openstack/swift - swift - OpenDev: Free Software Needs Free Tools

Account quota metadata such as quota_bytes and quota_count are stored in
the `meta` namespace which users have access to. However, this should be
only available to reseller admins.
This patch adds support for writing the quota metadata to `sysmeta`
namespace, so that it is not accessible by users. The account policy
quota is already using `sysmeta` and has the namespace
`X-Account-Quota-*`, so we are following this pattern.
If present, `X-Account-Quota-Bytes` is always preferred. However, in
order to maintain backwards compatibility, `X-Account-Meta-Quota-Bytes`
will still be honoured if it exists and `X-Account-Quota-Bytes` is not
present.
This also adds some new "legacy" tests to validate backwards
compatibility.
Co-authored-by: Azmain Adib <adib1905@gmail.com>
Co-authored-by: Daanish Khan <daanish1337@gmail.com>
Co-authored-by: Mohammed Al-Jawaheri <mjawaheri02@gmail.com>
Co-authored-by: Nada El-Mestkawy <nadamaged05@gmail.com>
Co-authored-by: Tra Bui <trabui.0517@gmail.com>
Co-authored-by: Chris Smart <distroguy@gmail.com>
Change-Id: Icf7b26023ab5b84136ceaa103fa2797534320f1a

Previously, this would reduce the account's quota to zero, which seems
like the opposite of what the operator intended.
Now, remove the quota, similar to sending an empty quota header.
Change-Id: Ic28752d835e0b970f2baa4e68cbfcde4f500b3d4

Change-Id: Ied0ff6bea7e054fad3fe9579c85d9ae5c9c0b255

- SHA256 mismatches should trip XAmzContentSHA256Mismatch errors,
 not BadDigest. This should include ClientComputedContentSHA256 and
 S3ComputedContentSHA256 elements.
- BadDigest responses should include ExpectedDigest elements.
- Fix a typo in InvalidDigest error message.
- Requests with a v4 authorization header require a sha256 header,
 rejecting with InvalidRequest on failure (and pretty darn early!).
- Requests with a v4 authorization header perform a
 looks-like-a-valid-sha256 check, rejecting with InvalidArgument
 on failure.
- Invalid SHA256 should take precedence over invalid MD5.
- v2-signed requests can still raise XAmzContentSHA256Mismatch errors
 (though they *don't* do the looks-like-a-valid-sha256 check).
- If provided, SHA256 should be used in calculating canonical request
 for v4 pre-signed URLs.
Change-Id: I06c2a16126886bab8807d704294b9809844be086

My home server has more strict controls on /tmp as it run selinux etc.
When running unittests and the default log_filename_prefix deep under
/tmp gets permission denied. It would be better to override this setting
in the tests with a good known tmp location
Change-Id: I6c95ca3a0045a8f268802c6abb633bdfb0e56b73

Change-Id: If5793d1b18cf8f35b8f98206f029f6cc6ca0cf1e

Previously, when handling an object POST, if the proxy got a 202 and
two connection timeouts from the 3 primary backend object servers, it
then went to two handoffs which return 404. The proxy would consider
this to be a quorum of 404s and return the client a 404 response. This
is alarming for the client.
With this patch, the proxy will only treat a 404 response from a
handoff as authoritative if it has an x-backend-timestamp header
(i.e. there's a tombstone on the handoff). POST responses never have
an x-backend-timestamp header so in the scenario described above the
proxy will return a 503.
The Related-Change previously made a similar fix such that 404s from
handoffs are already non-authoritative for object GETs and HEADs
unless they have an x-backend-timestamp header.
Related-Change: Ia832e9bab13167948f01bc50aa8a61974ce189fb
Cloeses-Bug: #2077743
Change-Id: I96f28ab0b2b5f9374c399e8905ee240e7b093f8b

Add unit tests for the proxy object controller to cover object DELETE
and POST scenarios.
Change-Id: I625a4cf03ee9d4a270d60fa2dc9795b36bb36bf1

Some unit tests for the proxy object GET and HEAD path were setup with
insufficient mock responses. The mock connection would raise
StopIteration exceptions once the mock responses were exhausted, which
the object controller would handle as if they were error responses,
potentially distorting the test scenario.
This patch makes the set_http_connect context manager check for
unexpected requests and raise an AssertionError if any are found.
Change-Id: I47774396d9d0a78ebceea6c628c9412b3ad67a11

Running unittests on my home server, even though is a beast, would be
painfully slow. Running them on my laptop ran much faster. I tried
everything and couldn't figure it out.
Chris, co-author, dug in and after we ran out of options he fired up his
packet capture and realised most tests were issuing DNS queries for
`host.`. On my home server, it runs ipv6 dual stack, so these calls
would need to timeout before a test can continue.
On finding this `host.` Ben, another co-author, dug into the code and
found the only reference we have to `host` is in FakeStatsdClient.
Sure enough as I dug a little further it turns out our FakeStatsdClient
used to override a StatsdClient function `_determine_sock_family(self,
host, port)` to stop actually creating a real socket.
However, at some point the StatsdClient was refactored and that method
was renamed and changed. Which leads to a DNS lookup every time we
create a debug_logger as it brings up the socket.
As you can imagine, this happens alot!
This patch overrides the new function that handles to socket creation
`_set_sock_family_and_target(self, host, port)`. Which eliminates the
DNS call all together.
Co-Authored-By: Ben Formosa <bformosa@nvidia.com>
Co-Authored-By: Chris Smart <csmart@nvidia.com>
Change-Id: Ie393075f79447627714692e3f01bb53e967a71e8

Change-Id: Ie73988edf6be0e38d9004bee04ff46c906a759ff

Some tests in test_account_quotas.py registered a response with
FakeSwift during setUp and then subsequently mutated the response's
headers dict. Worse, some tests then mutate the headers again and
re-use the same response.
This relies on the FakeSwift implementation not copying the original
headers when the response is registered, which may not remain the case
(as the author discovered with the Related-Change). It's also an
unnecessary shortcut.
Change-Id: I3217c17936d0c11b03de4a4a172bb2fb0a2be734
Related-Change: I84604a7ea049850ad4d0f0cea2096ab8a98dfb4a

Drive-by: simplify patching of test expirer instance.
Drive-by: fix comment spelling.
Related-Change: Ib151c498ba325f39570e963e5b7948080ffcd3d6
Change-Id: Ia0041c4eedc33a2675890d52cbbc33b9190f1665

Four new metrics have been added into task iteration process:
 'tasks.parse_errors': count of errors when parsing the task object
 'tasks.skipped': count of task objects skipped because it doesn't
 belong to this expirer.
 'tasks.delayed': count of objects is still within the delay
 'tasks.assigned': count of assigned objects to this expirer
Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
Change-Id: Ib151c498ba325f39570e963e5b7948080ffcd3d6

Newer versions of python expect to be able to say `with self.lock:`
down in logging.
See https://github.com/python/cpython/commit/74723e11
Change-Id: I30305566d12a1b8be4c8bde4b416b798322a1385

Prior to the Related-Change, non_negative_int would raise a ValueError
if it was passed a positive float. It now casts the float to an int,
which is consistent with the docstring.
This patch adds test assertions to verify this behavior, and similar
behavior of config_positive_int_value.
Change-Id: I5d62e14c228544af634190f16321ee97a8c4211c
Related-Change: I06508279d59fa57296dd85548f271a7812aeb45f

Add unit tests to verify the precedence of access_log_ and log_
prefixes to options.
Add pointers from proxy_logging sections in other sample config files
to the proxy-server.conf-sample file.
Change-Id: Id18176d3790fd187e304f0e33e3f74a94dc5305c

It is currently possible to configure "X-Container-Meta-Quota-Bytes"
and "X-Container-Meta-Quota-Count" on containers, as well as
"X-Account-Meta-Quota-Bytes" on accounts. However, there is no way
to configure an account quota limit for the number of files or
"quota-count". This limitation could potentially allow a user to
exhaust filesystem inodes.
This change introduces the "X-Account-Meta-Quota-Count" header,
allowing users with the ResellerAdmin role to add a quota-count
limit on accounts. The middleware will enforce this limit similarly
to the existing quota-byte limit.
Co-authored-by: Azmain Adib <adib1905@gmail.com>
Co-authored-by: Daanish Khan <daanish1337@gmail.com>
Co-authored-by: Mohamed Hassaneen <mohammedashoor89@gmail.com>
Co-authored-by: Nada El-Mestkawy <nadamaged05@gmail.com>
Co-authored-by: Tra Bui <trabui.0517@gmail.com>
Change-Id: I1d11b2974de8649a111f2462a8fef51039e35d7f

When the proxy passes the container-update headers to the object server
now include the db_state, which it already had in hand. This will be
written to async_pending and allow the object-updater to know more about
a container rather then just relying on container_path attribute.
This patch also cleans up the PUT, POST and DELETE _get_update_target
paths refactoring the call into _backend_requests, only used by these
methods, so it only happens once.
Change-Id: Ie665e5c656c7fb27b45ee7427fe4b07ad466e3e2

The ssl.wrap_socket method has been removed in 3.12.
SSLContext.wrap_socket should now be used.
Change-Id: I6119e054289eac263ff5448d7d118209f98678d9

The proxy may use a sub-request to fetch a container listing response,
for example for updating shard ranges. If it then fails to parse the
response, it should use the sub-request path when logging a warning or
error. Before, the proxy would use the original request path which may
have been to an object.
Change-Id: Id904f4cc0f911f9e6e53d4b3ad7f98aacd2b335d

Use same assertion pattern as introduced in the Related-Change and
include the host and port in the assertion.
Change-Id: I7cccf3b8cdfe157c27fb8e0b1f432a649970a865
Related-Change: I9a016de1010dd17e91bc85877413b34d2c3287c7

With labeled metrics on the horizon, I wanted some more end-to-end
tests of stats emission.
Change-Id: I9a016de1010dd17e91bc85877413b34d2c3287c7

It takes a config dict and some caller-specific options, similar to
get_logger. Use this in get_logger, so our logging module doesn't
need to know anything about statsd config options.
Co-Authored-By: yanxiao@nvidia.com
Change-Id: I5ae2cc5c257fb8d7eab885977d9d9cf602224ec7

There's a variety of reasons why s3api may return a 4xx or 5xx
response. It's useful to get some more detail in the log message,
particularly when the request is a HEAD which won't get any detail in
the response body.
Change-Id: I0a499dc5c50bb534a23adcbfe7c3822d8954b0e0

The size in bytes from object metadata of expiring objects are stored in
expirey queue entries under the content_type field.
The x-content-type-timestamp take from object metadata is provided along
with the x-content-type update so the container replicator resolves the
latest content-type and ensures eventual consistency.
UpgradeImpact: During rolling upgrades you should expect expirer queue
entries to continue lacking swift_expirer_bytes= annotations until ALL
object servers replicas have been upgraded to new code.
Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
Change-Id: Ie4b25f1bd16def4069878983049b83de06f68e54

There was an abandoned change that made reference to a RecussionError
when running a probe test that imported boto3 that had something to do
with eventlet, ssl and a transitive dependency on requests-mock, but the
fix that actually got merged seemed to depend on another change to
tox.ini that disables request-mock when we run pytest.
Either way, we already import from boto3 at the top of probe tests and
it's in test-requirements; so we require it to be installed even if you
don't have s3api in your pipeline.
Related-Change: I789b257635c031ac0cb6e4b5980f741e0cb5244d
Related-Change: I2793e335a08ad373c49cbbe6759d4e97cc420867
Related-Change: If14e4d2c1af2efcbc99e9b6fe10973a7eb94d589
Change-Id: Id2662bfc5ef2f21f901f1c98e6389c4cb01818a2

Change-Id: Ie5d8b555489d28c3b901e5bbebdcecbde7bb3367

Change-Id: I9413c72f41465fb8026848f71ec3b39fa990c3b7

Drive-by: fix ValueError message for non_negative_int
Change-Id: I06508279d59fa57296dd85548f271a7812aeb45f

We've been working toward separating our logger from our statsd client.
This is generally a good idea; it's always been a little weird to have
our special-case loggers that would allow you to *also* increment some
counters.
The end goal is to take a bunch of places that look like
 logger = utils.get_logger(conf)
 ...
 logger.info(...)
 logger.increment(...)
and turn them into something more like
 logger = logs.get_adapted_logger(conf)
 stats = statsd_client.get_statsd_client(conf, logger=logger)
 ...
 logger.info(...)
 stats.increment(...)
Take a lesson from logging: callers don't need to know whether the
log_level is high enough that their message will be logged, or even
whether logging is enabled at all. Code wanting to emit stats shouldn't
need to know whether statsd collection has been configured, either.
Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Change-Id: I6eb5b27a387cc2b7310ee11cc49d38fd2b6cbab8

Even if stdlib socket is probably patched by the time StatsdClient
creates a socket, we want to import the green socket module explicitly
for better testing.
Move test_statsd.py to test_statsd_client.py so it matches the naming
convention of the rest of our test files.
Fix some patching of utils in test_statsd_client to patch
statsd_client.
Rename some vars in test_statsd_client that shadowed the statsd_client
module name.
Move some utils tests out of test_statsd_client and back into
test_utils.
Related-Change: I4b5b12a3b0288b696a39903264741bc862a94ad7
Change-Id: I3de22b7f15dd386fa9c873587782f0dfc4c42a27