gluster-swift.git/gluster/swift/common/middleware, branch kilo s3: Make s3 support configurable 2016-09-19T01:39:03+00:00 Prashanth Pai ppai@redhat.com 2016-08-05T08:55:08+00:00 2318a57a1ea632f77d5f78dc11023fb3b7fc2ad0 Amazon S3 compatibility: This change makes S3 support tunable using a config option and is turned off by default. This is a manual backport of this upstream swauth change: https://review.openstack.org/#/c/326336/ Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15098 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Amazon S3 compatibility:
This change makes S3 support tunable using a config option and is
turned off by default.

This is a manual backport of this upstream swauth change:
https://review.openstack.org/#/c/326336/

Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15098
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Don't include salt in HMAC computation 2016-09-13T14:00:49+00:00 Prashanth Pai ppai@redhat.com 2016-08-05T05:55:42+00:00 83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 Currently, the input to HMAC function is the entire stored credential in the format '<salt>$<hash>` but it should rather be only the hashed key/password. This is a minimal manual backport of this upstream swauth change: https://review.openstack.org/#/c/292529/ Change-Id: Ib119522d36359f87579ff8e4ada7331643695634 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15097 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.

This is a minimal manual backport of this upstream swauth change:
https://review.openstack.org/#/c/292529/

Change-Id: Ib119522d36359f87579ff8e4ada7331643695634
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15097
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Fix changing of auth_type in existing deployments 2016-03-18T19:43:08+00:00 Prashanth Pai ppai@redhat.com 2016-03-09T08:50:28+00:00 539d20e3b13096cfa9107fc2b619943c494c4ab3 This changes does two things: * Adds Sha512 as a supported auth_type. * Fixes breakage when auth_type is changed in existing deployments. If an existing gswauth deployment changes `auth_type` in conf file to a different one (for example: sha1 to sha512), all attempts to authorize existing/old users will fail because of change in encoder type. With this change, the credentials match is done using an encoder with which the password was initially encoded. This allows gswauth deployments to change auth_type and old users will still be able to authorize. A note on auth_type_salt: There's still a distinction between how salt is managed in gswauth and swauth: swauth will use a random salt if a salt is not set in conf file where as gswauth will default to 'gswauthsalt' if a salt is not set in conf file. This distinction is to ensure backward compatibility. This change is derived from following upstream changes in swauth repo: e14a7b3df86969d478090b314d9660b6d835afa7 https://review.openstack.org/#/c/285195/ https://review.openstack.org/#/c/285292/ Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13654 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This changes does two things:
* Adds Sha512 as a supported auth_type.
* Fixes breakage when auth_type is changed in existing deployments.

If an existing gswauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.

With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows gswauth deployments
to change auth_type and old users will still be able to authorize.

A note on auth_type_salt:
There's still a distinction between how salt is managed in gswauth and
swauth: swauth will use a random salt if a salt is not set in conf file
where as gswauth will default to 'gswauthsalt' if a salt is not set in
conf file. This distinction is to ensure backward compatibility.

This change is derived from following upstream changes in swauth repo:
e14a7b3df86969d478090b314d9660b6d835afa7
https://review.openstack.org/#/c/285195/
https://review.openstack.org/#/c/285292/

Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13654
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Don't pass unicode to hmac.new() 2016-03-15T13:05:41+00:00 Prashanth Pai ppai@redhat.com 2016-03-08T09:58:42+00:00 5078be08017a21d97a3cf3fa2ffe554ad7f3d2c9 This issue can be hit when swift3 middleware is in the pipeline. This change is a backport of the following swauth change: https://review.openstack.org/#/c/282191/ Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13641 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This issue can be hit when swift3 middleware is in the pipeline.

This change is a backport of the following swauth change:
https://review.openstack.org/#/c/282191/

Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13641
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Remove 60 secs subtraction from item_expires 2016-03-11T18:28:07+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T08:50:31+00:00 9b42f6f85b076202055bb90820db3499cc6015e5 According to https://github.com/gholt/swauth/issues/73 nobody knows why is this here. Let's try to remove it :). This is ported from following commit in swauth repo: 79c153f7b198ffaf0c3fd781587a0133bab43d7f Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13522 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
According to https://github.com/gholt/swauth/issues/73 nobody
knows why is this here. Let's try to remove it :).

This is ported from following commit in swauth repo:
79c153f7b198ffaf0c3fd781587a0133bab43d7f

Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13522
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Use correct content type on JSON responses 2016-03-11T18:24:43+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T08:47:09+00:00 529526c68acb3acdf732d962b7cc8195081cbf56 Currently, in cases where swauth returns a JSON document as its body, it does not specify a content type, and swob defaults it to text/html. This change uses a standard content type of 'application/json' in each of these instances, and adjusts the tests accordingly. This is ported from following commit in swauth repo: 556aa156979741292bde78425f413f9dee639b4f Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13521 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Currently, in cases where swauth returns a JSON document as its body,
it does not specify a content type, and swob defaults it to text/html.

This change uses a standard content type of 'application/json' in each
of these instances, and adjusts the tests accordingly.

This is ported from following commit in swauth repo:
556aa156979741292bde78425f413f9dee639b4f

Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13521
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Remove old auth token from memcache 2016-03-11T00:24:04+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T07:10:23+00:00 9d00e874b5b8f615ff7102639ccf375cc6630c94 This is ported from following commit in swauth repo: 17faf4e54f9faa031755aa583b67ef68e5ec2b08 Change-Id: I816b04328d02f4b8641571c337ba993a94145615 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13520 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This is ported from following commit in swauth repo:
17faf4e54f9faa031755aa583b67ef68e5ec2b08

Change-Id: I816b04328d02f4b8641571c337ba993a94145615
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13520
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Fix pep8 and functests 2016-03-08T06:23:54+00:00 Prashanth Pai ppai@redhat.com 2016-01-28T12:40:04+00:00 7392f4626609da910a2c98c14b8380419613635d Functests used to fail with higher version of python-eventlet (from EPEL repo) package on rhel6. This change addresses that and also some pep8 issues. BUG: 1302546 Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13636 
Functests used to fail with higher version of python-eventlet (from EPEL
repo) package on rhel6. This change addresses that and also some pep8 issues.

BUG: 1302546
Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13636
Rebase to stable/kilo 2016-03-07T18:38:49+00:00 Prashanth Pai ppai@redhat.com 2015-11-02T06:25:17+00:00 ea4750a366123f78411d90082733642376dc6afc This change ports most of swiftonfile object server fixes and changes into gluster-swift. Storage policy as a feature is not usable here (it doesn't make sense). The hacky way of creating zero byte tracker objects for object expiration has not been ported to this release due to scalability issues and the need to have a separate volume. Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13269 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This change ports most of swiftonfile object server fixes and changes
into gluster-swift. Storage policy as a feature is not usable here
(it doesn't make sense).

The hacky way of creating zero byte tracker objects for object
expiration has not been ported to this release due to scalability
issues and the need to have a separate volume.

Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13269
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Update repo 2016-01-06T15:53:12+00:00 Thiago da Silva thiago@redhat.com 2014-04-22T18:15:02+00:00 2a8f9f0f530327039c32e444b6a27130b12666bd This is a squashed commit imported from this repo: https://github.com/openstack/swiftonfile/tree/icehouse Contains the follwing commits from above mentioned repo: eb50236 Merge "Backport: Fix metadata overall limits bug" into icehouse 79ea52a Backport: Fix metadata overall limits bug bc43f0b Fix inconsistent data being returned on GET ad0bb79 Import HTTPBadRequest from swift's module 74d02e6 Exclude .trashcan dir from container listing b2dbc15 Catch ESTALE in addition to ENOENT 8d60b48 Properly handle read_metadata() exceptions 6762fc6 Fix object server leaking file descriptors 2842e82 Fix API incompatibility in update_metadata() 2beeef6 Merge "Remove swiftkerbauth code" into icehouse 93dbcb5 Update object-expirer.conf with explanations c9d2f09 Merge "Check if /etc/swift exists in ring builder" into icehouse d66c14c Remove swiftkerbauth code 3142ed2 Add object expiration functests 97153d1 Merge "Cleanup functest and undo old patch" into icehouse bc234d0 Remove old travis config file and fix typo 260c8ef Check if /etc/swift exists in ring builder 637dac9 Cleanup functest and undo old patch 051e068 Merge pull request #35 from prashanthpai/backport-1 be104a3 Merge pull request #36 from prashanthpai/backport-2 ff76f42 fix issue with GET on large object (icehouse-backport) 04d0a99 Fix unlink call after successful rename 4c6ca1d updating README file with project name change 10b2680 Merge pull request #18 from thiagol11/icehouse 5bcab8f Updating version on __init__ file 5c2cba2 Merge pull request #15 from thiagol11/update_spec 52b00a8 updating spec file to add dependency on swift icehouse ae7c93b Merge pull request #6 from prashanthpai/rebase 191e55b Revert: allow non-root user to run functests cb7e968 Modify unit tests and func tests d23fd1b Sync with OpenStack Swift v1.13.1 b6d1671 Merge pull request #12 from pushpesh/functionalnosetestremove 962622b Merge pull request #8 from thiagol11/update_readme 4560857 Merge pull request #9 from prashanthpai/spec-expirer be0ae7e Minor update 65000f1 Removing functionalnosetests 8ab1069 Fix object-expirer.conf-gluster RPM build error afee30f added new support filesystem section 527b01f updated README.md to Swift-On-File 9a240c7 Merge pull request #3 from thiagol11/add_jenkins_to_travis 34b5a8b removing blank lines 3568b64 fixing missing fi d8f5b0f adding support to run jenkins triggered by travis 6f4a88c Removing functionalnosetests 8041944 Update README.md c015148 Merge pull request #2 from thiagol11/master 3ddd952 fixing travis file to run correct unit test c582669 adding travis status badge to README 8093096 adding py26 unit testing to travis 37835fd trigger travis build cb6332a adding travis ci testing All tests have been run sucessfully against this. tox -e p2p8,py27,functest Change-Id: I096b611da852d3eb3913844034b443b8272c2ac4 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13188 
This is a squashed commit imported from this repo:
https://github.com/openstack/swiftonfile/tree/icehouse

Contains the follwing commits from above mentioned repo:

eb50236 Merge "Backport: Fix metadata overall limits bug" into icehouse
79ea52a Backport: Fix metadata overall limits bug
bc43f0b Fix inconsistent data being returned on GET
ad0bb79 Import HTTPBadRequest from swift's module
74d02e6 Exclude .trashcan dir from container listing
b2dbc15 Catch ESTALE in addition to ENOENT
8d60b48 Properly handle read_metadata() exceptions
6762fc6 Fix object server leaking file descriptors
2842e82 Fix API incompatibility in update_metadata()
2beeef6 Merge "Remove swiftkerbauth code" into icehouse
93dbcb5 Update object-expirer.conf with explanations
c9d2f09 Merge "Check if /etc/swift exists in ring builder" into icehouse
d66c14c Remove swiftkerbauth code
3142ed2 Add object expiration functests
97153d1 Merge "Cleanup functest and undo old patch" into icehouse
bc234d0 Remove old travis config file and fix typo
260c8ef Check if /etc/swift exists in ring builder
637dac9 Cleanup functest and undo old patch
051e068 Merge pull request #35 from prashanthpai/backport-1
be104a3 Merge pull request #36 from prashanthpai/backport-2
ff76f42 fix issue with GET on large object (icehouse-backport)
04d0a99 Fix unlink call after successful rename
4c6ca1d updating README file with project name change
10b2680 Merge pull request #18 from thiagol11/icehouse
5bcab8f Updating version on __init__ file
5c2cba2 Merge pull request #15 from thiagol11/update_spec
52b00a8 updating spec file to add dependency on swift icehouse
ae7c93b Merge pull request #6 from prashanthpai/rebase
191e55b Revert: allow non-root user to run functests
cb7e968 Modify unit tests and func tests
d23fd1b Sync with OpenStack Swift v1.13.1
b6d1671 Merge pull request #12 from pushpesh/functionalnosetestremove
962622b Merge pull request #8 from thiagol11/update_readme
4560857 Merge pull request #9 from prashanthpai/spec-expirer
be0ae7e Minor update
65000f1 Removing functionalnosetests
8ab1069 Fix object-expirer.conf-gluster RPM build error
afee30f added new support filesystem section
527b01f updated README.md to Swift-On-File
9a240c7 Merge pull request #3 from thiagol11/add_jenkins_to_travis
34b5a8b removing blank lines
3568b64 fixing missing fi
d8f5b0f adding support to run jenkins triggered by travis
6f4a88c Removing functionalnosetests
8041944 Update README.md
c015148 Merge pull request #2 from thiagol11/master
3ddd952 fixing travis file to run correct unit test
c582669 adding travis status badge to README
8093096 adding py26 unit testing to travis
37835fd trigger travis build
cb6332a adding travis ci testing

All tests have been run sucessfully against this.
tox -e p2p8,py27,functest

Change-Id: I096b611da852d3eb3913844034b443b8272c2ac4
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13188