Merge "Use a doubled proxy-logging instead of each middleware handling it differently (if at all)"
This commit is contained in:
commit
3df9229dae
@ -33,7 +33,7 @@
|
|||||||
# eventlet_debug = false
|
# eventlet_debug = false
|
||||||
|
|
||||||
[pipeline:main]
|
[pipeline:main]
|
||||||
pipeline = catch_errors healthcheck cache ratelimit tempauth container-quotas proxy-logging proxy-server
|
pipeline = catch_errors healthcheck proxy-logging cache ratelimit tempauth container-quotas proxy-logging proxy-server
|
||||||
|
|
||||||
[app:proxy-server]
|
[app:proxy-server]
|
||||||
use = egg:swift#proxy
|
use = egg:swift#proxy
|
||||||
@ -265,15 +265,6 @@ use = egg:swift#cname_lookup
|
|||||||
use = egg:swift#staticweb
|
use = egg:swift#staticweb
|
||||||
# Seconds to cache container x-container-meta-web-* header values.
|
# Seconds to cache container x-container-meta-web-* header values.
|
||||||
# cache_timeout = 300
|
# cache_timeout = 300
|
||||||
# You can override the default log routing for this filter here:
|
|
||||||
# set log_name = staticweb
|
|
||||||
# set log_facility = LOG_LOCAL0
|
|
||||||
# set log_level = INFO
|
|
||||||
# set log_address = /dev/log
|
|
||||||
# set access_log_name = staticweb
|
|
||||||
# set access_log_facility = LOG_LOCAL0
|
|
||||||
# set access_log_level = INFO
|
|
||||||
# set log_headers = False
|
|
||||||
|
|
||||||
# Note: Put tempurl just before your auth filter(s) in the pipeline
|
# Note: Put tempurl just before your auth filter(s) in the pipeline
|
||||||
[filter:tempurl]
|
[filter:tempurl]
|
||||||
@ -331,6 +322,11 @@ use = egg:swift#proxy_logging
|
|||||||
# What HTTP methods are allowed for StatsD logging (comma-sep); request methods
|
# What HTTP methods are allowed for StatsD logging (comma-sep); request methods
|
||||||
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
|
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
|
||||||
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
|
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
|
||||||
|
# Note: The double proxy-logging in the pipeline is not a mistake. The
|
||||||
|
# left-most proxy-logging is there to log requests that were handled in
|
||||||
|
# middleware and never made it through to the right-most middleware (and
|
||||||
|
# proxy server). Double logging is prevented for normal requests. See
|
||||||
|
# proxy-logging docs.
|
||||||
|
|
||||||
# Note: Put before both ratelimit and auth in the pipeline.
|
# Note: Put before both ratelimit and auth in the pipeline.
|
||||||
[filter:bulk]
|
[filter:bulk]
|
||||||
|
@ -79,24 +79,43 @@ class Bulk(object):
|
|||||||
Acceptable formats are text/plain, application/json, application/xml, and
|
Acceptable formats are text/plain, application/json, application/xml, and
|
||||||
text/xml.
|
text/xml.
|
||||||
|
|
||||||
|
There are proxy logs created for each file (which becomes a subrequest) in
|
||||||
|
the tar. The subrequest's proxy log will have a swift.source set to "EA"
|
||||||
|
the log's content length will reflect the unzipped size of the file. If
|
||||||
|
double proxy-logging is used the leftmost logger will not have a
|
||||||
|
swift.source set and the content length will reflect the size of the
|
||||||
|
payload sent to the proxy (the unexpanded size of the tar.gz).
|
||||||
|
|
||||||
Bulk Delete:
|
Bulk Delete:
|
||||||
|
|
||||||
Will delete multiple objects from their account with a single request.
|
Will delete multiple objects or containers from their account with a
|
||||||
Responds to DELETE requests with query parameter ?bulk-delete set.
|
single request. Responds to DELETE requests with query parameter
|
||||||
The Content-Type should be set to text/plain. The body of the DELETE
|
?bulk-delete set. The Content-Type should be set to text/plain.
|
||||||
request will be a newline separated list of url encoded objects to delete.
|
The body of the DELETE request will be a newline separated list of url
|
||||||
You can only delete 1000 (configurable) objects per request. The objects
|
encoded objects to delete. You can only delete 1000 (configurable) objects
|
||||||
specified in the DELETE request body must be URL encoded and in the form:
|
per request. The objects specified in the DELETE request body must be URL
|
||||||
|
encoded and in the form:
|
||||||
|
|
||||||
/container_name/obj_name
|
/container_name/obj_name
|
||||||
|
|
||||||
If all objects were successfully deleted (or did not exist), will return an
|
or for a container (which must be empty at time of delete)
|
||||||
HTTPOk. If any objects failed to delete, will return an HTTPBadGateway. In
|
|
||||||
both cases the response body will specify the number of objects
|
/container_name
|
||||||
successfully deleted, not found, and a list of the objects that failed.
|
|
||||||
|
If all items were successfully deleted (or did not exist), will return an
|
||||||
|
HTTPOk. If any failed to delete, will return an HTTPBadGateway. In
|
||||||
|
both cases the response body will specify the number of items
|
||||||
|
successfully deleted, not found, and a list of those that failed.
|
||||||
The return body will be formatted in the way specified in the request's
|
The return body will be formatted in the way specified in the request's
|
||||||
Accept header. Acceptable formats are text/plain, application/json,
|
Accept header. Acceptable formats are text/plain, application/json,
|
||||||
apllication/xml, and text/xml.
|
application/xml, and text/xml.
|
||||||
|
|
||||||
|
There are proxy logs created for each object or container (which becomes a
|
||||||
|
subrequest) that is deleted. The subrequest's proxy log will have a
|
||||||
|
swift.source set to "BD" the log's content length of 0. If double
|
||||||
|
proxy-logging is used the leftmost logger will not have a
|
||||||
|
swift.source set and the content length will reflect the size of the
|
||||||
|
payload sent to the proxy (the list of objects/containers to be deleted).
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, app, conf):
|
def __init__(self, app, conf):
|
||||||
@ -117,6 +136,7 @@ class Bulk(object):
|
|||||||
"""
|
"""
|
||||||
new_env = req.environ.copy()
|
new_env = req.environ.copy()
|
||||||
new_env['PATH_INFO'] = container_path
|
new_env['PATH_INFO'] = container_path
|
||||||
|
new_env['swift.source'] = 'EA'
|
||||||
create_cont_req = Request.blank(container_path, environ=new_env)
|
create_cont_req = Request.blank(container_path, environ=new_env)
|
||||||
resp = create_cont_req.get_response(self.app)
|
resp = create_cont_req.get_response(self.app)
|
||||||
if resp.status_int // 100 != 2:
|
if resp.status_int // 100 != 2:
|
||||||
@ -231,6 +251,7 @@ class Bulk(object):
|
|||||||
new_env['CONTENT_LENGTH'] = 0
|
new_env['CONTENT_LENGTH'] = 0
|
||||||
new_env['HTTP_USER_AGENT'] = \
|
new_env['HTTP_USER_AGENT'] = \
|
||||||
'%s BulkDelete' % req.environ.get('HTTP_USER_AGENT')
|
'%s BulkDelete' % req.environ.get('HTTP_USER_AGENT')
|
||||||
|
new_env['swift.source'] = 'BD'
|
||||||
delete_obj_req = Request.blank(delete_path, new_env)
|
delete_obj_req = Request.blank(delete_path, new_env)
|
||||||
resp = delete_obj_req.get_response(self.app)
|
resp = delete_obj_req.get_response(self.app)
|
||||||
if resp.status_int // 100 == 2:
|
if resp.status_int // 100 == 2:
|
||||||
@ -337,6 +358,7 @@ class Bulk(object):
|
|||||||
new_env['wsgi.input'] = tar_file
|
new_env['wsgi.input'] = tar_file
|
||||||
new_env['PATH_INFO'] = destination
|
new_env['PATH_INFO'] = destination
|
||||||
new_env['CONTENT_LENGTH'] = tar_info.size
|
new_env['CONTENT_LENGTH'] = tar_info.size
|
||||||
|
new_env['swift.source'] = 'EA'
|
||||||
new_env['HTTP_USER_AGENT'] = \
|
new_env['HTTP_USER_AGENT'] = \
|
||||||
'%s BulkExpand' % req.environ.get('HTTP_USER_AGENT')
|
'%s BulkExpand' % req.environ.get('HTTP_USER_AGENT')
|
||||||
create_obj_req = Request.blank(destination, new_env)
|
create_obj_req = Request.blank(destination, new_env)
|
||||||
|
@ -80,7 +80,8 @@ class ContainerQuotaMiddleware(object):
|
|||||||
|
|
||||||
# check user uploads against quotas
|
# check user uploads against quotas
|
||||||
elif obj and req.method == 'PUT':
|
elif obj and req.method == 'PUT':
|
||||||
container_info = get_container_info(req.environ, self.app)
|
container_info = get_container_info(
|
||||||
|
req.environ, self.app, swift_source='CQ')
|
||||||
if not container_info or not is_success(container_info['status']):
|
if not container_info or not is_success(container_info['status']):
|
||||||
# this will hopefully 404 later
|
# this will hopefully 404 later
|
||||||
return self.app
|
return self.app
|
||||||
|
@ -109,7 +109,7 @@ from StringIO import StringIO
|
|||||||
from time import gmtime, strftime, time
|
from time import gmtime, strftime, time
|
||||||
from urllib import quote, unquote
|
from urllib import quote, unquote
|
||||||
|
|
||||||
from swift.common.utils import get_logger, streq_const_time
|
from swift.common.utils import streq_const_time
|
||||||
from swift.common.wsgi import make_pre_authed_env
|
from swift.common.wsgi import make_pre_authed_env
|
||||||
from swift.common.http import HTTP_BAD_REQUEST
|
from swift.common.http import HTTP_BAD_REQUEST
|
||||||
|
|
||||||
@ -285,6 +285,9 @@ class FormPost(object):
|
|||||||
|
|
||||||
See above for a full description.
|
See above for a full description.
|
||||||
|
|
||||||
|
The proxy logs created for any subrequests made will have swift.source set
|
||||||
|
to "FP".
|
||||||
|
|
||||||
:param app: The next WSGI filter or app in the paste.deploy
|
:param app: The next WSGI filter or app in the paste.deploy
|
||||||
chain.
|
chain.
|
||||||
:param conf: The configuration dict for the middleware.
|
:param conf: The configuration dict for the middleware.
|
||||||
@ -295,10 +298,6 @@ class FormPost(object):
|
|||||||
self.app = app
|
self.app = app
|
||||||
#: The filter configuration dict.
|
#: The filter configuration dict.
|
||||||
self.conf = conf
|
self.conf = conf
|
||||||
#: The logger to use with this middleware.
|
|
||||||
self.logger = get_logger(conf, log_route='formpost')
|
|
||||||
#: The HTTP user agent to use with subrequests.
|
|
||||||
self.agent = '%(orig)s FormPost'
|
|
||||||
|
|
||||||
def __call__(self, env, start_response):
|
def __call__(self, env, start_response):
|
||||||
"""
|
"""
|
||||||
@ -314,13 +313,12 @@ class FormPost(object):
|
|||||||
_parse_attrs(env.get('CONTENT_TYPE') or '')
|
_parse_attrs(env.get('CONTENT_TYPE') or '')
|
||||||
if content_type == 'multipart/form-data' and \
|
if content_type == 'multipart/form-data' and \
|
||||||
'boundary' in attrs:
|
'boundary' in attrs:
|
||||||
|
env['HTTP_USER_AGENT'] += ' FormPost'
|
||||||
status, headers, body = self._translate_form(
|
status, headers, body = self._translate_form(
|
||||||
env, attrs['boundary'])
|
env, attrs['boundary'])
|
||||||
self._log_request(env, int(status.split(' ', 1)[0]))
|
|
||||||
start_response(status, headers)
|
start_response(status, headers)
|
||||||
return body
|
return body
|
||||||
except (FormInvalid, EOFError), err:
|
except (FormInvalid, EOFError), err:
|
||||||
self._log_request(env, HTTP_BAD_REQUEST)
|
|
||||||
body = 'FormPost: %s' % err
|
body = 'FormPost: %s' % err
|
||||||
start_response(
|
start_response(
|
||||||
'400 Bad Request',
|
'400 Bad Request',
|
||||||
@ -413,7 +411,8 @@ class FormPost(object):
|
|||||||
max_file_size = int(attributes.get('max_file_size') or 0)
|
max_file_size = int(attributes.get('max_file_size') or 0)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
raise FormInvalid('max_file_size not an integer')
|
raise FormInvalid('max_file_size not an integer')
|
||||||
subenv = make_pre_authed_env(orig_env, 'PUT', agent=self.agent)
|
subenv = make_pre_authed_env(orig_env, 'PUT', agent=None,
|
||||||
|
swift_source='FP')
|
||||||
subenv['HTTP_TRANSFER_ENCODING'] = 'chunked'
|
subenv['HTTP_TRANSFER_ENCODING'] = 'chunked'
|
||||||
subenv['wsgi.input'] = _CappedFileLikeObject(fp, max_file_size)
|
subenv['wsgi.input'] = _CappedFileLikeObject(fp, max_file_size)
|
||||||
if subenv['PATH_INFO'][-1] != '/' and \
|
if subenv['PATH_INFO'][-1] != '/' and \
|
||||||
@ -471,7 +470,7 @@ class FormPost(object):
|
|||||||
key = memcache.get('temp-url-key/%s' % account)
|
key = memcache.get('temp-url-key/%s' % account)
|
||||||
if not key:
|
if not key:
|
||||||
newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
|
newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
|
||||||
self.agent)
|
agent=None, swift_source='FP')
|
||||||
newenv['CONTENT_LENGTH'] = '0'
|
newenv['CONTENT_LENGTH'] = '0'
|
||||||
newenv['wsgi.input'] = StringIO('')
|
newenv['wsgi.input'] = StringIO('')
|
||||||
key = [None]
|
key = [None]
|
||||||
@ -491,45 +490,6 @@ class FormPost(object):
|
|||||||
memcache.set('temp-url-key/%s' % account, key, timeout=60)
|
memcache.set('temp-url-key/%s' % account, key, timeout=60)
|
||||||
return key
|
return key
|
||||||
|
|
||||||
def _log_request(self, env, response_status_int):
|
|
||||||
"""
|
|
||||||
Used when a request might not be logged by the underlying
|
|
||||||
WSGI application, but we'd still like to record what
|
|
||||||
happened. An early 401 Unauthorized is a good example of
|
|
||||||
this.
|
|
||||||
|
|
||||||
:param env: The WSGI environment for the request.
|
|
||||||
:param response_status_int: The HTTP status we'll be replying
|
|
||||||
to the request with.
|
|
||||||
"""
|
|
||||||
the_request = quote(unquote(env.get('PATH_INFO') or '/'))
|
|
||||||
if env.get('QUERY_STRING'):
|
|
||||||
the_request = the_request + '?' + env['QUERY_STRING']
|
|
||||||
client = env.get('HTTP_X_CLUSTER_CLIENT_IP')
|
|
||||||
if not client and 'HTTP_X_FORWARDED_FOR' in env:
|
|
||||||
# remote host for other lbs
|
|
||||||
client = env['HTTP_X_FORWARDED_FOR'].split(',')[0].strip()
|
|
||||||
if not client:
|
|
||||||
client = env.get('REMOTE_ADDR')
|
|
||||||
self.logger.info(' '.join(quote(str(x)) for x in (
|
|
||||||
client or '-',
|
|
||||||
env.get('REMOTE_ADDR') or '-',
|
|
||||||
strftime('%d/%b/%Y/%H/%M/%S', gmtime()),
|
|
||||||
env.get('REQUEST_METHOD') or 'GET',
|
|
||||||
the_request,
|
|
||||||
env.get('SERVER_PROTOCOL') or '1.0',
|
|
||||||
response_status_int,
|
|
||||||
env.get('HTTP_REFERER') or '-',
|
|
||||||
(env.get('HTTP_USER_AGENT') or '-') + ' FormPOST',
|
|
||||||
env.get('HTTP_X_AUTH_TOKEN') or '-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
env.get('swift.trans_id') or '-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
)))
|
|
||||||
|
|
||||||
|
|
||||||
def filter_factory(global_conf, **local_conf):
|
def filter_factory(global_conf, **local_conf):
|
||||||
""" Returns the WSGI filter for use with paste.deploy. """
|
""" Returns the WSGI filter for use with paste.deploy. """
|
||||||
|
@ -35,6 +35,27 @@ be separated with a simple .split()
|
|||||||
|
|
||||||
* Values that are missing (e.g. due to a header not being present) or zero
|
* Values that are missing (e.g. due to a header not being present) or zero
|
||||||
are generally represented by a single hyphen ('-').
|
are generally represented by a single hyphen ('-').
|
||||||
|
|
||||||
|
The proxy-logging can be used twice in the proxy server's pipeline when there
|
||||||
|
is middleware installed that can return custom responses that don't follow the
|
||||||
|
standard pipeline to the proxy server.
|
||||||
|
|
||||||
|
For example, with staticweb, the middleware might intercept a request to
|
||||||
|
/v1/AUTH_acc/cont/, make a subrequest to the proxy to retrieve
|
||||||
|
/v1/AUTH_acc/cont/index.html and, in effect, respond to the client's original
|
||||||
|
request using the 2nd request's body. In this instance the subrequest will be
|
||||||
|
logged by the rightmost middleware (with a swift.source set) and the outgoing
|
||||||
|
request (with body overridden) will be logged by leftmost middleware.
|
||||||
|
|
||||||
|
Requests that follow the normal pipeline (use the same wsgi environment
|
||||||
|
throughout) will not be double logged because an environment variable
|
||||||
|
(swift.proxy_access_log_made) is checked/set when a log is made.
|
||||||
|
|
||||||
|
All middleware making subrequests should take care to set swift.source when
|
||||||
|
needed. With the doubled proxy logs, any consumer/processor of swift's proxy
|
||||||
|
logs should look at the swift.source field, the rightmost log value, to decide
|
||||||
|
if this is a middleware subrequest or not. A log processor calculating
|
||||||
|
bandwidth usage will want to only sum up logs with no swift.source.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import time
|
import time
|
||||||
@ -56,7 +77,6 @@ class ProxyLoggingMiddleware(object):
|
|||||||
self.log_hdrs = config_true_value(conf.get(
|
self.log_hdrs = config_true_value(conf.get(
|
||||||
'access_log_headers',
|
'access_log_headers',
|
||||||
conf.get('log_headers', 'no')))
|
conf.get('log_headers', 'no')))
|
||||||
|
|
||||||
# The leading access_* check is in case someone assumes that
|
# The leading access_* check is in case someone assumes that
|
||||||
# log_statsd_valid_http_methods behaves like the other log_statsd_*
|
# log_statsd_valid_http_methods behaves like the other log_statsd_*
|
||||||
# settings.
|
# settings.
|
||||||
@ -89,6 +109,8 @@ class ProxyLoggingMiddleware(object):
|
|||||||
:param bytes_sent: bytes yielded to the WSGI server
|
:param bytes_sent: bytes yielded to the WSGI server
|
||||||
:param request_time: time taken to satisfy the request, in seconds
|
:param request_time: time taken to satisfy the request, in seconds
|
||||||
"""
|
"""
|
||||||
|
if env.get('swift.proxy_access_log_made'):
|
||||||
|
return
|
||||||
req = Request(env)
|
req = Request(env)
|
||||||
if client_disconnect: # log disconnected clients as '499' status code
|
if client_disconnect: # log disconnected clients as '499' status code
|
||||||
status_int = 499
|
status_int = 499
|
||||||
@ -122,6 +144,7 @@ class ProxyLoggingMiddleware(object):
|
|||||||
'%.4f' % request_time,
|
'%.4f' % request_time,
|
||||||
req.environ.get('swift.source'),
|
req.environ.get('swift.source'),
|
||||||
)))
|
)))
|
||||||
|
env['swift.proxy_access_log_made'] = True
|
||||||
# Log timing and bytes-transfered data to StatsD
|
# Log timing and bytes-transfered data to StatsD
|
||||||
if req.path.startswith('/v1/'):
|
if req.path.startswith('/v1/'):
|
||||||
try:
|
try:
|
||||||
|
@ -28,8 +28,8 @@ added. For example::
|
|||||||
...
|
...
|
||||||
|
|
||||||
[pipeline:main]
|
[pipeline:main]
|
||||||
pipeline = catch_errors healthcheck cache ratelimit tempauth staticweb
|
pipeline = catch_errors healthcheck proxy-logging cache ratelimit tempauth
|
||||||
proxy-logging proxy-server
|
staticweb proxy-logging proxy-server
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
||||||
@ -37,14 +37,6 @@ added. For example::
|
|||||||
use = egg:swift#staticweb
|
use = egg:swift#staticweb
|
||||||
# Seconds to cache container x-container-meta-web-* header values.
|
# Seconds to cache container x-container-meta-web-* header values.
|
||||||
# cache_timeout = 300
|
# cache_timeout = 300
|
||||||
# You can override the default log routing for this filter here:
|
|
||||||
# set log_name = staticweb
|
|
||||||
# set log_facility = LOG_LOCAL0
|
|
||||||
# set log_level = INFO
|
|
||||||
# set access_log_name = staticweb
|
|
||||||
# set access_log_facility = LOG_LOCAL0
|
|
||||||
# set access_log_level = INFO
|
|
||||||
# set log_headers = False
|
|
||||||
|
|
||||||
Any publicly readable containers (for example, ``X-Container-Read: .r:*``, see
|
Any publicly readable containers (for example, ``X-Container-Read: .r:*``, see
|
||||||
`acls`_ for more information on this) will be checked for
|
`acls`_ for more information on this) will be checked for
|
||||||
@ -115,8 +107,8 @@ import time
|
|||||||
from urllib import unquote, quote as urllib_quote
|
from urllib import unquote, quote as urllib_quote
|
||||||
|
|
||||||
|
|
||||||
from swift.common.utils import cache_from_env, get_logger, human_readable, \
|
from swift.common.utils import cache_from_env, human_readable, split_path, \
|
||||||
split_path, config_true_value, json
|
config_true_value, json
|
||||||
from swift.common.wsgi import make_pre_authed_env, make_pre_authed_request, \
|
from swift.common.wsgi import make_pre_authed_env, make_pre_authed_request, \
|
||||||
WSGIContext
|
WSGIContext
|
||||||
from swift.common.http import is_success, is_redirection, HTTP_NOT_FOUND
|
from swift.common.http import is_success, is_redirection, HTTP_NOT_FOUND
|
||||||
@ -151,9 +143,6 @@ class _StaticWebContext(WSGIContext):
|
|||||||
self.obj = obj
|
self.obj = obj
|
||||||
self.app = staticweb.app
|
self.app = staticweb.app
|
||||||
self.cache_timeout = staticweb.cache_timeout
|
self.cache_timeout = staticweb.cache_timeout
|
||||||
self.logger = staticweb.logger
|
|
||||||
self.access_logger = staticweb.access_logger
|
|
||||||
self.log_headers = staticweb.log_headers
|
|
||||||
self.agent = '%(orig)s StaticWeb'
|
self.agent = '%(orig)s StaticWeb'
|
||||||
# Results from the last call to self._get_container_info.
|
# Results from the last call to self._get_container_info.
|
||||||
self._index = self._error = self._listings = self._listings_css = None
|
self._index = self._error = self._listings = self._listings_css = None
|
||||||
@ -167,7 +156,6 @@ class _StaticWebContext(WSGIContext):
|
|||||||
:param env: The original request WSGI environment.
|
:param env: The original request WSGI environment.
|
||||||
:param start_response: The WSGI start_response hook.
|
:param start_response: The WSGI start_response hook.
|
||||||
"""
|
"""
|
||||||
self._log_response(env, self._get_status_int())
|
|
||||||
if not self._error:
|
if not self._error:
|
||||||
start_response(self._response_status, self._response_headers,
|
start_response(self._response_status, self._response_headers,
|
||||||
self._response_exc_info)
|
self._response_exc_info)
|
||||||
@ -179,7 +167,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
env, 'GET', '/%s/%s/%s/%s%s' % (
|
env, 'GET', '/%s/%s/%s/%s%s' % (
|
||||||
self.version, self.account, self.container,
|
self.version, self.account, self.container,
|
||||||
self._get_status_int(), self._error),
|
self._get_status_int(), self._error),
|
||||||
self.agent))
|
self.agent, swift_source='SW'))
|
||||||
if is_success(self._get_status_int()):
|
if is_success(self._get_status_int()):
|
||||||
start_response(save_response_status, self._response_headers,
|
start_response(save_response_status, self._response_headers,
|
||||||
self._response_exc_info)
|
self._response_exc_info)
|
||||||
@ -210,7 +198,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
resp = make_pre_authed_request(
|
resp = make_pre_authed_request(
|
||||||
env, 'HEAD', '/%s/%s/%s' % (
|
env, 'HEAD', '/%s/%s/%s' % (
|
||||||
self.version, self.account, self.container),
|
self.version, self.account, self.container),
|
||||||
agent=self.agent).get_response(self.app)
|
agent=self.agent, swift_source='SW').get_response(self.app)
|
||||||
if is_success(resp.status_int):
|
if is_success(resp.status_int):
|
||||||
self._index = \
|
self._index = \
|
||||||
resp.headers.get('x-container-meta-web-index', '').strip()
|
resp.headers.get('x-container-meta-web-index', '').strip()
|
||||||
@ -241,7 +229,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
tmp_env = make_pre_authed_env(
|
tmp_env = make_pre_authed_env(
|
||||||
env, 'GET', '/%s/%s/%s' % (
|
env, 'GET', '/%s/%s/%s' % (
|
||||||
self.version, self.account, self.container),
|
self.version, self.account, self.container),
|
||||||
self.agent)
|
self.agent, swift_source='SW')
|
||||||
tmp_env['QUERY_STRING'] = 'delimiter=/&format=json'
|
tmp_env['QUERY_STRING'] = 'delimiter=/&format=json'
|
||||||
if prefix:
|
if prefix:
|
||||||
tmp_env['QUERY_STRING'] += '&prefix=%s' % quote(prefix)
|
tmp_env['QUERY_STRING'] += '&prefix=%s' % quote(prefix)
|
||||||
@ -321,7 +309,6 @@ class _StaticWebContext(WSGIContext):
|
|||||||
' </body>\n' \
|
' </body>\n' \
|
||||||
'</html>\n'
|
'</html>\n'
|
||||||
resp = Response(headers=headers, body=body)
|
resp = Response(headers=headers, body=body)
|
||||||
self._log_response(env, resp.status_int)
|
|
||||||
return resp(env, start_response)
|
return resp(env, start_response)
|
||||||
|
|
||||||
def _build_css_path(self, prefix=''):
|
def _build_css_path(self, prefix=''):
|
||||||
@ -352,13 +339,13 @@ class _StaticWebContext(WSGIContext):
|
|||||||
if env['PATH_INFO'][-1] != '/':
|
if env['PATH_INFO'][-1] != '/':
|
||||||
resp = HTTPMovedPermanently(
|
resp = HTTPMovedPermanently(
|
||||||
location=(env['PATH_INFO'] + '/'))
|
location=(env['PATH_INFO'] + '/'))
|
||||||
self._log_response(env, resp.status_int)
|
|
||||||
return resp(env, start_response)
|
return resp(env, start_response)
|
||||||
if not self._index:
|
if not self._index:
|
||||||
return self._listing(env, start_response)
|
return self._listing(env, start_response)
|
||||||
tmp_env = dict(env)
|
tmp_env = dict(env)
|
||||||
tmp_env['HTTP_USER_AGENT'] = \
|
tmp_env['HTTP_USER_AGENT'] = \
|
||||||
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
||||||
|
tmp_env['swift.source'] = 'SW'
|
||||||
tmp_env['PATH_INFO'] += self._index
|
tmp_env['PATH_INFO'] += self._index
|
||||||
resp = self._app_call(tmp_env)
|
resp = self._app_call(tmp_env)
|
||||||
status_int = self._get_status_int()
|
status_int = self._get_status_int()
|
||||||
@ -382,6 +369,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
tmp_env = dict(env)
|
tmp_env = dict(env)
|
||||||
tmp_env['HTTP_USER_AGENT'] = \
|
tmp_env['HTTP_USER_AGENT'] = \
|
||||||
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
||||||
|
tmp_env['swift.source'] = 'SW'
|
||||||
resp = self._app_call(tmp_env)
|
resp = self._app_call(tmp_env)
|
||||||
status_int = self._get_status_int()
|
status_int = self._get_status_int()
|
||||||
if is_success(status_int) or is_redirection(status_int):
|
if is_success(status_int) or is_redirection(status_int):
|
||||||
@ -398,6 +386,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
tmp_env = dict(env)
|
tmp_env = dict(env)
|
||||||
tmp_env['HTTP_USER_AGENT'] = \
|
tmp_env['HTTP_USER_AGENT'] = \
|
||||||
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
'%s StaticWeb' % env.get('HTTP_USER_AGENT')
|
||||||
|
tmp_env['swift.source'] = 'SW'
|
||||||
if tmp_env['PATH_INFO'][-1] != '/':
|
if tmp_env['PATH_INFO'][-1] != '/':
|
||||||
tmp_env['PATH_INFO'] += '/'
|
tmp_env['PATH_INFO'] += '/'
|
||||||
tmp_env['PATH_INFO'] += self._index
|
tmp_env['PATH_INFO'] += self._index
|
||||||
@ -407,7 +396,6 @@ class _StaticWebContext(WSGIContext):
|
|||||||
if env['PATH_INFO'][-1] != '/':
|
if env['PATH_INFO'][-1] != '/':
|
||||||
resp = HTTPMovedPermanently(
|
resp = HTTPMovedPermanently(
|
||||||
location=env['PATH_INFO'] + '/')
|
location=env['PATH_INFO'] + '/')
|
||||||
self._log_response(env, resp.status_int)
|
|
||||||
return resp(env, start_response)
|
return resp(env, start_response)
|
||||||
start_response(self._response_status, self._response_headers,
|
start_response(self._response_status, self._response_headers,
|
||||||
self._response_exc_info)
|
self._response_exc_info)
|
||||||
@ -417,7 +405,7 @@ class _StaticWebContext(WSGIContext):
|
|||||||
tmp_env = make_pre_authed_env(
|
tmp_env = make_pre_authed_env(
|
||||||
env, 'GET', '/%s/%s/%s' % (
|
env, 'GET', '/%s/%s/%s' % (
|
||||||
self.version, self.account, self.container),
|
self.version, self.account, self.container),
|
||||||
self.agent)
|
self.agent, swift_source='SW')
|
||||||
tmp_env['QUERY_STRING'] = 'limit=1&format=json&delimiter' \
|
tmp_env['QUERY_STRING'] = 'limit=1&format=json&delimiter' \
|
||||||
'=/&limit=1&prefix=%s' % quote(self.obj + '/')
|
'=/&limit=1&prefix=%s' % quote(self.obj + '/')
|
||||||
resp = self._app_call(tmp_env)
|
resp = self._app_call(tmp_env)
|
||||||
@ -427,77 +415,18 @@ class _StaticWebContext(WSGIContext):
|
|||||||
resp = HTTPNotFound()(env, self._start_response)
|
resp = HTTPNotFound()(env, self._start_response)
|
||||||
return self._error_response(resp, env, start_response)
|
return self._error_response(resp, env, start_response)
|
||||||
resp = HTTPMovedPermanently(location=env['PATH_INFO'] + '/')
|
resp = HTTPMovedPermanently(location=env['PATH_INFO'] + '/')
|
||||||
self._log_response(env, resp.status_int)
|
|
||||||
return resp(env, start_response)
|
return resp(env, start_response)
|
||||||
return self._listing(env, start_response, self.obj)
|
return self._listing(env, start_response, self.obj)
|
||||||
|
|
||||||
def _log_response(self, env, status_int):
|
|
||||||
"""
|
|
||||||
Logs an access line for StaticWeb responses; use when the next app in
|
|
||||||
the pipeline will not be handling the final response to the remote
|
|
||||||
user.
|
|
||||||
|
|
||||||
Assumes that the request and response bodies are 0 bytes or very near 0
|
|
||||||
so no bytes transferred are tracked or logged.
|
|
||||||
|
|
||||||
This does mean that the listings responses that actually do transfer
|
|
||||||
content will not be logged with any bytes transferred, but in counter
|
|
||||||
to that the full bytes for the underlying listing will be logged by the
|
|
||||||
proxy even if the remote client disconnects early for the StaticWeb
|
|
||||||
listing.
|
|
||||||
|
|
||||||
I didn't think the extra complexity of getting the bytes transferred
|
|
||||||
exactly correct for these requests was worth it, but perhaps someone
|
|
||||||
else will think it is.
|
|
||||||
|
|
||||||
To get things exact, this filter would need to use an
|
|
||||||
eventlet.posthooks logger like the proxy does and any log processing
|
|
||||||
systems would need to ignore some (but not all) proxy requests made by
|
|
||||||
StaticWeb if they were just interested in the bytes transferred to the
|
|
||||||
remote client.
|
|
||||||
"""
|
|
||||||
trans_time = '%.4f' % (time.time() -
|
|
||||||
env.get('staticweb.start_time', time.time()))
|
|
||||||
the_request = quote(unquote(env['PATH_INFO']))
|
|
||||||
if env.get('QUERY_STRING'):
|
|
||||||
the_request = the_request + '?' + env['QUERY_STRING']
|
|
||||||
# remote user for zeus
|
|
||||||
client = env.get('HTTP_X_CLUSTER_CLIENT_IP')
|
|
||||||
if not client and 'HTTP_X_FORWARDED_FOR' in env:
|
|
||||||
# remote user for other lbs
|
|
||||||
client = env['HTTP_X_FORWARDED_FOR'].split(',')[0].strip()
|
|
||||||
logged_headers = None
|
|
||||||
if self.log_headers:
|
|
||||||
headers = []
|
|
||||||
for k, v in env.iteritems():
|
|
||||||
if k.startswith('HTTP_'):
|
|
||||||
k = k[len('HTTP_'):].replace('_', '-').title()
|
|
||||||
headers.append((k, v))
|
|
||||||
logged_headers = '\n'.join('%s: %s' % (k, v) for k, v in headers)
|
|
||||||
self.access_logger.info(' '.join(quote(str(x)) for x in (
|
|
||||||
client or '-',
|
|
||||||
env.get('REMOTE_ADDR', '-'),
|
|
||||||
time.strftime('%d/%b/%Y/%H/%M/%S', time.gmtime()),
|
|
||||||
env['REQUEST_METHOD'],
|
|
||||||
the_request,
|
|
||||||
env['SERVER_PROTOCOL'],
|
|
||||||
status_int,
|
|
||||||
env.get('HTTP_REFERER', '-'),
|
|
||||||
env.get('HTTP_USER_AGENT', '-'),
|
|
||||||
env.get('HTTP_X_AUTH_TOKEN', '-'),
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
env.get('HTTP_ETAG', '-'),
|
|
||||||
env.get('swift.trans_id', '-'),
|
|
||||||
logged_headers or '-',
|
|
||||||
trans_time)))
|
|
||||||
|
|
||||||
|
|
||||||
class StaticWeb(object):
|
class StaticWeb(object):
|
||||||
"""
|
"""
|
||||||
The Static Web WSGI middleware filter; serves container data as a static
|
The Static Web WSGI middleware filter; serves container data as a static
|
||||||
web site. See `staticweb`_ for an overview.
|
web site. See `staticweb`_ for an overview.
|
||||||
|
|
||||||
|
The proxy logs created for any subrequests made will have swift.source set
|
||||||
|
to "SW".
|
||||||
|
|
||||||
:param app: The next WSGI application/filter in the paste.deploy pipeline.
|
:param app: The next WSGI application/filter in the paste.deploy pipeline.
|
||||||
:param conf: The filter configuration dict.
|
:param conf: The filter configuration dict.
|
||||||
"""
|
"""
|
||||||
@ -509,18 +438,6 @@ class StaticWeb(object):
|
|||||||
self.conf = conf
|
self.conf = conf
|
||||||
#: The seconds to cache the x-container-meta-web-* headers.,
|
#: The seconds to cache the x-container-meta-web-* headers.,
|
||||||
self.cache_timeout = int(conf.get('cache_timeout', 300))
|
self.cache_timeout = int(conf.get('cache_timeout', 300))
|
||||||
#: Logger for this filter.
|
|
||||||
self.logger = get_logger(conf, log_route='staticweb')
|
|
||||||
access_log_conf = {}
|
|
||||||
for key in ('log_facility', 'log_name', 'log_level'):
|
|
||||||
value = conf.get('access_' + key, conf.get(key, None))
|
|
||||||
if value:
|
|
||||||
access_log_conf[key] = value
|
|
||||||
#: Web access logger for this filter.
|
|
||||||
self.access_logger = get_logger(access_log_conf,
|
|
||||||
log_route='staticweb-access')
|
|
||||||
#: Indicates whether full HTTP headers should be logged or not.
|
|
||||||
self.log_headers = config_true_value(conf.get('log_headers', 'no'))
|
|
||||||
|
|
||||||
def __call__(self, env, start_response):
|
def __call__(self, env, start_response):
|
||||||
"""
|
"""
|
||||||
|
@ -309,18 +309,7 @@ class TempAuth(object):
|
|||||||
if 'x-storage-token' in req.headers and \
|
if 'x-storage-token' in req.headers and \
|
||||||
'x-auth-token' not in req.headers:
|
'x-auth-token' not in req.headers:
|
||||||
req.headers['x-auth-token'] = req.headers['x-storage-token']
|
req.headers['x-auth-token'] = req.headers['x-storage-token']
|
||||||
if 'eventlet.posthooks' in env:
|
return self.handle_request(req)(env, start_response)
|
||||||
env['eventlet.posthooks'].append(
|
|
||||||
(self.posthooklogger, (req,), {}))
|
|
||||||
return self.handle_request(req)(env, start_response)
|
|
||||||
else:
|
|
||||||
# Lack of posthook support means that we have to log on the
|
|
||||||
# start of the response, rather than after all the data has
|
|
||||||
# been sent. This prevents logging client disconnects
|
|
||||||
# differently than full transmissions.
|
|
||||||
response = self.handle_request(req)(env, start_response)
|
|
||||||
self.posthooklogger(env, req)
|
|
||||||
return response
|
|
||||||
except (Exception, Timeout):
|
except (Exception, Timeout):
|
||||||
print "EXCEPTION IN handle: %s: %s" % (format_exc(), env)
|
print "EXCEPTION IN handle: %s: %s" % (format_exc(), env)
|
||||||
self.logger.increment('errors')
|
self.logger.increment('errors')
|
||||||
@ -466,42 +455,6 @@ class TempAuth(object):
|
|||||||
resp.headers['x-storage-url'] = url
|
resp.headers['x-storage-url'] = url
|
||||||
return resp
|
return resp
|
||||||
|
|
||||||
def posthooklogger(self, env, req):
|
|
||||||
if not req.path.startswith(self.auth_prefix):
|
|
||||||
return
|
|
||||||
response = getattr(req, 'response', None)
|
|
||||||
if not response:
|
|
||||||
return
|
|
||||||
trans_time = '%.4f' % (time() - req.start_time)
|
|
||||||
the_request = quote(unquote(req.path))
|
|
||||||
if req.query_string:
|
|
||||||
the_request = the_request + '?' + req.query_string
|
|
||||||
# remote user for zeus
|
|
||||||
client = req.headers.get('x-cluster-client-ip')
|
|
||||||
if not client and 'x-forwarded-for' in req.headers:
|
|
||||||
# remote user for other lbs
|
|
||||||
client = req.headers['x-forwarded-for'].split(',')[0].strip()
|
|
||||||
logged_headers = None
|
|
||||||
if self.log_headers:
|
|
||||||
logged_headers = '\n'.join('%s: %s' % (k, v)
|
|
||||||
for k, v in req.headers.items())
|
|
||||||
status_int = response.status_int
|
|
||||||
if getattr(req, 'client_disconnect', False) or \
|
|
||||||
getattr(response, 'client_disconnect', False):
|
|
||||||
status_int = HTTP_CLIENT_CLOSED_REQUEST
|
|
||||||
self.logger.info(
|
|
||||||
' '.join(quote(str(x)) for x in (client or '-',
|
|
||||||
req.remote_addr or '-', strftime('%d/%b/%Y/%H/%M/%S', gmtime()),
|
|
||||||
req.method, the_request, req.environ['SERVER_PROTOCOL'],
|
|
||||||
status_int, req.referer or '-', req.user_agent or '-',
|
|
||||||
req.headers.get('x-auth-token',
|
|
||||||
req.headers.get('x-auth-admin-user', '-')),
|
|
||||||
getattr(req, 'bytes_transferred', 0) or '-',
|
|
||||||
getattr(response, 'bytes_transferred', 0) or '-',
|
|
||||||
req.headers.get('etag', '-'),
|
|
||||||
req.environ.get('swift.trans_id', '-'), logged_headers or '-',
|
|
||||||
trans_time)))
|
|
||||||
|
|
||||||
|
|
||||||
def filter_factory(global_conf, **local_conf):
|
def filter_factory(global_conf, **local_conf):
|
||||||
"""Returns a WSGI filter app for use with paste.deploy."""
|
"""Returns a WSGI filter app for use with paste.deploy."""
|
||||||
|
@ -86,7 +86,6 @@ from time import gmtime, strftime, time
|
|||||||
from urllib import quote, unquote
|
from urllib import quote, unquote
|
||||||
from urlparse import parse_qs
|
from urlparse import parse_qs
|
||||||
|
|
||||||
from swift.common.utils import get_logger
|
|
||||||
from swift.common.wsgi import make_pre_authed_env
|
from swift.common.wsgi import make_pre_authed_env
|
||||||
from swift.common.http import HTTP_UNAUTHORIZED
|
from swift.common.http import HTTP_UNAUTHORIZED
|
||||||
|
|
||||||
@ -151,6 +150,9 @@ class TempURL(object):
|
|||||||
'*' to indicate a prefix match.
|
'*' to indicate a prefix match.
|
||||||
Default: x-object-meta-public-*
|
Default: x-object-meta-public-*
|
||||||
|
|
||||||
|
The proxy logs created for any subrequests made will have swift.source set
|
||||||
|
to "FP".
|
||||||
|
|
||||||
:param app: The next WSGI filter or app in the paste.deploy
|
:param app: The next WSGI filter or app in the paste.deploy
|
||||||
chain.
|
chain.
|
||||||
:param conf: The configuration dict for the middleware.
|
:param conf: The configuration dict for the middleware.
|
||||||
@ -161,8 +163,6 @@ class TempURL(object):
|
|||||||
self.app = app
|
self.app = app
|
||||||
#: The filter configuration dict.
|
#: The filter configuration dict.
|
||||||
self.conf = conf
|
self.conf = conf
|
||||||
#: The logger to use with this middleware.
|
|
||||||
self.logger = get_logger(conf, log_route='tempurl')
|
|
||||||
|
|
||||||
headers = DEFAULT_INCOMING_REMOVE_HEADERS
|
headers = DEFAULT_INCOMING_REMOVE_HEADERS
|
||||||
if 'incoming_remove_headers' in conf:
|
if 'incoming_remove_headers' in conf:
|
||||||
@ -326,7 +326,7 @@ class TempURL(object):
|
|||||||
key = memcache.get('temp-url-key/%s' % account)
|
key = memcache.get('temp-url-key/%s' % account)
|
||||||
if not key:
|
if not key:
|
||||||
newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
|
newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
|
||||||
self.agent)
|
self.agent, swift_source='TU')
|
||||||
newenv['CONTENT_LENGTH'] = '0'
|
newenv['CONTENT_LENGTH'] = '0'
|
||||||
newenv['wsgi.input'] = StringIO('')
|
newenv['wsgi.input'] = StringIO('')
|
||||||
key = [None]
|
key = [None]
|
||||||
@ -378,7 +378,6 @@ class TempURL(object):
|
|||||||
:param start_response: The WSGI start_response hook.
|
:param start_response: The WSGI start_response hook.
|
||||||
:returns: 401 response as per WSGI.
|
:returns: 401 response as per WSGI.
|
||||||
"""
|
"""
|
||||||
self._log_request(env, HTTP_UNAUTHORIZED)
|
|
||||||
body = '401 Unauthorized: Temp URL invalid\n'
|
body = '401 Unauthorized: Temp URL invalid\n'
|
||||||
start_response('401 Unauthorized',
|
start_response('401 Unauthorized',
|
||||||
[('Content-Type', 'text/plain'),
|
[('Content-Type', 'text/plain'),
|
||||||
@ -444,45 +443,6 @@ class TempURL(object):
|
|||||||
del headers[h]
|
del headers[h]
|
||||||
return headers.items()
|
return headers.items()
|
||||||
|
|
||||||
def _log_request(self, env, response_status_int):
|
|
||||||
"""
|
|
||||||
Used when a request might not be logged by the underlying
|
|
||||||
WSGI application, but we'd still like to record what
|
|
||||||
happened. An early 401 Unauthorized is a good example of
|
|
||||||
this.
|
|
||||||
|
|
||||||
:param env: The WSGI environment for the request.
|
|
||||||
:param response_status_int: The HTTP status we'll be replying
|
|
||||||
to the request with.
|
|
||||||
"""
|
|
||||||
the_request = quote(unquote(env.get('PATH_INFO') or '/'))
|
|
||||||
if env.get('QUERY_STRING'):
|
|
||||||
the_request = the_request + '?' + env['QUERY_STRING']
|
|
||||||
client = env.get('HTTP_X_CLUSTER_CLIENT_IP')
|
|
||||||
if not client and 'HTTP_X_FORWARDED_FOR' in env:
|
|
||||||
# remote host for other lbs
|
|
||||||
client = env['HTTP_X_FORWARDED_FOR'].split(',')[0].strip()
|
|
||||||
if not client:
|
|
||||||
client = env.get('REMOTE_ADDR')
|
|
||||||
self.logger.info(' '.join(quote(str(x)) for x in (
|
|
||||||
client or '-',
|
|
||||||
env.get('REMOTE_ADDR') or '-',
|
|
||||||
strftime('%d/%b/%Y/%H/%M/%S', gmtime()),
|
|
||||||
env.get('REQUEST_METHOD') or 'GET',
|
|
||||||
the_request,
|
|
||||||
env.get('SERVER_PROTOCOL') or '1.0',
|
|
||||||
response_status_int,
|
|
||||||
env.get('HTTP_REFERER') or '-',
|
|
||||||
(env.get('HTTP_USER_AGENT') or '-') + ' TempURL',
|
|
||||||
env.get('HTTP_X_AUTH_TOKEN') or '-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
env.get('swift.trans_id') or '-',
|
|
||||||
'-',
|
|
||||||
'-',
|
|
||||||
)))
|
|
||||||
|
|
||||||
|
|
||||||
def filter_factory(global_conf, **local_conf):
|
def filter_factory(global_conf, **local_conf):
|
||||||
""" Returns the WSGI filter for use with paste.deploy. """
|
""" Returns the WSGI filter for use with paste.deploy. """
|
||||||
|
@ -300,7 +300,7 @@ class WSGIContext(object):
|
|||||||
|
|
||||||
|
|
||||||
def make_pre_authed_request(env, method=None, path=None, body=None,
|
def make_pre_authed_request(env, method=None, path=None, body=None,
|
||||||
headers=None, agent='Swift'):
|
headers=None, agent='Swift', swift_source=None):
|
||||||
"""
|
"""
|
||||||
Makes a new swob.Request based on the current env but with the
|
Makes a new swob.Request based on the current env but with the
|
||||||
parameters specified. Note that this request will be preauthorized.
|
parameters specified. Note that this request will be preauthorized.
|
||||||
@ -322,13 +322,16 @@ def make_pre_authed_request(env, method=None, path=None, body=None,
|
|||||||
'%(orig)s StaticWeb'. You also set agent to None to
|
'%(orig)s StaticWeb'. You also set agent to None to
|
||||||
use the original env's HTTP_USER_AGENT or '' to
|
use the original env's HTTP_USER_AGENT or '' to
|
||||||
have no HTTP_USER_AGENT.
|
have no HTTP_USER_AGENT.
|
||||||
|
:param swift_source: Used to mark the request as originating out of
|
||||||
|
middleware. Will be logged in proxy logs.
|
||||||
:returns: Fresh swob.Request object.
|
:returns: Fresh swob.Request object.
|
||||||
"""
|
"""
|
||||||
query_string = None
|
query_string = None
|
||||||
if path and '?' in path:
|
if path and '?' in path:
|
||||||
path, query_string = path.split('?', 1)
|
path, query_string = path.split('?', 1)
|
||||||
newenv = make_pre_authed_env(env, method, path=unquote(path), agent=agent,
|
newenv = make_pre_authed_env(env, method, path=unquote(path), agent=agent,
|
||||||
query_string=query_string)
|
query_string=query_string,
|
||||||
|
swift_source=swift_source)
|
||||||
if not headers:
|
if not headers:
|
||||||
headers = {}
|
headers = {}
|
||||||
if body:
|
if body:
|
||||||
@ -338,7 +341,7 @@ def make_pre_authed_request(env, method=None, path=None, body=None,
|
|||||||
|
|
||||||
|
|
||||||
def make_pre_authed_env(env, method=None, path=None, agent='Swift',
|
def make_pre_authed_env(env, method=None, path=None, agent='Swift',
|
||||||
query_string=None):
|
query_string=None, swift_source=None):
|
||||||
"""
|
"""
|
||||||
Returns a new fresh WSGI environment with escalated privileges to
|
Returns a new fresh WSGI environment with escalated privileges to
|
||||||
do backend checks, listings, etc. that the remote user wouldn't
|
do backend checks, listings, etc. that the remote user wouldn't
|
||||||
@ -361,6 +364,8 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift',
|
|||||||
'%(orig)s StaticWeb'. You also set agent to None to
|
'%(orig)s StaticWeb'. You also set agent to None to
|
||||||
use the original env's HTTP_USER_AGENT or '' to
|
use the original env's HTTP_USER_AGENT or '' to
|
||||||
have no HTTP_USER_AGENT.
|
have no HTTP_USER_AGENT.
|
||||||
|
:param swift_source: Used to mark the request as originating out of
|
||||||
|
middleware. Will be logged in proxy logs.
|
||||||
:returns: Fresh WSGI environment.
|
:returns: Fresh WSGI environment.
|
||||||
"""
|
"""
|
||||||
newenv = {}
|
newenv = {}
|
||||||
@ -383,6 +388,8 @@ def make_pre_authed_env(env, method=None, path=None, agent='Swift',
|
|||||||
agent % {'orig': env.get('HTTP_USER_AGENT', '')}).strip()
|
agent % {'orig': env.get('HTTP_USER_AGENT', '')}).strip()
|
||||||
elif agent == '' and 'HTTP_USER_AGENT' in newenv:
|
elif agent == '' and 'HTTP_USER_AGENT' in newenv:
|
||||||
del newenv['HTTP_USER_AGENT']
|
del newenv['HTTP_USER_AGENT']
|
||||||
|
if swift_source:
|
||||||
|
newenv['swift.source'] = swift_source
|
||||||
newenv['swift.authorize'] = lambda req: None
|
newenv['swift.authorize'] = lambda req: None
|
||||||
newenv['swift.authorize_override'] = True
|
newenv['swift.authorize_override'] = True
|
||||||
newenv['REMOTE_USER'] = '.wsgi.pre_authed'
|
newenv['REMOTE_USER'] = '.wsgi.pre_authed'
|
||||||
|
@ -190,7 +190,7 @@ def cors_validation(func):
|
|||||||
return wrapped
|
return wrapped
|
||||||
|
|
||||||
|
|
||||||
def get_container_info(env, app):
|
def get_container_info(env, app, swift_source=None):
|
||||||
"""
|
"""
|
||||||
Get the info structure for a container, based on env and app.
|
Get the info structure for a container, based on env and app.
|
||||||
This is useful to middlewares.
|
This is useful to middlewares.
|
||||||
@ -208,7 +208,8 @@ def get_container_info(env, app):
|
|||||||
container_info = cache.get(cache_key)
|
container_info = cache.get(cache_key)
|
||||||
if not container_info:
|
if not container_info:
|
||||||
resp = make_pre_authed_request(
|
resp = make_pre_authed_request(
|
||||||
env, 'HEAD', '/%s/%s/%s' % (version, account, container)
|
env, 'HEAD', '/%s/%s/%s' % (version, account, container),
|
||||||
|
swift_source=swift_source,
|
||||||
).get_response(app)
|
).get_response(app)
|
||||||
container_info = headers_to_container_info(
|
container_info = headers_to_container_info(
|
||||||
resp.headers, resp.status_int)
|
resp.headers, resp.status_int)
|
||||||
|
@ -624,33 +624,6 @@ class TestStaticWeb(unittest.TestCase):
|
|||||||
self.assertEquals(resp.body, '1')
|
self.assertEquals(resp.body, '1')
|
||||||
self.assertEquals(self.app.calls, 1)
|
self.assertEquals(self.app.calls, 1)
|
||||||
|
|
||||||
def test_log_headers(self):
|
|
||||||
# Using a listing request since we know that calls StaticWeb's logging
|
|
||||||
# routines
|
|
||||||
self.test_staticweb.access_logger = FakeLogger()
|
|
||||||
self.test_staticweb.log_headers = True
|
|
||||||
req = Request.blank('/v1/a/c3/subdir/',
|
|
||||||
headers={'test-header': 'test-value'})
|
|
||||||
resp = req.get_response(self.test_staticweb)
|
|
||||||
self.assertEquals(resp.status_int, 200)
|
|
||||||
self.assert_('Listing of /v1/a/c3/subdir/' in resp.body)
|
|
||||||
infos = self.test_staticweb.access_logger.log_dict['info']
|
|
||||||
self.assertEquals(len(infos), 1)
|
|
||||||
info = infos[0][0][0]
|
|
||||||
self.assertTrue('Test-Header%3A%20test-value' in info, repr(info))
|
|
||||||
|
|
||||||
self.test_staticweb.access_logger = FakeLogger()
|
|
||||||
self.test_staticweb.log_headers = False
|
|
||||||
req = Request.blank('/v1/a/c3/subdir/',
|
|
||||||
headers={'test-header': 'test-value'})
|
|
||||||
resp = req.get_response(self.test_staticweb)
|
|
||||||
self.assertEquals(resp.status_int, 200)
|
|
||||||
self.assert_('Listing of /v1/a/c3/subdir/' in resp.body)
|
|
||||||
infos = self.test_staticweb.access_logger.log_dict['info']
|
|
||||||
self.assertEquals(len(infos), 1)
|
|
||||||
info = infos[0][0][0]
|
|
||||||
self.assertTrue('Test-Header%3A%20test-value' not in info, repr(info))
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
@ -187,6 +187,14 @@ class TestWSGI(unittest.TestCase):
|
|||||||
self.assertTrue('wsgi.input' in newenv)
|
self.assertTrue('wsgi.input' in newenv)
|
||||||
self.assertEquals(newenv['wsgi.input'].read(), '')
|
self.assertEquals(newenv['wsgi.input'].read(), '')
|
||||||
|
|
||||||
|
oldenv = {'swift.source': 'UT'}
|
||||||
|
newenv = wsgi.make_pre_authed_env(oldenv)
|
||||||
|
self.assertEquals(newenv['swift.source'], 'UT')
|
||||||
|
|
||||||
|
oldenv = {'swift.source': 'UT'}
|
||||||
|
newenv = wsgi.make_pre_authed_env(oldenv, swift_source='SA')
|
||||||
|
self.assertEquals(newenv['swift.source'], 'SA')
|
||||||
|
|
||||||
def test_pre_auth_req(self):
|
def test_pre_auth_req(self):
|
||||||
class FakeReq(object):
|
class FakeReq(object):
|
||||||
@classmethod
|
@classmethod
|
||||||
@ -237,6 +245,12 @@ class TestWSGI(unittest.TestCase):
|
|||||||
self.assertEquals(e['SCRIPT_NAME'], '')
|
self.assertEquals(e['SCRIPT_NAME'], '')
|
||||||
self.assertEquals(e['PATH_INFO'], '/override')
|
self.assertEquals(e['PATH_INFO'], '/override')
|
||||||
|
|
||||||
|
def test_pre_auth_req_swift_source(self):
|
||||||
|
r = wsgi.make_pre_authed_request(
|
||||||
|
{'QUERY_STRING': 'original'}, 'GET', 'path', 'the body',
|
||||||
|
swift_source='UT')
|
||||||
|
self.assertEquals(r.body, 'the body')
|
||||||
|
self.assertEquals(r.environ['swift.source'], 'UT')
|
||||||
|
|
||||||
class TestWSGIContext(unittest.TestCase):
|
class TestWSGIContext(unittest.TestCase):
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user