauth/swauth/middleware.py | 75 | ||||
| -rw-r--r-- | test/unit/common/middleware/gswauth/swauth/test_middleware.py | 112 |
2 files changed, 19 insertions, 168 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py index 65f7ad7..8712350 100644 --- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py +++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py @@ -39,6 +39,7 @@ from swift.common.utils import cache_from_env, get_logger, get_remote_client, \ split_path, TRUE_VALUES, urlparse import swift.common.wsgi + from gluster.swift.common.middleware.gswauth.swauth import swift_version from gluster.swift.common.middleware.gswauth.swauth import authtypes @@ -546,12 +547,6 @@ class Swauth(object): """ if not self.is_super_admin(req): return HTTPForbidden(request=req) - path = quote('/v1/%s' % self.auth_account) - resp = self.make_pre_authed_request( - req.environ, 'PUT', path).get_response(self.app) - if resp.status_int // 100 != 2: - raise Exception('Could not create the main auth account: %s %s' % - (path, resp.status)) path = quote('/v1/%s/.account_id' % self.auth_account) resp = self.make_pre_authed_request( req.environ, 'PUT', path).get_response(self.app) @@ -772,35 +767,10 @@ class Swauth(object): raise Exception( 'Could not verify account within main auth ' 'account: %s %s' % (path, resp.status)) - account_suffix = req.headers.get('x-account-suffix') - if not account_suffix: - account_suffix = str(uuid4()) - # Create the new account in the Swift cluster - path = quote('%s/%s%s' % (self.dsc_parsed2.path, - self.reseller_prefix, account_suffix)) - try: - conn = self.get_conn() - conn.request( - 'PUT', path, - headers={'X-Auth-Token': self.get_itoken(req.environ), - 'Content-Length': '0'}) - resp = conn.getresponse() - resp.read() - if resp.status // 100 != 2: - raise Exception( - 'Could not create account on the Swift ' - 'cluster: %s %s %s' % (path, resp.status, resp.reason)) - except (Exception, TimeoutError): - self.logger.error( - _('ERROR: Exception while trying to communicate ' - 'with %(scheme)s://%(host)s:%(port)s/%(path)s'), - {'scheme': self.dsc_parsed2.scheme, - 'host': self.dsc_parsed2.hostname, - 'port': self.dsc_parsed2.port, 'path': path}) - raise + # Record the mapping from account id back to account name path = quote('/v1/%s/.account_id/%s%s' % - (self.auth_account, self.reseller_prefix, account_suffix)) + (self.auth_account, self.reseller_prefix, account)) resp = self.make_pre_authed_request( req.environ, 'PUT', path, account).get_response(self.app) if resp.status_int // 100 != 2: @@ -811,7 +781,7 @@ class Swauth(object): services = {'storage': {}} services['storage'][self.dsc_name] = '%s/%s%s' % ( self.dsc_url, - self.reseller_prefix, account_suffix) + self.reseller_prefix, account) services['storage']['default'] = self.dsc_name resp = self.make_pre_authed_request( req.environ, 'PUT', path, @@ -824,7 +794,7 @@ class Swauth(object): resp = self.make_pre_authed_request( req.environ, 'POST', path, headers={'X-Container-Meta-Account-Id': '%s%s' % ( - self.reseller_prefix, account_suffix)}).get_response(self.app) + self.reseller_prefix, account)}).get_response(self.app) if resp.status_int // 100 != 2: raise Exception('Could not record the account id on the account: ' '%s %s' % (path, resp.status)) @@ -843,6 +813,7 @@ class Swauth(object): account = req.path_info_pop() if req.path_info or not account or account[0] == '.': return HTTPBadRequest(request=req) + # Make sure the account has no users and get the account_id marker = '' while True: @@ -864,6 +835,7 @@ class Swauth(object): if obj['name'][0] != '.': return HTTPConflict(request=req) marker = sublisting[-1]['name'].encode('utf-8') + # Obtain the listing of services the account is on. path = quote('/v1/%s/%s/.services' % (self.auth_account, account)) resp = self.make_pre_authed_request( @@ -872,40 +844,14 @@ class Swauth(object): raise Exception('Could not obtain .services object: %s %s' % (path, resp.status)) if resp.status_int // 100 == 2: - services = json.loads(resp.body) - # Delete the account on each cluster it is on. - deleted_any = False - for name, url in services['storage'].iteritems(): - if name != 'default': - parsed = urlparse(url) - conn = self.get_conn(parsed) - conn.request( - 'DELETE', parsed.path, - headers={'X-Auth-Token': self.get_itoken(req.environ)}) - resp = conn.getresponse() - resp.read() - if resp.status == 409: - if deleted_any: - raise Exception( - 'Managed to delete one or more ' - 'service end points, but failed with: ' - '%s %s %s' % (url, resp.status, resp.reason)) - else: - return HTTPConflict(request=req) - if resp.status // 100 != 2 and resp.status != 404: - raise Exception( - 'Could not delete account on the ' - 'Swift cluster: %s %s %s' % - (url, resp.status, resp.reason)) - deleted_any = True - # Delete the .services object itself. - path = quote('/v1/%s/%s/.services' % - (self.auth_account, account)) + # Delete .services + path = quote('/v1/%s/%s/.services' % (self.auth_account, account)) resp = self.make_pre_authed_request( req.environ, 'DELETE', path).get_response(self.app) if resp.status_int // 100 != 2 and resp.status_int != 404: raise Exception('Could not delete .services object: %s %s' % (path, resp.status)) + # Delete the account id mapping for the account. path = quote('/v1/%s/.account_id/%s' % (self.auth_account, account_id)) @@ -914,6 +860,7 @@ class Swauth(object): if resp.status_int // 100 != 2 and resp.status_int != 404: raise Exception('Could not delete account id mapping: %s %s' % (path, resp.status)) + # Delete the account marker itself. path = quote('/v1/%s/%s' % (self.auth_account, account)) resp = self.make_pre_authed_request( diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py index 627f1be..6cd0b36 100644 --- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py +++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py @@ -18,6 +18,7 @@ try: except ImportError: import json import unittest +from nose import SkipTest from contextlib import contextmanager from time import time @@ -1196,7 +1197,7 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) - self.assertEquals(self.test_auth.app.calls, 18) + self.assertEquals(self.test_auth.app.calls, 17) def test_prep_bad_method(self): resp = Request.blank('/auth/v2/.prep', @@ -1890,10 +1891,6 @@ class TestAuth(unittest.TestCase): self.assertEquals(self.test_auth.app.calls, 2) def test_put_account_success(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -1916,14 +1913,9 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 201) self.assertEquals(self.test_auth.app.calls, 5) - self.assertEquals(conn.calls, 1) def test_put_account_success_preexist_but_not_completed( self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for pre-existence # We're going to show it as existing this time, but with no @@ -1947,7 +1939,6 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 201) self.assertEquals(self.test_auth.app.calls, 4) - self.assertEquals(conn.calls, 1) def test_put_account_success_preexist_and_completed( self): @@ -1968,10 +1959,6 @@ class TestAuth(unittest.TestCase): self.assertEquals(self.test_auth.app.calls, 1) def test_put_account_success_with_given_suffix(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -1994,11 +1981,7 @@ class TestAuth(unittest.TestCase): 'X-Account-Suffix': 'test-suffix'}).get_response( self.test_auth) self.assertEquals(resp.status_int, 201) - self.assertEquals( - conn.request_path, - '/v1/AUTH_test-suffix') self.assertEquals(self.test_auth.app.calls, 5) - self.assertEquals(conn.calls, 1) def test_put_account_fail_bad_creds(self): self.test_auth.app = FakeApp(iter([ @@ -2085,10 +2068,6 @@ class TestAuth(unittest.TestCase): self.assertEquals(self.test_auth.app.calls, 2) def test_put_account_fail_on_storage_account_put(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('503 Service Unavailable', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -2103,14 +2082,9 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'}).get_response( self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(conn.calls, 1) - self.assertEquals(self.test_auth.app.calls, 2) + self.assertEquals(self.test_auth.app.calls, 3) def test_put_account_fail_on_account_id_mapping(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -2127,14 +2101,9 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'}).get_response( self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(conn.calls, 1) self.assertEquals(self.test_auth.app.calls, 3) def test_put_account_fail_on_services_object(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -2153,14 +2122,9 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'}).get_response( self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(conn.calls, 1) self.assertEquals(self.test_auth.app.calls, 4) def test_put_account_fail_on_post_mapping(self): - conn = FakeConn(iter([ - # PUT of storage account itself - ('201 Created', {}, '')])) - self.test_auth.get_conn = lambda: conn self.test_auth.app = FakeApp(iter([ # Initial HEAD of account container to check for # pre-existence @@ -2181,14 +2145,9 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'}).get_response( self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(conn.calls, 1) self.assertEquals(self.test_auth.app.calls, 5) def test_delete_account_success(self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2223,7 +2182,6 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) self.assertEquals(self.test_auth.app.calls, 6) - self.assertEquals(conn.calls, 1) def test_delete_account_success_missing_services(self): self.test_auth.app = FakeApp(iter([ @@ -2259,10 +2217,6 @@ class TestAuth(unittest.TestCase): def test_delete_account_success_missing_storage_account( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('404 Not Found', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2297,14 +2251,9 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) self.assertEquals(self.test_auth.app.calls, 6) - self.assertEquals(conn.calls, 1) def test_delete_account_success_missing_account_id_mapping( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2339,14 +2288,9 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) self.assertEquals(self.test_auth.app.calls, 6) - self.assertEquals(conn.calls, 1) def test_delete_account_success_missing_account_container_at_end( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2381,7 +2325,6 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 204) self.assertEquals(self.test_auth.app.calls, 6) - self.assertEquals(conn.calls, 1) def test_delete_account_fail_bad_creds(self): self.test_auth.app = FakeApp(iter([ @@ -2616,10 +2559,6 @@ class TestAuth(unittest.TestCase): def test_delete_account_fail_delete_storage_account( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('409 Conflict', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2646,18 +2585,11 @@ class TestAuth(unittest.TestCase): '.super_admin', 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) - self.assertEquals(resp.status_int, 409) - self.assertEquals(self.test_auth.app.calls, 3) - self.assertEquals(conn.calls, 1) + self.assertEquals(resp.status_int, 500) + self.assertEquals(self.test_auth.app.calls, 4) def test_delete_account_fail_delete_storage_account2( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, ''), - # DELETE of storage account itself - ('409 Conflict', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2686,15 +2618,10 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(self.test_auth.app.calls, 3) - self.assertEquals(conn.calls, 2) + self.assertEquals(self.test_auth.app.calls, 4) def test_delete_account_fail_delete_storage_account3( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('503 Service Unavailable', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2722,17 +2649,10 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(self.test_auth.app.calls, 3) - self.assertEquals(conn.calls, 1) + self.assertEquals(self.test_auth.app.calls, 4) def test_delete_account_fail_delete_storage_account4( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, ''), - # DELETE of storage account itself - ('503 Service Unavailable', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2761,14 +2681,9 @@ class TestAuth(unittest.TestCase): 'X-Auth-Admin-Key': 'supertest'} ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) - self.assertEquals(self.test_auth.app.calls, 3) - self.assertEquals(conn.calls, 2) + self.assertEquals(self.test_auth.app.calls, 4) def test_delete_account_fail_delete_services(self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2799,14 +2714,9 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) self.assertEquals(self.test_auth.app.calls, 4) - self.assertEquals(conn.calls, 1) def test_delete_account_fail_delete_account_id_mapping( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2839,14 +2749,9 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) self.assertEquals(self.test_auth.app.calls, 5) - self.assertEquals(conn.calls, 1) def test_delete_account_fail_delete_account_container( self): - conn = FakeConn(iter([ - # DELETE of storage account itself - ('204 No Content', {}, '')])) - self.test_auth.get_conn = lambda x: conn self.test_auth.app = FakeApp(iter([ # Account's container listing, checking for # users @@ -2881,7 +2786,6 @@ class TestAuth(unittest.TestCase): ).get_response(self.test_auth) self.assertEquals(resp.status_int, 500) self.assertEquals(self.test_auth.app.calls, 6) - self.assertEquals(conn.calls, 1) def test_get_user_success(self): self.test_auth.app = FakeApp(iter([ |