summaryrefslogtreecommitdiff
path: root/doc/source/misc.rst
Commit message (Collapse)AuthorAgeFilesLines
* formpost: deprecate sha1 signaturesMatthew Oliver2022-07-261-0/+11
| | | | | | | | | | | | | | | | | | | | | We've known this would eventually be necessary for a while [1], and way back in 2017 we started seeing SHA-1 collisions [2]. This patch follows the approach of soft deprecation of SHA1 in tempurl. It's still a default digest, but we'll start with warning as the middleware is loaded and exposing any deprecated digests (if they're still allowed) in /info. Further, because there is much shared code between formpost and tempurl, this patch also goes and refactors shared code out into swift.common.digest. Now that we have a digest, we also move digest related code: - get_hmac - extract_digest_and_algorithm [1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html [2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Change-Id: I581cadd6bc79e623f1dae071025e4d375254c1d9
* Add docs for registry moduleTim Burke2022-02-101-0/+10
| | | | | | | Drive-By: make the register_sensitive_header() implementation more obviously case-insensitive. Change-Id: I5b299bc0adb526c468c6364a5706eb86809533e5
* Add Storage Policy DocumentationPaul Luse2014-06-191-0/+9
| | | | | | | | Add overview and example information for using Storage Policies. DocImpact Implements: blueprint storage-policies Change-Id: I6f11f7a1bdaa6f3defb3baa56a820050e5f727f1
* Alphabetized items under "Misc" in source documentationMatt Kassawara2014-02-201-54/+54
| | | | | | | I alphabetized the items under "Misc" in the source documentation to make them easier to locate. Change-Id: I1badca7a97e7d887fefac0be2e2208eec52cec60
* Remove duplicate doc entry for swobanc2014-02-121-9/+0
| | | | | | | | | | Fixes swob module being referenced twice in misc.rst resulting in duplicate sections in the doc. Also fixes build_sphinx warning for section underline too short in middleware.rst. Change-Id: Ibe44895f933a6503ca04ccd3a084bc0cfd913213
* Add flag to stop swob from always using absolute location.David Goetz2014-01-241-0/+10
| | | | | | | | | | | | This is needed for SOS (along with patch https://github.com/dpgoetz/sos/pull/37) to work with swift 1.12 . By spec you should always use the absolute location but this causes a problem with staticweb over a cdn using a cname. Basically you want to be able to forward the browser to a relative location instead of whatever full url the proxy server thinks you are using. Change-Id: I3fa1d415bf9b566be069458b838f7e65db0c4f39
* Add documentation for GateKeeperClay Gerrard2014-01-231-149/+19
| | | | | | | | | | | | | The purpose of GateKeeper mostly relates to the development of new swift code, so I threw together a guide for development_middleware that covers some basics with a eye towards metadata handling in-particular. I also fixed up some missing autodoc's, split out middleware autodoc and added some ref's here and about so I could link to them from the development_middleware guide. DocImpact Change-Id: I20dd942ea8df9e33c3e794cb49669ffa1332c63e
* New container sync configuration optiongholt2014-01-101-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary of the new configuration option: The cluster operators add the container_sync middleware to their proxy pipeline and create a container-sync-realms.conf for their cluster and copy this out to all their proxy and container servers. This file specifies the available container sync "realms". A container sync realm is a group of clusters with a shared key that have agreed to provide container syncing to one another. The end user can then set the X-Container-Sync-To value on a container to //realm/cluster/account/container instead of the previously required URL. The allowed hosts list is not used with this configuration and instead every container sync request sent is signed using the realm key and user key. This offers better security as source hosts can be faked much more easily than faking per request signatures. Replaying signed requests, assuming it could easily be done, shouldn't be an issue as the X-Timestamp is part of the signature and so would just short-circuit as already current or as superceded. This also makes configuration easier for the end user, especially with difficult networking situations where a different host might need to be used for the container sync daemon since it's connecting from within a cluster. With this new configuration option, the end user just specifies the realm and cluster names and that is resolved to the proper endpoint configured by the operator. If the operator changes their configuration (key or endpoint), the end user does not need to change theirs. DocImpact Change-Id: Ie1704990b66d0434e4991e26ed1da8b08cb05a37
* Added discoverable capabilities.Richard (Rick) Hawkins2013-11-221-0/+19
| | | | | | | | | | | | | | Swift can now optionally be configured to allow requests to '/info', providing information about the swift cluster. Additionally a HMAC signed requests to '/info?swiftinfo_sig=<sign>&swiftinfo_expires=<expires>' can be configured allowing privileged access to more sensitive information not meant to be public. DocImpact Change-Id: I2379360fbfe3d9e9e8b25f1dc34517d199574495 Implements: blueprint capabilities Closes-Bug: #1245694
* Revert "Refactor common/utils methods to common/ondisk"Peter Portante2013-10-071-9/+0
| | | | | | | This reverts commit 7760f41c3ce436cb23b4b8425db3749a3da33d32 Change-Id: I95e57a2563784a8cd5e995cc826afeac0eadbe62 Signed-off-by: Peter Portante <peter.portante@redhat.com>
* Refactor common/utils methods to common/ondiskPeter Portante2013-09-171-0/+9
| | | | | | | | | Place all the methods related to on-disk layout and / or configuration into a new common module that can be shared by the various modules using the same on-disk layout. Change-Id: I27ffd4665d5115ffdde649c48a4d18e12017e6a9 Signed-off-by: Peter Portante <peter.portante@redhat.com>
* Update documentation for account_quota middlewareChristian Schwede2013-04-031-7/+7
| | | | Change-Id: I3dc7930ee2a1eb26b1f60e83fce2bc1bea0a8b0f
* Account quotasChristian Schwede2013-03-081-1/+7
| | | | | | | | | | | | Add a new middleware implementing account quotas. This middleware blocks write requests (PUT, POST) if a given quota (in bytes) is exceeded while DELETE requests are still allowed. Quotas are stored in the x-account-meta-quota-bytes metadata entry. Write requests to this metadata setting are only allowed for resellers. Change-Id: I57fd7c6209f34cc79d4bab72d500d43ba2a62083
* Support listing endpoints for an object.Sergey Lukjanov2013-03-071-0/+8
| | | | | | | | Implements blueprint list-endpoints. DocImpact: new middleware list_endpoints. Change-Id: I0c4911ff726abd4cb8ce2b6245c99786ad46b410
* Static Large Object SupportDavid Goetz2013-03-011-0/+8
| | | | | | DocImpact Change-Id: I7edaa5e44208ab451f7f7566b64bb571b8eea1f9
* Add generated keystone documentation to misc.rst.Chmouel Boudjnah2013-02-111-1/+9
| | | | | | | - Change a bit the formatting of the documention as well. - Fix WARNING: Title underline too short. in misc.rst. Change-Id: I2f4e36bcb5e01e984f0af0152bc5b3b9f7e942ce
* Basic container quotasMichael Barton2013-02-051-0/+7
| | | | | | | | | | | | | | | | | | | | | Add a new middleware implementing some basic container quotas. Quotas are subject to several limitations: eventual consistency, the timeliness of the cached container_info (60 second ttl by default), and it’s unable to reject chunked transfer uploads that exceed the quota (though once the quota is exceeded, new chunked transfers will be refused). However, they get most of the way to container quotas fairly inexpensively. Quotas are set by adding meta values to the container, and are validated when set: X-Container-Meta-Quota-Bytes: Maximum size of the container, in bytes. X-Container-Meta-Quota-Count: Maximum object count of the container. DocImpact Change-Id: I77cfbf6dc231a2e522bd67328e4c082424a93eee
* Bulk Requests: auto extract archive and bulk delete middleware.David Goetz2013-01-241-0/+7
| | | | | | | | Fix small problem in ratelimiting middleware. DocImpact Change-Id: Ide3e0b9f4887626c30cae0b97eb7e2237b1df3ed
* Add handler for CORS "actual requests"Adrian Smith2013-01-231-31/+0
| | | | | | | | | | | | | | | | | | | | Fix for bug 1095130 * Added a wrapper function around public methods to handle CORS actual requests. These requests need to return some extra headers to be valid responses to a CORS request. Access-Control-Expose-Headers and Access-Control-Allow-Origin. * Added support for the CORS header Access-Control-Expose-Headers. * Some refactoring of the OPTIONS method so the "is_origin_allowed" logic can be reused. * Added a little extra detail to the CORS documentation. DocImpact Change-Id: I68538e472a900775427f21a8a59e738a83dcc8bc
* Adding CORS supportScott Simpson2012-10-231-0/+32
| | | | Change-Id: I894473994cdfea0996ad16e7619aff421f604abc
* Remove swift.common.client from here.Chmouel Boudjnah2012-06-071-10/+0
| | | | | | | | - It has been to its own gerrit project. - direct_client should follow next. - Implements blueprint clientbindings. Change-Id: I3bb50c95eba81302bfec71cb7ce5288b85a41dc0
* Move proxy server logging to middleware.Michael Barton2012-05-241-0/+7
| | | | Change-Id: I771c87207d4e1821e32c3424b341d182cc7ea7c0
* Remove swift3 from here.Chmouel Boudjnah2012-05-241-7/+0
| | | | | | | - Reference https://github.com/fujita/swift3 in associated_projects. - Implements blueprint add-associated-projects-docs. Change-Id: I48ef4c03449edf6ef4fda1a391228cacac7d2ac6
* Reverted the pulling out of various middleware:gholt2012-05-161-0/+42
| | | | | | | | RateLimit StaticWeb TempURL/FormPOST Change-Id: I988e93e6f4aacb817a2e354d43a04e47516fdf88
* removed cname lookup middlewareJohn Dickinson2012-05-091-7/+0
| | | | | | | | | | | | | | | The code has moved to https://github.com/notmyname/swift-cnamelookup. For current users of cname lookup, this will require installing the new package and changing the "use" line of the cname lookup conf section's to: [filter:cname_lookup] use = egg:swift_cnamelookup#swift_cnamelookup And then 'swift-init proxy reload'. Change-Id: If622486ddb04a53251244c9840aa3cfe72168fc5
* Pulled out Rate Limit middlewaregholt2012-05-091-7/+0
| | | | | | | | | | | | | | | Rate Limit middleware is now at http://dpgoetz.github.com/swift-ratelimit/ For current users of Rate Limit, this will require installing the new package and changing the "use" line of the ratelimit conf section to: [filter:ratelimit] use = egg:swiftratelimit#middleware And then 'swift-init proxy reload'. Change-Id: I2ab774e9cee9fba4103c1be4bea6d52d1adb29f7
* removed domain remap middlewareJohn Dickinson2012-05-081-7/+0
| | | | | | | | | | | | | | | The code has moved to https://github.com/notmyname/swift-domainremap. For current users of domain remap, this will require installing the new package and changing the "use" line of the domain remap conf section's to: [filter:domain_remap] use = egg:swift_domainremap#swift_domainremap And then 'swift-init proxy reload'. Change-Id: I710caf9b991f9d37df36b826ae4338086d0ec36d
* Pulled out TempURL/FormPOSTgholt2012-05-081-14/+0
| | | | | | | | | | | | | | | | | | TempURL/FormPOST is now at http://gholt.github.com/swift-tempurl/ For current users of TempURL/FormPOST, this will require installing the new package and changing the "use" line of the tempurl and formpost conf section's to: [filter:tempurl] use = egg:swifttempurl#tempurl [filter:formpost] use = egg:swifttempurl#formpost And then 'swift-init proxy reload'. Change-Id: I5bddf7f9e09ee07815530a41c46ff901fc21b447
* Merge "Pulled StaticWeb out to separate project"Jenkins2012-05-081-7/+0
|\
| * Pulled StaticWeb out to separate projectgholt2012-05-051-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | StaticWeb is now at http://gholt.github.com/swift-staticweb/ For current users of StaticWeb, this will require installing the new package and changing the "use" line of the staticweb filter conf section to: use = egg:swiftstaticweb#middleware And then 'swift-init proxy reload'. Change-Id: Iab32adb5927698a667c5c6d6a572c44ca23414eb
* | Added an internal client.Greg Lange2012-05-041-0/+10
|/ | | | | | Refactored object expirer to use this client. Change-Id: Ibeca6dba873f8b4a558ecf3ba6e8d23d36f545b0
* updated docs for domain remap and cname lookup middlewareJohn Dickinson2012-04-051-0/+14
| | | | Change-Id: I1c571951f25a6e724cdd4699eb94baad5e47eb95
* TempURL and FormPost Middlewaregholt2012-01-101-0/+14
| | | | Change-Id: I8d2ce2abdfe3a44605c9441ad7b1abc6c77e282d
* Add documentation for Swift Recon.Florian Hines2011-10-211-0/+9
| | | | Change-Id: I37f4fb624bdc5b8bbf2e691d29aa6b15cd648aa8
* Renaming TestAuth to TempAuth because nose hates anything with the word test ↵gholt2011-05-261-3/+3
| | | | in it.
* Remove swauth; update references from swauth to testauth.gholt2011-05-261-4/+4
|
* Update from feedback; docsgholt2011-03-241-0/+6
|
* Fixes with removing DevAuthgholt2011-03-141-9/+0
|
* review cleanupClay Gerrard2011-02-141-0/+7
|
* Added doc strings and pointers to docs for swift3Chuck Thier2011-01-141-0/+8
|
* Incorporated Swauth into Swift as an optional DevAuth replacement.gholt2010-12-011-0/+9
|
* changing source docsDavid Goetz2010-10-131-2/+2
|
* adding source docsDavid Goetz2010-10-131-0/+7
|
* Documentation of the new auth and acls middleware modules and bugfixesgholt2010-09-031-0/+9
|
* Updated docs (including SAIO) to refelct the paste.deploy config changesChuck Thier2010-08-201-2/+2
|
* Initial commit of Swift codeChuck Thier2010-07-121-0/+99
View Lorry Controller Status