Merge remote-tracking branch 'gerrit/master' into feature/losffeature/losf

Change-Id: If9d7c63f3c4c15fbccff31e2b77a6911bb95972a

5 files changed, 52 insertions, 18 deletions

diff --git a/swift/common/middleware/memcache.py b/swift/common/middleware/memcache.py
index e846749cb..b5b9569a5 100644
--- a/swift/common/middleware/memcache.py
+++ b/swift/common/middleware/memcache.py
@@ -19,6 +19,7 @@ from six.moves.configparser import ConfigParser, NoSectionError, NoOptionError
 
 from swift.common.memcached import (MemcacheRing, CONN_TIMEOUT, POOL_TIMEOUT,
                                     IO_TIMEOUT, TRY_COUNT)
+from swift.common.utils import get_logger
 
 
 class MemcacheMiddleware(object):
@@ -28,6 +29,7 @@ class MemcacheMiddleware(object):
 
     def __init__(self, app, conf):
         self.app = app
+        self.logger = get_logger(conf, log_route='memcache')
         self.memcache_servers = conf.get('memcache_servers')
         serialization_format = conf.get('memcache_serialization_support')
         try:
@@ -102,7 +104,8 @@ class MemcacheMiddleware(object):
             io_timeout=io_timeout,
             allow_pickle=(serialization_format == 0),
             allow_unpickle=(serialization_format <= 1),
-            max_conns=max_conns)
+            max_conns=max_conns,
+            logger=self.logger)
 
     def __call__(self, env, start_response):
         env['swift.cache'] = self.memcache
diff --git a/swift/common/middleware/ratelimit.py b/swift/common/middleware/ratelimit.py
index 72e1d6a40..9d3ff2fdd 100644
--- a/swift/common/middleware/ratelimit.py
+++ b/swift/common/middleware/ratelimit.py
@@ -242,6 +242,10 @@ class RateLimitMiddleware(object):
         if not self.memcache_client:
             return None
 
+        if req.environ.get('swift.ratelimit.handled'):
+            return None
+        req.environ['swift.ratelimit.handled'] = True
+
         try:
             account_info = get_account_info(req.environ, self.app,
                                             swift_source='RL')
diff --git a/swift/common/middleware/s3api/controllers/obj.py b/swift/common/middleware/s3api/controllers/obj.py
index 293b14702..716c837b6 100644
--- a/swift/common/middleware/s3api/controllers/obj.py
+++ b/swift/common/middleware/s3api/controllers/obj.py
@@ -26,7 +26,7 @@ from swift.common.middleware.versioned_writes.object_versioning import \
 from swift.common.middleware.s3api.utils import S3Timestamp, sysmeta_header
 from swift.common.middleware.s3api.controllers.base import Controller
 from swift.common.middleware.s3api.s3response import S3NotImplemented, \
-    InvalidRange, NoSuchKey, InvalidArgument, HTTPNoContent, \
+    InvalidRange, NoSuchKey, NoSuchVersion, InvalidArgument, HTTPNoContent, \
     PreconditionFailed
 
 
@@ -88,7 +88,15 @@ class ObjectController(Controller):
         if version_id not in ('null', None) and \
                 'object_versioning' not in get_swift_info():
             raise S3NotImplemented()
+
         query = {} if version_id is None else {'version-id': version_id}
+        if version_id not in ('null', None):
+            container_info = req.get_container_info(self.app)
+            if not container_info.get(
+                    'sysmeta', {}).get('versions-container', ''):
+                # Versioning has never been enabled
+                raise NoSuchVersion(object_name, version_id)
+
         resp = req.get_response(self.app, query=query)
 
         if req.method == 'HEAD':
@@ -193,17 +201,25 @@ class ObjectController(Controller):
                 'object_versioning' not in get_swift_info():
             raise S3NotImplemented()
 
+        version_id = req.params.get('versionId')
+        if version_id not in ('null', None):
+            container_info = req.get_container_info(self.app)
+            if not container_info.get(
+                    'sysmeta', {}).get('versions-container', ''):
+                # Versioning has never been enabled
+                return HTTPNoContent(headers={'x-amz-version-id': version_id})
+
         try:
             try:
                 query = req.gen_multipart_manifest_delete_query(
-                    self.app, version=req.params.get('versionId'))
+                    self.app, version=version_id)
             except NoSuchKey:
                 query = {}
 
             req.headers['Content-Type'] = None  # Ignore client content-type
 
-            if 'versionId' in req.params:
-                query['version-id'] = req.params['versionId']
+            if version_id is not None:
+                query['version-id'] = version_id
                 query['symlink'] = 'get'
 
             resp = req.get_response(self.app, query=query)
diff --git a/swift/common/middleware/symlink.py b/swift/common/middleware/symlink.py
index d2c644438..bde163aa0 100644
--- a/swift/common/middleware/symlink.py
+++ b/swift/common/middleware/symlink.py
@@ -205,7 +205,8 @@ from swift.common.utils import get_logger, register_swift_info, split_path, \
     MD5_OF_EMPTY_STRING, close_if_possible, closing_if_possible, \
     config_true_value, drain_and_close
 from swift.common.constraints import check_account_format
-from swift.common.wsgi import WSGIContext, make_subrequest
+from swift.common.wsgi import WSGIContext, make_subrequest, \
+    make_pre_authed_request
 from swift.common.request_helpers import get_sys_meta_prefix, \
     check_path_header, get_container_update_override_key, \
     update_ignore_range_header
@@ -442,7 +443,9 @@ class SymlinkObjectContext(WSGIContext):
                                content_type='text/plain')
 
     def _recursive_get_head(self, req, target_etag=None,
-                            follow_softlinks=True):
+                            follow_softlinks=True, orig_req=None):
+        if not orig_req:
+            orig_req = req
         resp = self._app_call(req.environ)
 
         def build_traversal_req(symlink_target):
@@ -457,9 +460,20 @@ class SymlinkObjectContext(WSGIContext):
                 '/', version, account,
                 symlink_target.lstrip('/'))
             self._last_target_path = target_path
-            new_req = make_subrequest(
-                req.environ, path=target_path, method=req.method,
-                headers=req.headers, swift_source='SYM')
+
+            subreq_headers = dict(req.headers)
+            if self._response_header_value(ALLOW_RESERVED_NAMES):
+                # this symlink's sysmeta says it can point to reserved names,
+                # we're infering that some piece of middleware had previously
+                # authorized this request because users can't access reserved
+                # names directly
+                subreq_meth = make_pre_authed_request
+                subreq_headers['X-Backend-Allow-Reserved-Names'] = 'true'
+            else:
+                subreq_meth = make_subrequest
+            new_req = subreq_meth(orig_req.environ, path=target_path,
+                                  method=req.method, headers=subreq_headers,
+                                  swift_source='SYM')
             new_req.headers.pop('X-Backend-Storage-Policy-Index', None)
             return new_req
 
@@ -484,11 +498,8 @@ class SymlinkObjectContext(WSGIContext):
             if not config_true_value(
                     self._response_header_value(SYMLOOP_EXTEND)):
                 self._loop_count += 1
-            if config_true_value(
-                    self._response_header_value(ALLOW_RESERVED_NAMES)):
-                new_req.headers['X-Backend-Allow-Reserved-Names'] = 'true'
-
-            return self._recursive_get_head(new_req, target_etag=resp_etag)
+            return self._recursive_get_head(new_req, target_etag=resp_etag,
+                                            orig_req=req)
         else:
             final_etag = self._response_header_value('etag')
             if final_etag and target_etag and target_etag != final_etag:
diff --git a/swift/common/middleware/versioned_writes/object_versioning.py b/swift/common/middleware/versioned_writes/object_versioning.py
index 5c9b72d5c..508972f72 100644
--- a/swift/common/middleware/versioned_writes/object_versioning.py
+++ b/swift/common/middleware/versioned_writes/object_versioning.py
@@ -152,7 +152,7 @@ from cgi import parse_header
 from six.moves.urllib.parse import unquote
 
 from swift.common.constraints import MAX_FILE_SIZE, valid_api_version, \
-    ACCOUNT_LISTING_LIMIT
+    ACCOUNT_LISTING_LIMIT, CONTAINER_LISTING_LIMIT
 from swift.common.http import is_success, is_client_error, HTTP_NOT_FOUND, \
     HTTP_CONFLICT
 from swift.common.request_helpers import get_sys_meta_prefix, \
@@ -1191,7 +1191,7 @@ class ContainerContext(ObjectVersioningContext):
                     'hash': item['hash'],
                     'last_modified': item['last_modified'],
                 })
-            limit = constrain_req_limit(req, ACCOUNT_LISTING_LIMIT)
+            limit = constrain_req_limit(req, CONTAINER_LISTING_LIMIT)
             body = build_listing(
                 null_listing, subdir_listing, broken_listing,
                 reverse=config_true_value(params.get('reverse', 'no')),
@@ -1256,7 +1256,7 @@ class ContainerContext(ObjectVersioningContext):
                         'last_modified': item['last_modified'],
                     })
 
-                limit = constrain_req_limit(req, ACCOUNT_LISTING_LIMIT)
+                limit = constrain_req_limit(req, CONTAINER_LISTING_LIMIT)
                 body = build_listing(
                     null_listing, versions_listing,
                     subdir_listing, broken_listing,