gluster-swift.git/gluster/swift/common/middleware, branch master Rebase to Swift 2.10.1 (newton) 2017-05-11T05:48:27+00:00 venkata edara redara@redhat.com 2017-05-10T07:57:38+00:00 513988915aa1af13a989d062b021fe1562cbf18d Change-Id: I53a962c9a301089c8aed0b43c50f944c30225944 Signed-off-by: venkata edara <redara@redhat.com> Reviewed-on: https://review.gluster.org/16653 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> 
Change-Id: I53a962c9a301089c8aed0b43c50f944c30225944
Signed-off-by: venkata edara <redara@redhat.com>
Reviewed-on: https://review.gluster.org/16653
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Tested-by: Prashanth Pai <ppai@redhat.com>
s3: Make s3 support configurable 2016-09-19T01:39:03+00:00 Prashanth Pai ppai@redhat.com 2016-08-05T08:55:08+00:00 2318a57a1ea632f77d5f78dc11023fb3b7fc2ad0 Amazon S3 compatibility: This change makes S3 support tunable using a config option and is turned off by default. This is a manual backport of this upstream swauth change: https://review.openstack.org/#/c/326336/ Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15098 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Amazon S3 compatibility:
This change makes S3 support tunable using a config option and is
turned off by default.

This is a manual backport of this upstream swauth change:
https://review.openstack.org/#/c/326336/

Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15098
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Don't include salt in HMAC computation 2016-09-13T14:00:49+00:00 Prashanth Pai ppai@redhat.com 2016-08-05T05:55:42+00:00 83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 Currently, the input to HMAC function is the entire stored credential in the format '<salt>$<hash>` but it should rather be only the hashed key/password. This is a minimal manual backport of this upstream swauth change: https://review.openstack.org/#/c/292529/ Change-Id: Ib119522d36359f87579ff8e4ada7331643695634 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15097 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.

This is a minimal manual backport of this upstream swauth change:
https://review.openstack.org/#/c/292529/

Change-Id: Ib119522d36359f87579ff8e4ada7331643695634
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15097
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Fix changing of auth_type in existing deployments 2016-03-18T19:43:08+00:00 Prashanth Pai ppai@redhat.com 2016-03-09T08:50:28+00:00 539d20e3b13096cfa9107fc2b619943c494c4ab3 This changes does two things: * Adds Sha512 as a supported auth_type. * Fixes breakage when auth_type is changed in existing deployments. If an existing gswauth deployment changes `auth_type` in conf file to a different one (for example: sha1 to sha512), all attempts to authorize existing/old users will fail because of change in encoder type. With this change, the credentials match is done using an encoder with which the password was initially encoded. This allows gswauth deployments to change auth_type and old users will still be able to authorize. A note on auth_type_salt: There's still a distinction between how salt is managed in gswauth and swauth: swauth will use a random salt if a salt is not set in conf file where as gswauth will default to 'gswauthsalt' if a salt is not set in conf file. This distinction is to ensure backward compatibility. This change is derived from following upstream changes in swauth repo: e14a7b3df86969d478090b314d9660b6d835afa7 https://review.openstack.org/#/c/285195/ https://review.openstack.org/#/c/285292/ Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13654 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This changes does two things:
* Adds Sha512 as a supported auth_type.
* Fixes breakage when auth_type is changed in existing deployments.

If an existing gswauth deployment changes `auth_type` in conf file to a
different one (for example: sha1 to sha512), all attempts to authorize
existing/old users will fail because of change in encoder type.

With this change, the credentials match is done using an encoder with
which the password was initially encoded. This allows gswauth deployments
to change auth_type and old users will still be able to authorize.

A note on auth_type_salt:
There's still a distinction between how salt is managed in gswauth and
swauth: swauth will use a random salt if a salt is not set in conf file
where as gswauth will default to 'gswauthsalt' if a salt is not set in
conf file. This distinction is to ensure backward compatibility.

This change is derived from following upstream changes in swauth repo:
e14a7b3df86969d478090b314d9660b6d835afa7
https://review.openstack.org/#/c/285195/
https://review.openstack.org/#/c/285292/

Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13654
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Don't pass unicode to hmac.new() 2016-03-15T13:05:41+00:00 Prashanth Pai ppai@redhat.com 2016-03-08T09:58:42+00:00 5078be08017a21d97a3cf3fa2ffe554ad7f3d2c9 This issue can be hit when swift3 middleware is in the pipeline. This change is a backport of the following swauth change: https://review.openstack.org/#/c/282191/ Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13641 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This issue can be hit when swift3 middleware is in the pipeline.

This change is a backport of the following swauth change:
https://review.openstack.org/#/c/282191/

Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13641
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Remove 60 secs subtraction from item_expires 2016-03-11T18:28:07+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T08:50:31+00:00 9b42f6f85b076202055bb90820db3499cc6015e5 According to https://github.com/gholt/swauth/issues/73 nobody knows why is this here. Let's try to remove it :). This is ported from following commit in swauth repo: 79c153f7b198ffaf0c3fd781587a0133bab43d7f Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13522 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
According to https://github.com/gholt/swauth/issues/73 nobody
knows why is this here. Let's try to remove it :).

This is ported from following commit in swauth repo:
79c153f7b198ffaf0c3fd781587a0133bab43d7f

Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13522
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Use correct content type on JSON responses 2016-03-11T18:24:43+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T08:47:09+00:00 529526c68acb3acdf732d962b7cc8195081cbf56 Currently, in cases where swauth returns a JSON document as its body, it does not specify a content type, and swob defaults it to text/html. This change uses a standard content type of 'application/json' in each of these instances, and adjusts the tests accordingly. This is ported from following commit in swauth repo: 556aa156979741292bde78425f413f9dee639b4f Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13521 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
Currently, in cases where swauth returns a JSON document as its body,
it does not specify a content type, and swob defaults it to text/html.

This change uses a standard content type of 'application/json' in each
of these instances, and adjusts the tests accordingly.

This is ported from following commit in swauth repo:
556aa156979741292bde78425f413f9dee639b4f

Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13521
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Remove old auth token from memcache 2016-03-11T00:24:04+00:00 Prashanth Pai ppai@redhat.com 2016-02-25T07:10:23+00:00 9d00e874b5b8f615ff7102639ccf375cc6630c94 This is ported from following commit in swauth repo: 17faf4e54f9faa031755aa583b67ef68e5ec2b08 Change-Id: I816b04328d02f4b8641571c337ba993a94145615 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13520 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This is ported from following commit in swauth repo:
17faf4e54f9faa031755aa583b67ef68e5ec2b08

Change-Id: I816b04328d02f4b8641571c337ba993a94145615
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13520
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Fix pep8 and functests 2016-03-08T06:23:54+00:00 Prashanth Pai ppai@redhat.com 2016-01-28T12:40:04+00:00 7392f4626609da910a2c98c14b8380419613635d Functests used to fail with higher version of python-eventlet (from EPEL repo) package on rhel6. This change addresses that and also some pep8 issues. BUG: 1302546 Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13636 
Functests used to fail with higher version of python-eventlet (from EPEL
repo) package on rhel6. This change addresses that and also some pep8 issues.

BUG: 1302546
Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13636
Rebase to stable/kilo 2016-03-07T18:38:49+00:00 Prashanth Pai ppai@redhat.com 2015-11-02T06:25:17+00:00 ea4750a366123f78411d90082733642376dc6afc This change ports most of swiftonfile object server fixes and changes into gluster-swift. Storage policy as a feature is not usable here (it doesn't make sense). The hacky way of creating zero byte tracker objects for object expiration has not been ported to this release due to scalability issues and the need to have a separate volume. Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13269 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com> 
This change ports most of swiftonfile object server fixes and changes
into gluster-swift. Storage policy as a feature is not usable here
(it doesn't make sense).

The hacky way of creating zero byte tracker objects for object
expiration has not been ported to this release due to scalability
issues and the need to have a separate volume.

Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/13269
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>