openstack/swift - swift - OpenDev: Free Software Needs Free Tools

DocImpact
If account reaper has not managed to clean out an account after a long
period, it prints a message to the log (you can search your system looking
for such messages). Introduce reap_warn_after config variable to determine
when to emit the message (defaults to 30 days).
Also fix bug 1181995 (edge case where object name is an empty string)
Change-Id: Ic0dfee04742d06b6a51b59f302d7a272d7c1de92

If you have StatsD logging turned on, then the iterator returned by
Ring.get_part_nodes() will emit StatsD packets when it yields a
handoff node. That network IO may make eventlet trampoline to another
greenthread before returning from next(). Now, if that other
greenthread tries to call next() on that same iterator, it blows up
with a ValueError.
Any socket IO inside a generator's next() method can cause this. It's
easiest to reproduce with StatsD logging turned on, but logging to
syslog can trigger it too.
You can see this happen sometimes in the proxy's make_requests method
if two of the primary nodes are down. Greenthread A goes into next()
to get a handoff node, then sends a StatsD packet, and so eventlet
trampolines to Greenthread B. Now, Greenthread B also calls next() to
get a handoff node, and dies with a ValueError.
This commit wraps up concurrently-accessed iter_nodes() iterators in a
new thing called a GreenthreadSafeIterator that serializes access.
Bug 1180110
Change-Id: I8fe13d7295c056a2cab9e084f5966078a49bdc13

Change-Id: I0dee7c109d32e6325845df9ba6e1fbf23a2d1b89

See review https://review.openstack.org/29836.
Change-Id: I8ec80202789707f723abfe93ccc9cf1e677e4dc6
Signed-off-by: Peter Portante <peter.portante@redhat.com>

By setting the TZ environment variable for the WSGI process we avoid
the stat("/etc/localtime") on every request handled that logs using
strftime().
Change-Id: Ifc78236a99ed193a42389e383d062b38f57a5a31
Signed-off-by: Peter Portante <peter.portante@redhat.com>

test_get_valid and test_get_valid_key2 test tempurl with a
single key and two keys respectively. This change moves common code
for these tests into a separate function.
Change-Id: Ifee211285e27df03d041a4c357b7c1f0c96ed6a8

Follow-on to https://review.openstack.org/#/c/28895/
Moved the tests for the code that was moved to obj.base and also made
the new test file flake8 compliant.
Change-Id: I4be718927b6cd2de8efe32f8e54b458a4e05291b

Autocreate was messy - now cleaned.
Auto-create now occurs at account POST, and container PUT only.
A method for autocreation was added
Autocreation was removed from account_info and container_info.
Fake-it as if the account exists on account HEAD and account GET.
Return 404 on everything else when the account does not exist.
Fix: Bug #1172223
Fix: Bug #1179140
Change-Id: Iac54c1438eb09883fbc29a1ad2ac2245b95efc92

Instances of the RingBuilder class can store its data to a disk file by
the save method and load it by the load method.
blueprint argparse-in-swift-ring-builder
Change-Id: I69fdf0693ca9f520d235a795ecdd2da310dcd5d3

While it is true that one *could* call ContainerBroker.get_info() with
include_metadata=True, it is also true that nobody actually does.
It's also true that the code path taken when include_metadata=True is
broken in the case of non-ASCII metadata keys
(e.g. X-Container-Meta-☃: snowman), so leaving it around is just
asking for future pain.
Change-Id: I4931add4b8fb7c4f57820e52f182c21040d8db10

Encode metadata key as utf8 if key is unicode when
retriving it from sqlite database.
Change-Id: I4ba11543d1bed17098b5e52dd768c75b403188a1
Fixes: bug #1172202 

All the other methods (POST, GET, HEAD, DELETE and REPLICATE) first
validate the REST parameters and headers before performing the mount
check. Do the same for PUT.
Change-Id: I6e5f34cc65b57662b7f88224ca0e1501787e0f43
Signed-off-by: Peter Portante <peter.portante@redhat.com>

With the container quota middleware on, if you made a request similar to the
following one you'd get a 500 response.
curl -i -X PUT -H 'X-Auth-Token: token'
http://127.0.0.1:8080/v1/AUTH_testhttp://something/something_else
(Note the double url.)
This was due to a mismatch in how split_path() was called in the middleware and
in the get_container_info().
This change fixes that mismatch and the bug.
Change-Id: Ie42ab585b942b7201e13b02a0c706532952aac60

Enhance internally logged messages to report referer and user-agent.
Pass the referering URL and METHOD between internal servers (when
known), and set the user-agent to be the server type (obj-server,
container-server, proxy-server, obj-updater, obj-replicator,
container-updater, direct-client, etc.) with the process PID. In
conjunction with the transaction ID, it helps to track down which PID
from a given system was responsible for initiating the request and
what that server was working on to make this request.
This has been helpful in tracking down interactions between object,
container and account servers.
We also take things a bit further performaing a bit of refactoring to
consolidate calls to transfer_headers() now that we have a helper
method for constructing them.
Finally we performed further changes to avoid header key duplication
due to string literal header key values and the various objects
representing headers for requests and responses. See below for more
details.
====
Header Keys
There seems to be a bit of a problem with the case of the various
string literals used for header keys and the interchangable way
standard Python dictionaries, HeaderKeyDict() and HeaderEnvironProxy()
objects are used.
If one is not careful, a header object of some sort (one that does not
normalize its keys, and that is not necessarily a dictionary) can be
constructed containing header keys which differ only by the case of
their string literals. E.g.:
 { 'x-trans-id': '1234', 'X-Trans-Id': '5678' }
Such an object, when passed to http_connect() will result in an
on-the-wire header where the key values are merged together, comma
separated, that looks something like:
 HTTP_X_TRANS_ID: 1234,5678
For some headers in some contexts, this is behavior is desirable. For
example, one can also use a list of tuples which enumerate the multiple
values a single header should have.
However, in almost all of the contexts used in the code base, this is
not desirable.
This behavior arises from a combination of factors:
 1. Header strings are not constants and different lower-case and
 title-case header strings values are used interchangably in the
 code at times
 It might be worth the effort to make a pass through the code to
 stop using string literals and use constants instead, but there
 are plusses and minuses to doing that, so this was not attempted
 in this effort
 2. HeaderEnvironProxy() objects report their keys in ".title()"
 case, but normalize all other key references to the form
 expected by the Request class's environ field
 swob.Request.headers fields are HeaderEnvironProxy() objects.
 3. HeaderKeyDict() objects report their keys in ".lower()" case,
 and normalize all other key references to ".lower()" case
 swob.Response.headers fields are HeaderKeyDict() objects.
Depending on which object is used and how it is used, one can end up
with such a mismatch.
This commit takes the following steps as a (PROPOSED) solution:
 1. Change HeaderKeyDict() to normalize using ".title()" case to
 match HeaderEnvironProxy()
 2. Replace standard python dictionary objects with HeaderKeyDict()
 objects where possible
 This gives us an object that normalizes key references to avoid
 fixing the code to normalize the string literals.
 3. Fix up a few places to use title case string literals to match
 the new defaults
Change-Id: Ied56a1df83ffac793ee85e796424d7d20f18f469
Signed-off-by: Peter Portante <peter.portante@redhat.com>

This will be needed in future replication work to avoid circular
imports.
I used swift.obj.base as the module name just because we seemed to
avoid putting code in __init__.py files so far and I didn't want to
buck the trend.
I would love to see other obj things like *_metadata and DiskFile
move into swift.obj.base as well and swift.obj.server just be the
WSGI server logic, but I'll leave that for the future.
I have changed the tests as little as possible (just the references
to where they get the code to test) to show the refactor has not
broken anything. I did add a test for tpool_reraise since there was
none before.
There will be a follow on patch for moving the tests to their new
location(s). I figured I'd wait to put the bikes in the shed until
everyone's done painting it.
Change-Id: I32b4ac88be21eb76c877d3f4cc1e6ac33304835b

The crossdomain doc was named *.xml instead of *.rst causing it to not
get built or included in the toctree where it was supposed to.
The apache deployment guide wasn't linked to from anywhere, so I added
it under the normal deployment guide.
Change-Id: I817a1f2ca1ed7913e8ea5155cc1fac07caf0b637

When swift-bench is run in direct mode, don't try to delete the
containers which weren't created.
Fixes bug 1177960.
Change-Id: Ice07e8729bb776e2b215894cf95fb80b64167a8d

Change-Id: I8ea0ff86518d453597faae44ec3918298e2d5147

This allows users to rotate their TempURL keys without invalidating
all existing signed URLs. This is handy if you have multiple systems
generating signed URLs, but you want to change your keys for some
reason (e.g. keys compromised, company policy, general paranoia).
Both the first and second keys are optional, so existing accounts'
signed URLs will continue to work as before.
This commit does change the memcache key used to store the fetched
TempURL keys. This is because we were storing the old key as a string
in memcached, but the new one is a list of keys. Since the key cache
lifetime here is only 60 seconds, it doesn't seem like too big a deal
to completely flush the TempURL cache.
Also, this commit adds caching of a negative TempURL result. If the
account HEAD reveals no TempURL keys at all, that result is now stored
for 60 seconds the same way that a positive result would be.
Change-Id: I40a02bd607283fbce11aa52a9bb8a5846ab17f5e

Change-Id: I431cac1e9818a335ff8d20288ab6acf39d6b6d5e

Currently if you have a container with objects named
x/y and x0 and you use delimiter=/ in your query, x0
will be excluded from the results. This patch resolves
this problem.
To replicate the original issue, create a container
called 'test' with the following objects:
x/y
x0
x1
Then do a GET with 'accnt/test?delimiter=/' and the
following is returned:
x/
x1
i.e. x0 is missing from output.
Change-Id: If196e3075612b121ef8da4a9128167d00a248c27

dnspython was added recently to the list of requirments.
This patch completes the change:
1. The new requirement is documented
2. The need for tox --recreate is documented
(assuming there is no way to automate 2 above)
Change-Id: I49f0cb4b01b79dd7cf4329984a2f8416378ebe19
Fixes: Bug #1176627 

It already skips IPv4 addresses, and since IPv6 is the future of the
Internet*, we should probably do the right thing with those too.
* IPv6: Just two years away for over fifteen years!
Change-Id: I54f1db4e936fd38d05ac8b5c709efba76525b9d2

cname_lookup cannot resolve IP addresses as CNAME records, and therefore
should not attempt to resolve the host in that case. The middleware is
skipped when the host is an IP address.
Change-Id: I6961ec205e771116ace1ebcb8c088f3116eb38f0
Fixes: bug #1172289 

Broke this out into a separate commit since adding five characters
caused a few lines to get re-wrapped, adding more diffs.
See John's comment from Patch Set #3 for the motivation for this
change in review https://review.openstack.org/27149.
Change-Id: I1edf2cb468dcda0b781569161ada6e4016c1141c
Signed-off-by: Peter Portante <peter.portante@redhat.com>

Before when iterating using this object, the call to the underlying file object
was made without a chunk_size. This is bad because this would cause the entire
contents of the file to be read.
Change-Id: I9956e5d2d693a6260252fff331d4f78f70179a6c

Change-Id: I3d4a31111c3044da06611405ce80f208ef8a0ce3