OpenStack Object Storage (swift)

Merge lp:~redbo/swift/signedurls into lp:~hudson-openstack/swift/trunk

  1. signedurls
  2. Merge into trunk
Proposed by Mike Barton
Status: Merged
Approved by: gholt
Approved revision: 266
Merged at revision: 278
Proposed branch: lp:~redbo/swift/signedurls
Merge into: lp:~hudson-openstack/swift/trunk
Diff against target: 93 lines (+37/-21)
2 files modified
swift/common/middleware/swift3.py (+21/-21)
test/unit/common/middleware/test_swift3.py (+16/-0)
To merge this branch: bzr merge lp:~redbo/swift/signedurls
Reviewer Review Type Date Requested Status
gholt (community) Needs Fixing
Review via email: mp+57395@code.launchpad.net

Commit message

Adds param-signed URLs to swift3 middleware.

Description of the change

Adds param-signed URLs to swift3 middleware.

*Do not approve until after Cactus release*

To post a comment you must log in.
Revision history for this message
gholt (gholt) wrote :

Shouldn't this have a test?

Revision history for this message
gholt (gholt) wrote :

I guess that was passive aggressive. ;)

This needs at least one test.

review: Needs Fixing
lp:~redbo/swift/signedurls updated
265. By Mike Barton

add at least one test

266. By Mike Barton

clean up at least one test

Revision history for this message
Mike Barton (redbo) wrote :

Test added.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'swift/common/middleware/swift3.py'
2--- swift/common/middleware/swift3.py 2011-03-31 05:53:44 +0000
3+++ swift/common/middleware/swift3.py 2011-04-16 06:03:24 +0000
4@@ -16,9 +16,6 @@
5 """
6 The swift3 middleware will emulate the S3 REST api on top of swift.
7
8-The boto python library is necessary to use this middleware (install
9-the python-boto package if you use Ubuntu).
10-
11 The following opperations are currently supported:
12
13 * GET Service
14@@ -438,32 +435,35 @@
15 return BucketController, d
16 return ServiceController, d
17
18- def get_account_info(self, env, req):
19- try:
20- account, user, _junk = \
21- req.headers['Authorization'].split(' ')[-1].split(':')
22- except Exception:
23- return None, None
24-
25- h = canonical_string(req)
26- token = base64.urlsafe_b64encode(h)
27- return '%s:%s' % (account, user), token
28-
29 def __call__(self, env, start_response):
30 req = Request(env)
31- if not'Authorization' in req.headers:
32+
33+ if 'AWSAccessKeyId' in req.GET:
34+ try:
35+ req.headers['Date'] = req.GET['Expires']
36+ req.headers['Authorization'] = \
37+ 'AWS %(AWSAccessKeyId)s:%(Signature)s' % req.GET
38+ except KeyError:
39+ return get_err_response('InvalidArgument')(env, start_response)
40+
41+ if not 'Authorization' in req.headers:
42 return self.app(env, start_response)
43+
44+ try:
45+ account, signature = \
46+ req.headers['Authorization'].split(' ')[-1].rsplit(':', 1)
47+ except Exception:
48+ return get_err_response('InvalidArgument')(env, start_response)
49+
50 try:
51 controller, path_parts = self.get_controller(req.path)
52 except ValueError:
53 return get_err_response('InvalidURI')(env, start_response)
54
55- account_name, token = self.get_account_info(env, req)
56- if not account_name:
57- return get_err_response('InvalidArgument')(env, start_response)
58-
59- controller = controller(env, self.app, account_name, token,
60- **path_parts)
61+ token = base64.urlsafe_b64encode(canonical_string(req))
62+
63+ controller = controller(env, self.app, account, token, **path_parts)
64+
65 if hasattr(controller, req.method):
66 res = getattr(controller, req.method)(env, start_response)
67 else:
68
69=== modified file 'test/unit/common/middleware/test_swift3.py'
70--- test/unit/common/middleware/test_swift3.py 2011-03-31 05:56:00 +0000
71+++ test/unit/common/middleware/test_swift3.py 2011-04-16 06:03:24 +0000
72@@ -594,5 +594,21 @@
73 self.assertEquals(swift3.canonical_string(req2),
74 swift3.canonical_string(req3))
75
76+ def test_signed_urls(self):
77+ class FakeApp(object):
78+ def __call__(self, env, start_response):
79+ self.req = Request(env)
80+ start_response('200 OK')
81+ start_response([])
82+ app = FakeApp()
83+ local_app = swift3.filter_factory({})(app)
84+ req = Request.blank('/bucket/object?Signature=X&Expires=Y&'
85+ 'AWSAccessKeyId=Z', environ={'REQUEST_METHOD': 'GET'})
86+ req.date = datetime.now()
87+ req.content_type = 'text/plain'
88+ resp = local_app(req.environ, lambda *args: None)
89+ self.assertEquals(app.req.headers['Authorization'], 'AWS Z:X')
90+ self.assertEquals(app.req.headers['Date'], 'Y')
91+
92 if __name__ == '__main__':
93 unittest.main()