diff options
| author | Samuel Merritt <sam@swiftstack.com> | 2014-07-11 11:27:11 -0700 |
|---|---|---|
| committer | Alistair Coles <alistair.coles@hp.com> | 2014-08-07 12:26:11 +0100 |
| commit | 134e864fa132b4d29e8fed6c54526cf1777307b2 (patch) | |
| tree | 92582adff4db94171e988eebfdda394f3661d0fb | |
| parent | 698919e67b24a5e0c96dd0c99ee7b8b8f6d728ec (diff) | |
| download | swift-134e864fa132b4d29e8fed6c54526cf1777307b2.tar.gz | |
Add POST and DELETE to tempurl default methods
The tempurl middleware supports any configured HTTP methods, but the
default set was only GET, PUT, and HEAD, so cluster operators had to
take action to enable POST and DELETE. This commit changes the
defaults to include POST and DELETE.
Note that this doesn't affect any existing temporary URLs at all; the
method is baked into the signature (temp_url_sig query param), so no
new access is granted to a holder of a temporary URL by this
change. It simply gives more flexibility to creators of temporary
URLs.
Change-Id: I5bc15bbd2968ab7bedcd7c0df10f2ec825537191
| -rw-r--r-- | etc/proxy-server.conf-sample | 2 | ||||
| -rw-r--r-- | swift/common/middleware/tempurl.py | 5 | ||||
| -rw-r--r-- | test/unit/common/middleware/test_tempurl.py | 19 |
3 files changed, 14 insertions, 12 deletions
diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index 0e10892a7..12f4eac57 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -415,7 +415,7 @@ use = egg:swift#staticweb [filter:tempurl] use = egg:swift#tempurl # The methods allowed with Temp URLs. -# methods = GET HEAD PUT +# methods = GET HEAD PUT POST DELETE # # The headers to remove from incoming requests. Simply a whitespace delimited # list of header names and names can optionally end with '*' to indicate a diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py index 517bb332d..1f10b31ed 100644 --- a/swift/common/middleware/tempurl.py +++ b/swift/common/middleware/tempurl.py @@ -212,7 +212,8 @@ class TempURL(object): :param conf: The configuration dict for the middleware. """ - def __init__(self, app, conf, methods=('GET', 'HEAD', 'PUT')): + def __init__(self, app, conf, + methods=('GET', 'HEAD', 'PUT', 'POST', 'DELETE')): #: The next WSGI application/filter in the paste.deploy pipeline. self.app = app #: The filter configuration dict. @@ -513,7 +514,7 @@ def filter_factory(global_conf, **local_conf): conf = global_conf.copy() conf.update(local_conf) - methods = conf.get('methods', 'GET HEAD PUT').split() + methods = conf.get('methods', 'GET HEAD PUT POST DELETE').split() register_swift_info('tempurl', methods=methods) return lambda app: TempURL(app, conf, methods=methods) diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index bb7399373..e9d166b5f 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -487,7 +487,8 @@ class TestTempURL(unittest.TestCase): self.assertEquals(resp.status_int, 401) self.assertTrue('Www-Authenticate' in resp.headers) - def test_post_not_allowed(self): + def test_post_when_forbidden_by_config(self): + self.tempurl.methods.remove('POST') method = 'POST' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -504,7 +505,8 @@ class TestTempURL(unittest.TestCase): self.assertTrue('Temp URL invalid' in resp.body) self.assertTrue('Www-Authenticate' in resp.headers) - def test_delete_not_allowed(self): + def test_delete_when_forbidden_by_config(self): + self.tempurl.methods.remove('DELETE') method = 'DELETE' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -521,8 +523,7 @@ class TestTempURL(unittest.TestCase): self.assertTrue('Temp URL invalid' in resp.body) self.assertTrue('Www-Authenticate' in resp.headers) - def test_delete_allowed_with_conf(self): - self.tempurl.methods.append('DELETE') + def test_delete_allowed(self): method = 'DELETE' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -708,9 +709,9 @@ class TestTempURL(unittest.TestCase): self.assertEquals(self.tempurl._get_account({ 'REQUEST_METHOD': 'PUT', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ - 'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), None) + 'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ - 'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), None) + 'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ 'REQUEST_METHOD': 'UNKNOWN', 'PATH_INFO': '/v1/a/c/o'}), None) self.assertEquals(self.tempurl._get_account({ @@ -953,14 +954,14 @@ class TestSwiftInfo(unittest.TestCase): swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), - set(('GET', 'HEAD', 'PUT'))) + set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE'))) def test_non_default_methods(self): - tempurl.filter_factory({'methods': 'GET HEAD PUT POST DELETE'}) + tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), - set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE'))) + set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW'))) if __name__ == '__main__': |