summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant syscalls in POST pathPrashanth Pai2016-04-042-5/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During process of POST requests which updates object metadata (xattrs), the following (ordered) sequence of syscalls were being made twice: open(), fstat(), fgetxattr(), close() Intuitively, one may assume that a getxattr() and setxattr() is enough to fulfil the POST request as it is only supposed to update metadata. But this isn't the case. The above series of syscalls is made first during disk_file.open(). This will trigger an update of all stale metadata (outdated size/etag) and the result is retained in a diskfile class attribute named 'self._metadata' Instead of using this pre-fetched metadata, the POST path was internally invoking disk_file.open() again in disk_file.write_metadata(). This is redundant and serves no purpose. self._metadata was being erased during the context manager cleanup of disk_file.open() This change is simple and does the following: * Don't erase fetched metadata during context manager exit of open() * Use a different internal variable to detect and raise DiskFileNotOpen * Re-use self._metadata if available in disk_file.write_metadata() Here's comparing syscalls made (POST path) with and without this fix: https://bugzilla.redhat.com/show_bug.cgi?id=1314171#c4 Change-Id: Ib64c103e5904428df20ec6e8f10140f4f68e7f79 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13668 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't fetch metadata for plain container listingPrashanth Pai2016-04-045-4/+137
| | | | | | | | | | | | | | | | | Fetch metadata (xattr) for containers in an account ONLY when the client asks for it (using content-type indicating JSON or XML response). This avoids a lot of unnecessarry stat() and getxattr() calls whose results would anyways be unused. The performance gain is obvious in this case. This change is restricted to container listing. The same can be extended to object listing as well (will be sent as a separate change) Change-Id: Ibff1c5a90519f11053c0b651d8ea3385dda43a2f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13497 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix changing of auth_type in existing deploymentsPrashanth Pai2016-03-183-8/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes does two things: * Adds Sha512 as a supported auth_type. * Fixes breakage when auth_type is changed in existing deployments. If an existing gswauth deployment changes `auth_type` in conf file to a different one (for example: sha1 to sha512), all attempts to authorize existing/old users will fail because of change in encoder type. With this change, the credentials match is done using an encoder with which the password was initially encoded. This allows gswauth deployments to change auth_type and old users will still be able to authorize. A note on auth_type_salt: There's still a distinction between how salt is managed in gswauth and swauth: swauth will use a random salt if a salt is not set in conf file where as gswauth will default to 'gswauthsalt' if a salt is not set in conf file. This distinction is to ensure backward compatibility. This change is derived from following upstream changes in swauth repo: e14a7b3df86969d478090b314d9660b6d835afa7 https://review.openstack.org/#/c/285195/ https://review.openstack.org/#/c/285292/ Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13654 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Bump gluster-swift version to 2.3.0 (kilo)Prashanth Pai2016-03-152-6/+10
| | | | | | | | Change-Id: Iaec0c1577e99d06195d3ea86588f6089a3fe60db Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13737 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't pass unicode to hmac.new()Prashanth Pai2016-03-152-0/+21
| | | | | | | | | | | | | This issue can be hit when swift3 middleware is in the pipeline. This change is a backport of the following swauth change: https://review.openstack.org/#/c/282191/ Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13641 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Remove 60 secs subtraction from item_expiresPrashanth Pai2016-03-111-1/+1
| | | | | | | | | | | | | | According to https://github.com/gholt/swauth/issues/73 nobody knows why is this here. Let's try to remove it :). This is ported from following commit in swauth repo: 79c153f7b198ffaf0c3fd781587a0133bab43d7f Change-Id: I8e64b53ed59dab1f554b7c08f1342c2b5dd4675a Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13522 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Use correct content type on JSON responsesPrashanth Pai2016-03-112-6/+36
| | | | | | | | | | | | | | | | | Currently, in cases where swauth returns a JSON document as its body, it does not specify a content type, and swob defaults it to text/html. This change uses a standard content type of 'application/json' in each of these instances, and adjusts the tests accordingly. This is ported from following commit in swauth repo: 556aa156979741292bde78425f413f9dee639b4f Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13521 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Remove old auth token from memcachePrashanth Pai2016-03-101-0/+5
| | | | | | | | | | | This is ported from following commit in swauth repo: 17faf4e54f9faa031755aa583b67ef68e5ec2b08 Change-Id: I816b04328d02f4b8641571c337ba993a94145615 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13520 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix dup fd leakPrashanth Pai2016-03-083-6/+27
| | | | | | | | | | | | A fd was not being closed after it was duplicated. This code path can be easily hit when doing a GET on a file that needs Etag (md5sum) to be recalculated. Change-Id: Ib2e10d990b9b2e1fa85d0079767892de8c8d4eec Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13593 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix pep8 and functestsPrashanth Pai2016-03-079-12/+12
| | | | | | | | | | Functests used to fail with higher version of python-eventlet (from EPEL repo) package on rhel6. This change addresses that and also some pep8 issues. BUG: 1302546 Change-Id: I5a1a1deb94ee712a387af3d6f65afbcb8557ab6f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13636
* Remove redundant syscalls in GET pathPrashanth Pai2016-03-073-26/+24
| | | | | | | | | | | | | | | This change removes redundant fstat() and fgetxattr() performed in the GET path when object added from file interface is being accessed for the first time via the object interface. This is a manual backport of this change: https://review.openstack.org/#/c/246365/ Change-Id: I29f56cef80c94779145e2948ba14f35817d46e0c Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13624 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Rebase to stable/kiloPrashanth Pai2016-03-0728-1824/+9327
| | | | | | | | | | | | | | | | This change ports most of swiftonfile object server fixes and changes into gluster-swift. Storage policy as a feature is not usable here (it doesn't make sense). The hacky way of creating zero byte tracker objects for object expiration has not been ported to this release due to scalability issues and the need to have a separate volume. Change-Id: I17ba27dacea9ac000bdb8934700996e4d17f4251 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13269 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Do not use pickle: Use jsonPrashanth Pai2016-01-117-9/+339
| | | | | | | | Change-Id: Iffdd56704330897fbde21f101c9b2ed03c2ae296 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Thiago da Silva <tdasilva@redhat.com> Tested-by: Thiago da Silva <tdasilva@redhat.com> Reviewed-on: http://review.gluster.org/13221
* Refactor read_metadata() methodPrashanth Pai2016-01-114-64/+69
| | | | | | | | | | | | | | | This change: * Simplifies read_metadata() method. * Validates pickle header before attempting to unpickle. This change does NOT fix the security vulnerability itself. That would be sent as a separate change. Change-Id: Id95bd584f3ad00fb075456544495f17f7038f991 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Thiago da Silva <tdasilva@redhat.com> Tested-by: Thiago da Silva <tdasilva@redhat.com> Reviewed-on: http://review.gluster.org/13220
* Update .gitreviewPrashanth Pai2016-01-111-1/+5
| | | | | | Change-Id: Ie97d7c2bb03bfa966a80a363c9079fc4b57e97df Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13218
* Update repoThiago da Silva2016-01-0690-8832/+3780
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a squashed commit imported from this repo: https://github.com/openstack/swiftonfile/tree/icehouse Contains the follwing commits from above mentioned repo: eb50236 Merge "Backport: Fix metadata overall limits bug" into icehouse 79ea52a Backport: Fix metadata overall limits bug bc43f0b Fix inconsistent data being returned on GET ad0bb79 Import HTTPBadRequest from swift's module 74d02e6 Exclude .trashcan dir from container listing b2dbc15 Catch ESTALE in addition to ENOENT 8d60b48 Properly handle read_metadata() exceptions 6762fc6 Fix object server leaking file descriptors 2842e82 Fix API incompatibility in update_metadata() 2beeef6 Merge "Remove swiftkerbauth code" into icehouse 93dbcb5 Update object-expirer.conf with explanations c9d2f09 Merge "Check if /etc/swift exists in ring builder" into icehouse d66c14c Remove swiftkerbauth code 3142ed2 Add object expiration functests 97153d1 Merge "Cleanup functest and undo old patch" into icehouse bc234d0 Remove old travis config file and fix typo 260c8ef Check if /etc/swift exists in ring builder 637dac9 Cleanup functest and undo old patch 051e068 Merge pull request #35 from prashanthpai/backport-1 be104a3 Merge pull request #36 from prashanthpai/backport-2 ff76f42 fix issue with GET on large object (icehouse-backport) 04d0a99 Fix unlink call after successful rename 4c6ca1d updating README file with project name change 10b2680 Merge pull request #18 from thiagol11/icehouse 5bcab8f Updating version on __init__ file 5c2cba2 Merge pull request #15 from thiagol11/update_spec 52b00a8 updating spec file to add dependency on swift icehouse ae7c93b Merge pull request #6 from prashanthpai/rebase 191e55b Revert: allow non-root user to run functests cb7e968 Modify unit tests and func tests d23fd1b Sync with OpenStack Swift v1.13.1 b6d1671 Merge pull request #12 from pushpesh/functionalnosetestremove 962622b Merge pull request #8 from thiagol11/update_readme 4560857 Merge pull request #9 from prashanthpai/spec-expirer be0ae7e Minor update 65000f1 Removing functionalnosetests 8ab1069 Fix object-expirer.conf-gluster RPM build error afee30f added new support filesystem section 527b01f updated README.md to Swift-On-File 9a240c7 Merge pull request #3 from thiagol11/add_jenkins_to_travis 34b5a8b removing blank lines 3568b64 fixing missing fi d8f5b0f adding support to run jenkins triggered by travis 6f4a88c Removing functionalnosetests 8041944 Update README.md c015148 Merge pull request #2 from thiagol11/master 3ddd952 fixing travis file to run correct unit test c582669 adding travis status badge to README 8093096 adding py26 unit testing to travis 37835fd trigger travis build cb6332a adding travis ci testing All tests have been run sucessfully against this. tox -e p2p8,py27,functest Change-Id: I096b611da852d3eb3913844034b443b8272c2ac4 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13188
* updating README file with project name changeThiago da Silva2014-06-121-9/+7
| | | | | | | | | | | Change-Id: Ie6c65a3a729e8a83d89d99b757fd9663dec70e89 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/8006 Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Removing functionalnosetestsPushpesh Sharma2014-04-279-1691/+0
| | | | | | | | | | | | | | | | | With the Icehouse release of openstack-swift functional case classified as fucntionalnose tests have been moved to functional cases.Although we copied test suites from test/fucntionalnose/ to test/functional/ but we still have same cases under test/functionalnose.This might cause duplicate tests run. Change-Id: I025206467aad364debd9050b3186e1379d89ffaf Signed-off-by: Pushpesh Sharma <psharma@redhat.com> Reviewed-on: http://review.gluster.org/7516 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Thiago da Silva <thiago@redhat.com>
* Updating code to call fs_utils instead of python's os moduleThiago da Silva2014-04-105-112/+145
| | | | | | | | | | | | | | | | This change is being done to prepare the code to always call fs_utils for all filesystem calls on the data being stored. By creating this interface (i.e., fs_utils), we can then make a seamless change to use the current method of 'os.' calls over FUSE _or_ libgfapi. This new method will be introduced in a new separate patch. Change-Id: Ic768fa7352d7672b1f060230bb4486f0ec228152 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7333 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* removing exception handling in do_mkdirThiago da Silva2014-03-272-24/+14
| | | | | | | | | | | | | | | | | | | | | This change is being made to allow callers to handle any exception thrown by os.mkdir. This function is currently never called anywhere in the code. It was introduced as part of the first commit to this project but it was never used. This patch (http://review.gluster.org/#/c/5304/) removed the early version of this function, and this patch (http://review.gluster.org/#/c/5305/) added it back with new exception handling. Change-Id: I71325660cb47594b0804da3da21920e26d2055f2 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7350 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* removing _make_directory_locked functionThiago da Silva2014-03-261-73/+4
| | | | | | | | | | | | | This function was added as a workaround for race condition bug found in earlier versions of Glusterfs. The bug has since been fixed in the latest version of Glusterfs, so there's no need to support this code any longer. Change-Id: I50ebb66bdf0553ae8bab98ed8f783e0389e83fa8 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7335 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* fix __exit__ function not closing file descriptorThiago da Silva2014-03-262-1/+11
| | | | | | | | | | | The file descriptor is not being closed because it is self._fd is None Change-Id: I7edc8a78b09bdd76d59ac8f3dbc809af652f9b0e Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7315 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* removing check_user_xattr functionThiago da Silva2014-03-262-52/+0
| | | | | | | | | | | | This function is no longer used, the code that called this function was removed as part of this patch: http://review.gluster.com/#/c/3390/ Change-Id: I6e81e4b763ce302289e2be5467dc4776f0750c15 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/7336 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Add support for Object Expiration featurePrashanth Pai2014-03-2413-23/+954
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Preventing access to expired objects ------------------------------------ Re-enabled accepting X-Delete-At and X-Delete-After headers. During a GET on an expired object, DiskFileExpired is raised by DiskFile class. This will result in object-server returning HTTPNotFound (404) to the client. Tracking objects to be deleted ------------------------------ Objects to be deleted are tracked using "tracker objects". These are PUT into a special account(a volume, for now). These zero size "tracker objects" have names that contain: * Expiration timestamp * Path of the actual object to be deleted Deleting actual objects from GlusterFS volume --------------------------------------------- The object-expirer daemon runs a pass once every X seconds. For every pass it makes, it queries the special account for "tracker objects". Based on (timestamp, path) present in name of "tracker objects", object-expirer then deletes the actual object and the corresponding tracker object. To run object-expirer forever: swift-init object-expirer start To run just once: swift-object-expirer -o -v /etc/swift/object-expirer.conf Caveat/Limitation: Object-expirer needs a separate account(volume) that is not used by other services like gswauth. By default, this volume is named "gsexpiring" and is configurable. More info about object expiration: http://docs.openstack.org/developer/swift/overview_expiring_objects.html Change-Id: I876995bf4f16ef4bfdff901561e0558ecf1dc38f Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6891 Tested-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com>
* Functional tests for SwiftKerbAuth filter.Chetan Risbud2014-03-1413-5/+568
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This provides an infrastructure for swiftkerbauth related functional test cases. More test cases will be added later. Added a section in swiftkerbauth guide about how to run functional tests. test/functional_auth/swiftkerbauth ---------------------------------- A new authentication filter related functional tests and configuration to reside here. The configuration would help setup the environment. All the generic functional tests should run fine with PASSIVE mode of swiftkerbatuh. Please refere to swiftkerbatuh documentation for ACTIVE/PASSIVE mode of working. swiftkerbauth/test_swkrbath_active.py ------------------------------------- This file has all the testcases of active mode of swiftkerbauth. More test cases to be added later. SwiftKerbAuth related test cases are meant to run on the setup where SwiftKerbAuth is setup and installed. Change-Id: Ibc2a3945f5c9b6714475fcec0ee9d153debb48e3 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6925 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Update quick_start_guide.mdPrashanth Pai2014-03-141-1/+1
| | | | | | | | | | | | | Author: John Dickinson Original pull request can be found here: https://github.com/gluster/gluster-swift/pull/2 Change-Id: Id5cd45e7090f69407938e5f9431560ed0977b22d Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/7234 Reviewed-by: Thiago da Silva <thiago@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Sync with OpenStack Swift v1.13.0Prashanth Pai2014-03-1312-810/+368
| | | | | | | | | | | Also, bumped version of gluster-swift to v1.13.0 Change-Id: I797dc704c9523540cba847b1e8ff3da97b79630c Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/7229 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* PUT of a Directory failedChetan Risbud2014-03-123-15/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PUT of a directory fails with gluster-swift when there exists object of a same name. This is because the objects and directories are placed on the glusterfs. And hence the filesystem semantics are applicable there. Exceptions raised in such situation are needed to be handled and reported correctly back to proxy-server with HTTPConflict as a error code. Although swift still continues to choose 503 as the best respose in such cases. No tracebacks reported. Fix covers the case when there exists a directory and object of the same name is PUT. Code changes fixes both the failure cases mentioned in the bug. Examples of failing PUT requests: 1) curl -v -X PUT http://127.0.0.1:8080/v1/AUTH_test/c1/dir1/obj2/anotherobject -d'asdasdsadA' -- obj2 was already an object. 2)curl -v -H 'Content-Length: 0' -H 'Content-Type: application/directory' -X PUT http://127.0.0.1:8080/v1/AUTH_test/c1/obj1 -- obj1 was already and object Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1071021 Change-Id: Id3042d920e3f99e740d4042ef5907ac8c59e04db Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/7181 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com>
* Restart memcached after clean-up-token --purge-allChetan Risbud2014-03-111-2/+8
| | | | | | | | | | | | | | | | | | | | Bug: https://bugs.launchpad.net/gluster-swift/+bug/1269444 Recommended way is to flush the cached tokens from memcached after gswauth-clean-up-token. As currently there is no way to flush only those tokens from memcached. So a debug message recommending restart of the memcached. A quick fix. Bigger fix would come in later. Older cached tokens should be flushed/invalidated to let access path work correctly with valid and new tokens. Change-Id: Ic7a820eb3c60bac4829d5c5230cb3a5241b77957 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/7168 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com>
* Update Havana link to 1.10.0-2Luis Pabon2014-02-251-1/+1
| | | | | | Change-Id: Ib0765d2109645a2da0e2e58b176ad26b932d7b99 Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/7159
* Sync with OpenStack Swift v1.12.0Luis Pabon2014-02-169-655/+1801
| | | | | | | | | | | | * Bumped the version of gluster-swift to v1.12.0. * Added document on how to do a sync Change-Id: I676e110759b0bce3007a2a38f3b384b4ca9d710d Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6977 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* Update keystone authentication documentationAntonio Messina2014-02-141-1/+171
| | | | | | | | | | | Add detailed information on how to configure gluster-swift to use Keystone as an authentication source. Change-Id: I9e3ea72378e3f85db45e0ab0320d43591976e038 Signed-off-by: Antonio Messina <antonio.s.messina@gmail.com> Reviewed-on: http://review.gluster.org/6956 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* simplifying instructions in auth guideThiago da Silva2014-02-101-2/+21
| | | | | | | | | | | | | | | | | | | | Attempted to simplify the instructions around authenticating with swift client. Provided users a basic and more advanced method of authenticating. The previous version only listed the advanced method, which is still necessary because it instructs reseller admins on how to access other accounts Bug: https://bugs.launchpad.net/gluster-swift/+bug/1267445 Change-Id: I99cae591627616206fb5277af4b636b8dd2ca3cd Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6863 Reviewed-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* Revert "Attempt to fix failing testMetadataOnPost functional test"Chetan Risbud2014-02-101-1/+0
| | | | | | | | | This reverts commit ad6fb3558019e0f65de0b36c2c2f78d94925838c Change-Id: I0e04c923880b3b987bedb04fdb10d3f9813bb884 Reviewed-on: http://review.gluster.org/6952 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* Attempt to fix failing testMetadataOnPost functional testPrashanth Pai2014-02-101-0/+1
| | | | | | | | | | | | | | | | On Jenkins, functional tests occasionally fail in testMetadataOnPost test case with ResponseNotReady exception. This is an attempt to fix that as I'm guessing that the following could be the reason. It is advised to read the whole response body before sending a new request: http://docs.python.org/2/library/httplib.html#httplib.HTTPConnection.getresponse http://hg.python.org/cpython/file/2.7/Lib/httplib.py#l1033 Change-Id: I2ee880fd15af8766dcbd12f84ef561a67acdcdce Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6945 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* adding error handling to gswauth-cleanup-tokens toolThiago da Silva2014-02-052-10/+27
| | | | | | | | | | | | | | | added input validation for a couple of options and error handling in case a non-existing account name is provided Change-Id: I6d703d584552fc7b7574f34e79ed25a2982b6d5e Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6767 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com>
* Fixes some TCs that assert for response code 403Pushpesh Sharma2014-01-301-15/+13
| | | | | | | | | | | | | For some scenarios although the expected response as per the REST spec is 403, but due to technical limitation/performance improvements it is decided to go with 401.EX:An admin/regular user tries to add a reseller admin user. Change-Id: Ibc280a0be6e5cb81d4d2c46d9a758915ff60ae8f Reviewed-on: http://review.gluster.org/6833 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* Rebase swiftkerbauth imported code with upstreamChetan Risbud2014-01-278-25/+407
| | | | | | | | | | | | | | | | | Few changes have been merged to upstream swiftkerbauth repo. This commit brings it down to gluster-swift repo. Bringing below changes to gluster-swift repo in one go. http://review.gluster.org/#/c/6296/ http://review.gluster.org/#/c/6370/ http://review.gluster.org/#/c/6595/ http://review.gluster.org/#/c/6713/ http://review.gluster.org/#/c/6732/ Change-Id: I10dc12d75ec63fca313339fbc71e4f18071af552 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6764 Reviewed-by: Prashanth Pai <ppai@redhat.com>
* Test cases for gswauth-cleanup-tokenPushpesh Sharma2014-01-241-8/+152
| | | | | | | | | | | | This commit creates a new class to validate the cleanup-token & set-account-service CLI utility.This test tries to cover all the psossible values that can be passed as user input valid/invalid. Change-Id: Ia8ca40ca9e63a296b70cb999c6507b7b1ffbdf61 Signed-off-by: Pushpesh Sharma <psharma@redhat.com> Reviewed-on: http://review.gluster.org/6759 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Provide more generic string in testAssert of some TCsPushpesh Sharma2014-01-211-12/+12
| | | | | | | | | | | | | | | CLI test case were failing on RHEL systems as the error string on Fedora19 and RHEL6.4 systems are different however a more gereric string is there on both of the systems and this is about that only. It replaces the 'ECONNREFUSED' & 'No address associated with hostname' with 'Check that the admin_url is valid'.Now the TCs pass on both of the OS. Change-Id: Iff8b2719e8917864ed8f80d961c55a7f9f6fc77b Signed-off-by: Pushpesh Sharma <psharma@redhat.com> Reviewed-on: http://review.gluster.org/6718 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Initial import of the swiftkerbauthChetan Risbud2014-01-2116-7/+2058
| | | | | | | | | | | | | | | Imported code till commit f64a3354185f32928e2568d9ece4a52fa4746c05 Changed a code bit to import correct definitions. kerbauth unit tests do run along with gluster-swift. Install script does install swiftkerbauth. import swiftkerbauth from http://review.gluster.org/swiftkrbauth.git Change-Id: Ia89f2b77cc68df10dee2f41ce074f3381ac3c408 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6597 Reviewed-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Sync with OpenStack v1.11.0 Jan 10 2014v1.11.0Luis Pabon2014-01-1513-264/+994
| | | | | | | | | | | | | Updated tox.ini, functional tests, and proxy unit tests. BUG: https://bugs.launchpad.net/bugs/1268017 Change-Id: I5ff8359b8abdb8fe5ae82492c12f57c395992735 Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6682 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* fix error handing in swauth toolsThiago da Silva2014-01-149-45/+165
| | | | | | | | | | | | | The swauth tools did not handle an invalid admin_url, so it just failed printing the stacktrace, which is not useful to end users. This fix catches the exception and prints an error message that can help user solve the issue. Change-Id: I806c1cf191b5921e904b155f65cdbde5f2aac695 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6431 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Doc Fix for 1267718Pushpesh Sharma2014-01-143-0/+15
| | | | | | | | | | | | | | | | | | The following piece of documentaion is added to account,container,object.cong-gluster file "default gluster mount point to be used for object store,can be changed by setting the following value in {account,container,object}-server.conf files." BUG:https://bugs.launchpad.net/gluster-swift/+bug/1267718 Change-Id: I7993336b75637034f2cdaf3b41f0960220f7b390 Signed-off-by: Pushpesh Sharma <psharma@redhat.com> Reviewed-on: http://review.gluster.org/6680 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Fix bug where admin is able to delete reseller_adminThiago da Silva2014-01-103-31/+223
| | | | | | | | | | | | | | | | | Changed the code to only allow the super_admin to delete a reseller_admin. This follows the same logic of user creation, where only the super_admin can create a reseller_admin. Also, took the opportunity to refactor some code and implemented get_user_detail method to remove duplicated code Bug 1260239: https://bugs.launchpad.net/gluster-swift/+bug/1260239 Change-Id: I9e4866cd7ad08698f427846be566ab2364ad4850 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6516 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* fixed gswauth cmd tools to require admin key argumentThiago da Silva2014-01-078-15/+35
| | | | | | | | | | | | | | | | All tools were changed to display the usage help text in case the admin key is not provided as an argument Bug 1261677: https://bugs.launchpad.net/gluster-swift/+bug/1261677 Change-Id: I37fa8518be970364b81955644931f6e416bcdc42 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6553 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: pushpesh sharma <psharma@redhat.com> Tested-by: pushpesh sharma <psharma@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com>
* Fix users not able to change their own password/keyPrashanth Pai2014-01-076-32/+323
| | | | | | | | | | | | | | | | | | | | | | | Users were not able to update their own password/key with the update operation resulting in 403 (HTTPForbidden). EXAMPLES: Command to update password/key of regular user: gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass Command to update password/key of account admin: gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass Command to update password/key of reseller_admin: gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227 Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6650 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Handle ENOSPC on os.close() operationPrashanth Pai2014-01-072-2/+17
| | | | | | | | | | | | | It is quite possible that errors on a previous write() operation are first reported at the final close(). For fruther info, refer to: http://review.gluster.org/#/c/6269/ Change-Id: If0fbe2f5109d28c82cb493f2526fd5057f86b556 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6608 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Unit test should use python 2.6 calls onlyLuis Pabon2014-01-071-1/+1
| | | | | | | Change-Id: I994b0e45d4fdb898378de7cd103f7e429a7fd9cc Signed-off-by: Luis Pabon <lpabon@redhat.com> Reviewed-on: http://review.gluster.org/6662 Reviewed-by: Thiago Da Silva <thiago@redhat.com>
* Fixes,TCs for user/account operation by non super_admin usersPushpesh Sharma2014-01-061-96/+394
| | | | | | | | | | | | | | | | | | | This commit does following: 1.New functions in Utils based on CLI 2.Fixes for existing suite 3.Test cases for non super_admin users doing user/account operations I tried to cover most of the possible test cases that can be duducted from the swauth dev guide and swuath user role matrix.These resources can be found here: https://raw.github.com/rbeede/swauth/master/doc/source/Draft%20Security%20Guide/swift_swauth_roles_matrix.png http://gholt.github.io/swauth/dev/ Change-Id: I3267a718e5432cddc751ec53fe9b05ef9061a5e3 Signed-off-by: Pushpesh Sharma <psharma@redhat.com> Reviewed-on: http://review.gluster.org/6537 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>