openstack/swift - swift - OpenDev: Free Software Needs Free Tools

Co-Authored-By: Shreeya Deshpande <shreeyad@nvidia.com>
Change-Id: I155572bc5f4d955c918c951d6d2af9dbbae0136d

Make all statements using all caps (WARNING) and modify with print where there is stderr.write.
Fixes bug 1511139
Change-Id: I3b24c55d6ea07d9c2254f15a490fa336ad64c6c4

The tags framework has been discontinued for a long time; see
https://governance.openstack.org/tc/reference/tags/ and
https://governance.openstack.org/tc/resolutions/20211224-tags-framework-removal.html
Related-Change: I78815177dba9d765587d9a0aee4e0f76e14a043e
Change-Id: Ifec53e00b760a7c3ee82b7ef3d54b8f856c55aba

Tempauth fernet tokens use a secret shared among all proxies to encrypt
user group information. Because they are encrypted, clients can neither
view nor edit this information; it is an opaque bearer token similar to
the existing memcached-backed tokens (just much longer). Note that
tokens still expire after the configured token_life.
Add a new set of config options of the form
 fernet_key_<keyid> = <32 url-safe base64-encoded bytes>
Any of the configured keys will be used to attempt to decrypt tokens
starting with "ftk" and extract group information.
Another new config option
 active_fernet_key_id = <keyid>
dictates which key should be used when minting tokens. Such tokens
will start with "ftk" to distinguish them from memcached-backed tokens
(which continue to start with "tk"). If active_fernet_key_id is not
configured, memcached-backed tokens continue to be used.
Together, these allow seamless transitions from memcached-backed tokens
to fernet tokens, as well as transitions from one fernet key to another:
 1. Add a new fernet_key_<keyid> entry.
 2. Ensure all proxies have the new config with fernet_key_<keyid>.
 3. Set active_fernet_key_id = <keyid>.
 4. Ensure all proxies have the new config with the new
 active_fernet_key_id.
This is similar to the key-rotation process for the encryption feature,
except that old keys may be pruned following a token_life period.
Additionally, opportunistically compress groups before minting tokens.
Compressed tokens will begin with "zftk" but otherwise behave just like
"ftk" tokens.
Change-Id: I0bdc98765d05e91f872ef39d4722f91711a5641f

Change-Id: Ib797f73134c8fa5ef0dc66aeddf06adfa50ed7d4

Now that we no longer need to support py2, iterating over bytes always
yields ints.
Change-Id: Id5e0c4f597c77cae5742c53f31fad479fa864261

... so that eventlet.wsgi will include Connection: close headers on
Expect: 100-continue error responses from s3api and make aws clients
less unhappy.
eventlet.wsgi likes to check for hasattr('__len__', resp) when setting
connection close on expect-100 errors, but uses 'content-length' in
headers when deciding on chunked-transfer.
When we know the length we can support either interface. Also we can
imporove s3api to return error responses with the content-length known.
Change-Id: Ic504841714bd607cb9733b2de5126092a79c1094

Change-Id: I60f0b36633c2a348933fd45d348d76b256fca57a

Previously the SigV4Mixin would override S3Request signature checking
methods. This patch refactors the signature checking into sigv2 and
sigv4 helper classes i.e. moves towards composition rather than
inheritance.
No behavioural changes are intended with this patch.
Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Co-Authored-By: Thibault Person <thibault.person@ovhcloud.com>
Change-Id: Icaf86181c3bf7804c5176db48d2de5e2fc6f24d2

Introduce a single error handler to catch errors while reading the
input.
Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Change-Id: Ib0330e863ad15e362dfa587517a26109c74eefec

Currently our test names are long and we pipe pytest output to a file,
so the skip reason gets truncated; setting this env var .zuul and
passing to tox.ini will allow us to see the reason why pytest is
skipping next to the test name.
Drive-by: remove passenv from s3api tests in tox.ini so they are
inherited from testenv
Related-Change-Id: I6b7cc64262d2f8ef7e3bbce30bab5550899b5211
Change-Id: I15791a9238485190acf7f87a3b562bf67e7c5c09

The swift-tox-func-s3api-tests-tempauth runs the tests in test/s3api.
The swift-tox-func-s3api-ceph-s3tests-tempauth doesn't run the tests
in test/s3api. This patch changes the names of those jobs to
disambiguate the prefix 'swift-tox-func-s3api' and avoid any
suggestion that the second job is a super-set of the first job.
Change-Id: I323cf7e32200a2f895f0b051454b00047f7de300

The method is redundant and confusingly named. Since the
Related-Change it actually returns the aggregate value of counters,
not just the count of calls made to the increment method alone.
Related-Change: I4d8a4b530465b587caced4362eb9178507701cef
Change-Id: I52585567a177f58e0f110785b44f8d238b2ac54d

Both the StatsdClient and LabeledStatsdClient implemented all of the
public interface methods for an AbstractStatsdClient. Even though the
implementations are identical the interfaces themselves were made
different WRT the "last" positional arg if provided.
This change puts the identical implementations of the public interface
in the AbstractStatsdClient class with a generic interface. For
backwards compat with the existing public interface on the
legacy-StatsdClient we have to make the old signature explicit - but we
can transparently call into the common implementation.
For consistency with legacy-Statsdclient and better docstrings this
change also "fixes" the signature for the new LabeledStatsdClient public
interface methods so they explicitly state labels must always be passed
in as a kwarg to avoid confusion accidentally passing in
`sample_rate=<dict>` or `label=<float>` as a positional arg.
Drive-by: as a side-effect of consolidating the implementations there
was now only one place to extend a fix in the FakeStatedClient interface
so that tests who assert StatsdClient method calls don't have to read
like the UUT also called some *other* public StatsdClient method; which
also cleaned up some Fake helpers that deal specifically with counters.
Drive-by: fix stub return value TypeError in a _get_hashes mock that was
caught by better faking. N.B. it doesn't matter how statsd would have
handled 'metric:None|c' because it was only a test bug.
Change-Id: I4d8a4b530465b587caced4362eb9178507701cef

Change-Id: I6b7cc64262d2f8ef7e3bbce30bab5550899b5211

Add test coverage for passing sample_rate to LabeledStatsdClient
methods.
Drive-by: clean up and tighten some existing StatsdClient unit tests to
share a CommonBaseTestsMixin, as was expedient perhaps to the chagrin of
the co-author.
Related-Change: I115ffb1dc601652a979895d7944e011b951a91c1
Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Change-Id: I68a24d9467e58994abbac82a5e741f5bb578976c

metric_name is always truthy so the condition was unnecessary. This
has been more obvious since the Related-Change.
Change-Id: Ic0877781ff9f52de98c2e892cd4c1d6296dc8073
Related-Change: I25f91b1943b91c7429219c3b5a4280abe9bef5b3

Drive by: FakeStatsdClient.send_calls was not used and is removed.
Change-Id: Ib8bfff8d46ae81b017aff05aad80afe421e6828a

Hopefully if we never do a release that supports signalfx no one will
ever use it and we won't have to maintain it.
Drive-by: refactor label model dispatch to fix a weird bug where a
config name could be a class attribute and blow up weird.
Change-Id: I2c67b59820c5ca094077bf47628426f4b0445ba0

Introduce a LabeledStatsdClient API; no callers yet.
Include three config options:
 - statsd_label_mode, which specifies which label format to use
 - statsd_emit_legacy, which dictates whether to emit old-style
 metrics dotted metrics
 - statsd_user_label_<name> = <value>, which supports user defined
 labels in restricted ASCII characters
Co-Authored-By: yanxiao@nvidia.com
Co-Authored-By: alistairncoles@gmail.com
Change-Id: I115ffb1dc601652a979895d7944e011b951a91c1

Add file to the reno documentation build to show release notes for
stable/2025.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2025.1.
Sem-Ver: feature
Change-Id: I742fad68e041d146a3b52ff9b7bad986cee43c2b

Change-Id: I5a0fa398901895de30ce979e22ef65fbd299656f

Change-Id: I6688025b8f1b53eb31d7c0d10dc9909567e9c281

In test assertion failure messages the DUMMY_VALUE would be shown as
<object object ...> which is not immediately recognisable as the dummy
value..
This change makes the DUMMY_VALUE show as
<test.unit.common.middleware.helpers.FakeSwiftDummyValue object ...>.
Change-Id: I73fac245c65c48d45e4919c6f15688d482148407
Related-Change: I332ce724aa10287800cbec8ca21aacc3bbd3c22a

None values in the request environ should be copied, not replaced with
the dummy value.
Related-Change: I332ce724aa10287800cbec8ca21aacc3bbd3c22a
Change-Id: Id78ac1cac833f9284946cd364b3f95341afcb235

On py3, everything's new-style!
Change-Id: I1b9d2a3369279a56962b800c27edd9f6127ef0d4

If it's not provided, don't assume localhost; use the scheme/netloc
from OS_STORAGE_URL.
Change-Id: I0877099cb044cf8aaaeb6af0b4e1332fac00b10b

Related-Change: I86bcd7a2373cf1e7213cb716888307306b7bb50d
Change-Id: I0056bfc78f9c89b1c458943ee446499d21667fac

Change-Id: I9044e49ff30b092a97b75fa7fa133016d17cde37