openstack/swift - swift - OpenDev: Free Software Needs Free Tools

In other places in the codebase, we cache a negative result for less
time (usually a tenth) than we cache a positive result. This commit
makes TempURL do the same.
This creates a slightly nicer experience for someone trying to set up
TempURL; if they get the initial key setup wrong, try it, then fix it,
it now takes only 6 seconds until they can use signed URLs, not
60. That's a short enough time that they may not even notice the
caching of no keys.
Change-Id: I521f023e7cddaecd07f0ce32aedd4059bd0b8ec4

If an object name ends with a /, the content-disposition filename for
a tempurl ended up as an empty string. This fix just strips any
trailing slashes before calling basename.
Also, I added a test to verify that if the filename is passed as an
overriding query parameter, that it is used in full, no rstripping,
no basenaming.
Change-Id: I37725b6ded04ed3b91cdb21132490fd857276e2f

For HEAD and GET requests on both containers and accounts APIs we now
perform parameter checking before we access the database. The unit
tests were updated to show that the parameter checking is performed
before accesses are performed.
Change-Id: Ieb753316cdccabf45022e3d83522d87d34aa6b0e
Signed-off-by: Peter Portante <peter.portante@redhat.com>

The results that are being parsed are really JSON, so using a JSON parser is
more semantically correct; in addition using eval anywhere can set a bad
example.
Change-Id: Idcd55400b2571aba0f2f377cf66a3cbf4d3af960

Till now if a race occurs on a request to a DB when it is
first created, the loosing party die with 500...
... and an error stating a race is in the log file.
Both removed by simply accepting the fact that the DB is in fact
created by someone else - just less work for us to do... ;)
Fixes Bug #1051998
Change-Id: I8e29bf362edf2b1a84f9bffa39c04d5b3dc241b2

When added a new devices into builder the add_dev function returns it
unique id.
blueprint argparse-in-swift-ring-builder
Change-Id: I57080bb625e812f6cea71199df907a44b332b552

Dramatic part of RingBuilder.search_devs which parse a complex format
of a search device string moved to the swift-ring-builder script.
Instead, the search_devs has a simple interface to search devices.
blueprint argparse-in-swift-ring-builder
Change-Id: If3dd77b297b474fb9a058e4693fef2dfb11fca3d

* Fixed issue with running probetests with the latest update
 of python-swiftclient that removed eventlet
* Fixed issue with replication server tests to not require hard
 coded paths
Change-Id: Ibbf727ae99c0f3893ae58e270e2f879a1f618e49

Adding a '/recon/version' in order to get the swift version
Change-Id: I7b7ddbe70abb87c6a3b1010ddefa09d0acc09710

Towards moving the DiskFile class into place as the API definition for
pluggable DiskFile backends, we hide the file descriptor and the
method of writing data to disks. The mkstemp() method has been renamed
to writer(), and no longer returns an fd, but a new object that
encapsulates the state tracked for writes. This new object is then
used directly to perform the reminder of the write operations and
application of required semantics.
Change-Id: Ib37ed37b34a2ce6b442d69f83ca011c918114434
Signed-off-by: Peter Portante <peter.portante@redhat.com>

DocImpact
If account reaper has not managed to clean out an account after a long
period, it prints a message to the log (you can search your system looking
for such messages). Introduce reap_warn_after config variable to determine
when to emit the message (defaults to 30 days).
Also fix bug 1181995 (edge case where object name is an empty string)
Change-Id: Ic0dfee04742d06b6a51b59f302d7a272d7c1de92

If you have StatsD logging turned on, then the iterator returned by
Ring.get_part_nodes() will emit StatsD packets when it yields a
handoff node. That network IO may make eventlet trampoline to another
greenthread before returning from next(). Now, if that other
greenthread tries to call next() on that same iterator, it blows up
with a ValueError.
Any socket IO inside a generator's next() method can cause this. It's
easiest to reproduce with StatsD logging turned on, but logging to
syslog can trigger it too.
You can see this happen sometimes in the proxy's make_requests method
if two of the primary nodes are down. Greenthread A goes into next()
to get a handoff node, then sends a StatsD packet, and so eventlet
trampolines to Greenthread B. Now, Greenthread B also calls next() to
get a handoff node, and dies with a ValueError.
This commit wraps up concurrently-accessed iter_nodes() iterators in a
new thing called a GreenthreadSafeIterator that serializes access.
Bug 1180110
Change-Id: I8fe13d7295c056a2cab9e084f5966078a49bdc13

Attribute get_repl_missing_table in FakeBroker class was changed in
test_replicate_object_quarantine function and not returned back. That's
why next test cases takes not expexted values from FakeBroker.
fixes bug 1180354
Change-Id: Iba55255771e6483832c7782fcbe331e20e818f4e

Change-Id: I0dee7c109d32e6325845df9ba6e1fbf23a2d1b89

See review https://review.openstack.org/29836.
Change-Id: I8ec80202789707f723abfe93ccc9cf1e677e4dc6
Signed-off-by: Peter Portante <peter.portante@redhat.com>

test_get_valid and test_get_valid_key2 test tempurl with a
single key and two keys respectively. This change moves common code
for these tests into a separate function.
Change-Id: Ifee211285e27df03d041a4c357b7c1f0c96ed6a8

Follow-on to https://review.openstack.org/#/c/28895/
Moved the tests for the code that was moved to obj.base and also made
the new test file flake8 compliant.
Change-Id: I4be718927b6cd2de8efe32f8e54b458a4e05291b

Autocreate was messy - now cleaned.
Auto-create now occurs at account POST, and container PUT only.
A method for autocreation was added
Autocreation was removed from account_info and container_info.
Fake-it as if the account exists on account HEAD and account GET.
Return 404 on everything else when the account does not exist.
Fix: Bug #1172223
Fix: Bug #1179140
Change-Id: Iac54c1438eb09883fbc29a1ad2ac2245b95efc92

Instances of the RingBuilder class can store its data to a disk file by
the save method and load it by the load method.
blueprint argparse-in-swift-ring-builder
Change-Id: I69fdf0693ca9f520d235a795ecdd2da310dcd5d3

Encode metadata key as utf8 if key is unicode when
retriving it from sqlite database.
Change-Id: I4ba11543d1bed17098b5e52dd768c75b403188a1
Fixes: bug #1172202 

With the container quota middleware on, if you made a request similar to the
following one you'd get a 500 response.
curl -i -X PUT -H 'X-Auth-Token: token'
http://127.0.0.1:8080/v1/AUTH_testhttp://something/something_else
(Note the double url.)
This was due to a mismatch in how split_path() was called in the middleware and
in the get_container_info().
This change fixes that mismatch and the bug.
Change-Id: Ie42ab585b942b7201e13b02a0c706532952aac60

Enhance internally logged messages to report referer and user-agent.
Pass the referering URL and METHOD between internal servers (when
known), and set the user-agent to be the server type (obj-server,
container-server, proxy-server, obj-updater, obj-replicator,
container-updater, direct-client, etc.) with the process PID. In
conjunction with the transaction ID, it helps to track down which PID
from a given system was responsible for initiating the request and
what that server was working on to make this request.
This has been helpful in tracking down interactions between object,
container and account servers.
We also take things a bit further performaing a bit of refactoring to
consolidate calls to transfer_headers() now that we have a helper
method for constructing them.
Finally we performed further changes to avoid header key duplication
due to string literal header key values and the various objects
representing headers for requests and responses. See below for more
details.
====
Header Keys
There seems to be a bit of a problem with the case of the various
string literals used for header keys and the interchangable way
standard Python dictionaries, HeaderKeyDict() and HeaderEnvironProxy()
objects are used.
If one is not careful, a header object of some sort (one that does not
normalize its keys, and that is not necessarily a dictionary) can be
constructed containing header keys which differ only by the case of
their string literals. E.g.:
 { 'x-trans-id': '1234', 'X-Trans-Id': '5678' }
Such an object, when passed to http_connect() will result in an
on-the-wire header where the key values are merged together, comma
separated, that looks something like:
 HTTP_X_TRANS_ID: 1234,5678
For some headers in some contexts, this is behavior is desirable. For
example, one can also use a list of tuples which enumerate the multiple
values a single header should have.
However, in almost all of the contexts used in the code base, this is
not desirable.
This behavior arises from a combination of factors:
 1. Header strings are not constants and different lower-case and
 title-case header strings values are used interchangably in the
 code at times
 It might be worth the effort to make a pass through the code to
 stop using string literals and use constants instead, but there
 are plusses and minuses to doing that, so this was not attempted
 in this effort
 2. HeaderEnvironProxy() objects report their keys in ".title()"
 case, but normalize all other key references to the form
 expected by the Request class's environ field
 swob.Request.headers fields are HeaderEnvironProxy() objects.
 3. HeaderKeyDict() objects report their keys in ".lower()" case,
 and normalize all other key references to ".lower()" case
 swob.Response.headers fields are HeaderKeyDict() objects.
Depending on which object is used and how it is used, one can end up
with such a mismatch.
This commit takes the following steps as a (PROPOSED) solution:
 1. Change HeaderKeyDict() to normalize using ".title()" case to
 match HeaderEnvironProxy()
 2. Replace standard python dictionary objects with HeaderKeyDict()
 objects where possible
 This gives us an object that normalizes key references to avoid
 fixing the code to normalize the string literals.
 3. Fix up a few places to use title case string literals to match
 the new defaults
Change-Id: Ied56a1df83ffac793ee85e796424d7d20f18f469
Signed-off-by: Peter Portante <peter.portante@redhat.com>

This will be needed in future replication work to avoid circular
imports.
I used swift.obj.base as the module name just because we seemed to
avoid putting code in __init__.py files so far and I didn't want to
buck the trend.
I would love to see other obj things like *_metadata and DiskFile
move into swift.obj.base as well and swift.obj.server just be the
WSGI server logic, but I'll leave that for the future.
I have changed the tests as little as possible (just the references
to where they get the code to test) to show the refactor has not
broken anything. I did add a test for tpool_reraise since there was
none before.
There will be a follow on patch for moving the tests to their new
location(s). I figured I'd wait to put the bikes in the shed until
everyone's done painting it.
Change-Id: I32b4ac88be21eb76c877d3f4cc1e6ac33304835b

Change-Id: I8ea0ff86518d453597faae44ec3918298e2d5147

This allows users to rotate their TempURL keys without invalidating
all existing signed URLs. This is handy if you have multiple systems
generating signed URLs, but you want to change your keys for some
reason (e.g. keys compromised, company policy, general paranoia).
Both the first and second keys are optional, so existing accounts'
signed URLs will continue to work as before.
This commit does change the memcache key used to store the fetched
TempURL keys. This is because we were storing the old key as a string
in memcached, but the new one is a list of keys. Since the key cache
lifetime here is only 60 seconds, it doesn't seem like too big a deal
to completely flush the TempURL cache.
Also, this commit adds caching of a negative TempURL result. If the
account HEAD reveals no TempURL keys at all, that result is now stored
for 60 seconds the same way that a positive result would be.
Change-Id: I40a02bd607283fbce11aa52a9bb8a5846ab17f5e

Change-Id: I431cac1e9818a335ff8d20288ab6acf39d6b6d5e

Currently if you have a container with objects named
x/y and x0 and you use delimiter=/ in your query, x0
will be excluded from the results. This patch resolves
this problem.
To replicate the original issue, create a container
called 'test' with the following objects:
x/y
x0
x1
Then do a GET with 'accnt/test?delimiter=/' and the
following is returned:
x/
x1
i.e. x0 is missing from output.
Change-Id: If196e3075612b121ef8da4a9128167d00a248c27

It already skips IPv4 addresses, and since IPv6 is the future of the
Internet*, we should probably do the right thing with those too.
* IPv6: Just two years away for over fifteen years!
Change-Id: I54f1db4e936fd38d05ac8b5c709efba76525b9d2

cname_lookup cannot resolve IP addresses as CNAME records, and therefore
should not attempt to resolve the host in that case. The middleware is
skipped when the host is an IP address.
Change-Id: I6961ec205e771116ace1ebcb8c088f3116eb38f0
Fixes: bug #1172289