lp:~gholt/swift/acls2
- Get this branch:
- bzr branch lp:~gholt/swift/acls2
Branch merges
- Chuck Thier (community): Approve
-
Diff: 6866 lines (+2927/-890)40 files modifiedbin/st (+344/-134)
bin/swift-auth-add-user (+27/-15)
bin/swift-stats-populate (+2/-1)
bin/swift-stats-report (+22/-19)
doc/source/auth.rst (+1/-1)
doc/source/development_auth.rst (+484/-0)
doc/source/development_saio.rst (+8/-16)
doc/source/howto_cyberduck.rst (+2/-2)
doc/source/index.rst (+1/-0)
doc/source/misc.rst (+9/-0)
doc/source/overview_auth.rst (+16/-11)
etc/proxy-server.conf-sample (+6/-0)
setup.py (+1/-1)
swift/account/reaper.py (+1/-1)
swift/auth/server.py (+145/-85)
swift/common/client.py (+148/-75)
swift/common/direct_client.py (+40/-31)
swift/common/middleware/acl.py (+160/-0)
swift/common/middleware/auth.py (+80/-75)
swift/container/server.py (+7/-2)
swift/proxy/server.py (+140/-21)
test/functional/sample.conf (+15/-5)
test/functional/tests.py (+10/-6)
test/functionalnosetests/swift_testing.py (+51/-16)
test/functionalnosetests/test_account.py (+4/-3)
test/functionalnosetests/test_container.py (+229/-8)
test/functionalnosetests/test_object.py (+91/-0)
test/probe/test_account_failures.py (+30/-16)
test/probe/test_container_failures.py (+52/-52)
test/probe/test_object_async_update.py (+2/-2)
test/probe/test_object_handoff.py (+14/-15)
test/probe/test_running_with_each_type_down.py (+18/-9)
test/unit/auth/test_server.py (+128/-93)
test/unit/common/middleware/test_acl.py (+126/-0)
test/unit/common/middleware/test_auth.py (+149/-32)
test/unit/common/test_client.py (+6/-3)
test/unit/common/test_direct_client.py (+0/-1)
test/unit/container/test_server.py (+43/-0)
test/unit/obj/test_server.py (+22/-21)
test/unit/proxy/test_server.py (+293/-118)
Related bugs
Bug #607912: swift-auth-create-account lets you create multiple users with same params but only single token exists causing problems on reset | Undecided | Fix Released | |
Bug #620628: Add public container facility | Undecided | Fix Released |
Related blueprints
Branch information
Recent revisions
- 81. By gholt
-
Got rid of inter-reseller ACLs. Enforce ACLs to only work within a reseller space. Updated docs and tests. We can expand to inter-reseller in the future with ACLs like .x:RESELLER_group
- 80. By gholt
-
For ACL strings: Shortened .ref to just .r, though .ref, .referer, and .referrer are all accepted. Updated 'Creating Your Own Auth Middleware' to describe how the DevAuth server works and suggestions for creating one's own. Added reseller_prefix (optional) implementation. Used urlparse in referrer_allowed. Fixed bug where group names would get lowercased by clean_acl. Changed .r:any to .r:*. Allowed .r:*.example.com to mean .r:.example.com. Made proxy log just the first authenticated group (the user) alongside the token. Moved proxy callback to clean_acl before the length check of the metadata. Cleaned up redundant logic in first proxy swift.authorize callback. Bit better docs. More and updated tests.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:~hudson-openstack/swift/trunk