Bug #1415957 “unauthorized container GET returns 404 when accoun...” : Bugs : OpenStack Object Storage (swift)

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2015-01-29:

#1

patch for proposed fix Edit (3.4 KiB, text/plain)

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2015-01-29:

#2

container_HEAD_404_vs_403.bash Edit (1.9 KiB, text/plain)

The attached script will illustrate the behavior and verify the fix (assumes tempauth).

Tristan Cacqueray (tristan-cacqueray) on 2015-01-29

Changed in ossa:
status:	New → Incomplete

Revision history for this message

Tristan Cacqueray (tristan-cacqueray) wrote on 2015-01-29:

#3

Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.

This is an un-authenticated user enumaration type of vulnerability... However it seems to be affecting swift tempauth, as the Auth_ part of the url should contain tenant UUID. Thus I would suggest a C1 class (https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy).

Thought ?

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2015-01-30:

#4

Download full text (4.5 KiB)

This bug is also seen with keystone auth. I mentioned that above but here's an example (below).The root cause is the swift proxy not calling back to auth middleware, whatever auth middleware that might be.

````
# using keystoneauth...

swift@saio-1:~/swift$ curl http://localhost:8080/info
{"ratelimit": {"container_ratelimits": []}, "container_quotas": {}, "account_quotas": {}, "tempurl": {"methods": ["GET", "HEAD", "PUT", "POST", "DELETE"]}, "slo": {"max_manifest_segments": 1000, "min_segment_size": 4, "max_manifest_size": 2097152}, "swift": {"max_file_size": 5368709122, "account_listing_limit": 10000, "account_autocreate": true, "max_meta_count": 90, "max_meta_value_length": 256, "container_listing_limit": 10000, "max_meta_overall_size": 4096, "version": "2.2.1.18.g1f1cdce", "max_meta_name_length": 128, "max_header_size": 8192, "policies": [{"default": true, "name": "Policy-0"}, {"name": "partpow15"}], "max_object_name_length": 1024, "max_account_name_length": 256, "strict_cors_mode": true, "allow_account_management": false, "max_container_name_length": 256}, "keystoneauth": {}}

# get tokens and id for test:tester and test2:tester2...

# 404 response for GET on container in non-existent account for 'test2' using token for 'test'.

swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: ecf0570fdcd84ae388348c6fddbc799f' -iHTTP/1.1 404 Not Found
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx23e7a33c22e844a7932b9-0054c26642
Date: Fri, 23 Jan 2015 15:18:26 GMT

# 404 response for GET on container in non-existent account for 'test2' using token for 'test2'.

<html><h1>Not Found</h
swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: 5fcfa357064b4587a78d1ab85d1f9ce9' -i
HTTP/1.1 404 Not Found
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txc86061d731b64381bb973-0054c2666f
Date: Fri, 23 Jan 2015 15:19:11 GMT

<html><h1>Not Found</h1><p>The resource could not be found.</p></html>swift@saio-1:~/sw...

This bug is also seen with keystone auth. I mentioned that above but here's an example (below).The root cause is the swift proxy not calling back to auth middleware, whatever auth middleware that might be.

````
# using keystoneauth...

swift@saio-1:~/swift$ curl http://localhost:8080/info
{"ratelimit": {"container_ratelimits": []}, "container_quotas": {}, "account_quotas": {}, "tempurl": {"methods": ["GET", "HEAD", "PUT", "POST", "DELETE"]}, "slo": {"max_manifest_segments": 1000, "min_segment_size": 4, "max_manifest_size": 2097152}, "swift": {"max_file_size": 5368709122, "account_listing_limit": 10000, "account_autocreate": true, "max_meta_count": 90, "max_meta_value_length": 256, "container_listing_limit": 10000, "max_meta_overall_size": 4096, "version": "2.2.1.18.g1f1cdce", "max_meta_name_length": 128, "max_header_size": 8192, "policies": [{"default": true, "name": "Policy-0"}, {"name": "partpow15"}], "max_object_name_length": 1024, "max_account_name_length": 256, "strict_cors_mode": true, "allow_account_management": false, "max_container_name_length": 256}, "keystoneauth": {}}

# get tokens and id for test:tester and test2:tester2...

# 404 response for GET on container in non-existent account for 'test2' using token for 'test'.

swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: ecf0570fdcd84ae388348c6fddbc799f' -iHTTP/1.1 404 Not Found
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx23e7a33c22e844a7932b9-0054c26642
Date: Fri, 23 Jan 2015 15:18:26 GMT

# 404 response for GET on container in non-existent account for 'test2' using token for 'test2'.

<html><h1>Not Found</h
swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: 5fcfa357064b4587a78d1ab85d1f9ce9' -i 
HTTP/1.1 404 Not Found
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: txc86061d731b64381bb973-0054c2666f
Date: Fri, 23 Jan 2015 15:19:11 GMT

<html><h1>Not Found</h1><p>The resource could not be found.</p></html>swift@saio-1:~/swift$

# create a container in account for test 2 using test2 token,
# as a side-effect account for test2 is auto-created:

swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/blah -H 'X-Auth-Token: 5fcfa357064b4587a78d1ab85d1f9ce9' -i -X PUT
HTTP/1.1 201 Created
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx677c2f11b22f4b678a47f-0054c2667f
Date: Fri, 23 Jan 2015 15:19:27 GMT

# Now see 403 response to GET on container in account for 'test2' using token for 'test'.

swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: ecf0570fdcd84ae388348c6fddbc799f' -iHTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx9a6985459bc1490ca04af-0054c2668c
Date: Fri, 23 Jan 2015 15:19:40 GMT

# Still see 404 response to GET on container in account for 'test2' using token for 'test2'.

swift@saio-1:~/swift$ curl http://localhost:8080/v1/AUTH_14a4d630abea491eb21a7a50864f6003/container -H 'X-Auth-Token: 5fcfa357064b4587a78d1ab85d1f9ce9' -iHTTP/1.1 404 Not Found
Content-Length: 70
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx317502ddb5d5460b862b2-0054c266a0
Date: Fri, 23 Jan 2015 15:20:00 GMT

<html><h1>Not Found</h1><p>The resource could not be found.</p></html>swift@saio-1:~/swift$ 
````

Revision history for this message

Tristan Cacqueray (tristan-cacqueray) wrote on 2015-01-30:

#5

@Alistair, What I meant is that uuid enumeration is not considered realistic because of the huge size of uuid space compared to username'. (2**128 possible uuid). Even sampling based estimation of the number of accounts seems also impossible to achieve.

Anyway this can surely be fixed, thus I suggested a C1 class type of bug, meaning we remove the advisory task and open this report for public review.

Though I might underrate tempauth usage (e.g., used for custom auth system).

Revision history for this message

clayg (clay-gerrard) wrote on 2015-01-30:

#6

Why do we even *do* a preflight request for the account when looking up the container? Object get doesn't need to check if the container exists before it gets the object (I mean... it *will* call container_info to get the container acl's before calling authorize - but that's sort of the right thing to do).

Is this some sort of special case handling for when an account get's deleted (like 410 marked for reaper) - because if 410 makes account_info come back empty the PUT path for container makes the account autocreate handling look inefficient or possibly wrong?

I'm ok with adding the second authorize callback return from GETorHEAD as the most obviously correct fix - but can we expand testing to consider the 410 account deleted. I think PUT/DELETE/POST are ok, because they're not decorated delay_denial - but maybe it'd be worth a for verb loop just to be sure...

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2015-02-02:

#7

@Tristan ok, thanks for clarification.

@Clay I'll attach a new version of the patch with increase coverage (i.e. verify that any unauth'd container request will return whatever the swift.authorize returns, and that any auth'd request will return 404, if the account is not found.

Re 410's for deleted accounts - the account_info function doesn't discriminate between 404 and 410 from the account - anything other than success from the account HEAD results in None,None,None returned from account_info which the container controller maps to a 404.

As for why the container request is predicated by account existence, that is interesting and related to this bug too [1] but is probably a separate discussion as to what the 'correct' API behavior should be when accessing resources in a 'non-existent' account.

[1] https://review.openstack.org/#/q/status:open+project:openstack/swift+branch:master+topic:bug/1381541,n,z

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2015-02-02:

#8

Make-container-GET-call-authorize-when-account-not-found_2.patch Edit (4.9 KiB, text/plain)

new patch with tests for other unauth'd request methods, and test verifying that all auth'd container requests are 404'd when the account is not found/deleted.

Revision history for this message

Tristan Cacqueray (tristan-cacqueray) wrote on 2015-02-03:

#9

After discussing this with notmyname, UUID are not particularly secret and could be stolen and used to detect the lack of swift usage for a particular account... Though this does not sound very valuable for an attacker.

I still suggest a C1 type of bug and propose we open it by next week if no objections.

Tristan Cacqueray (tristan-cacqueray) on 2015-02-09

Changed in ossa:
status:	Incomplete → Won't Fix

Revision history for this message

Jeremy Stanley (fungi) wrote on 2015-02-09:

#10

I agree with C1 for this report (not considered a practical vulnerability).

Tristan Cacqueray (tristan-cacqueray) on 2015-02-09

information type:

Private Security → Public

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-09: Fix proposed to swift (master)

#11

Fix proposed to branch: master
Review: https://review.openstack.org/154164

Changed in swift:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-13: Fix merged to swift (master)

#12

Reviewed: https://review.openstack.org/154164
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=a82bfb25ba180dbde700d2f9108acf1c85f5d61f
Submitter: Jenkins
Branch: master

commit a82bfb25ba180dbde700d2f9108acf1c85f5d61f
Author: Alistair Coles <email address hidden>
Date: Thu Jan 29 14:26:01 2015 +0000

Make container GET call authorize when account not found

    When an account was not found, ContainerController would
    return 404 unconditionally for a container GET or HEAD request,
    without checking that the request was authorized.

    This patch modifies the GETorHEAD method to first call any
    callback method registered under 'swift.authorize' in the
    request environ and prefer any response from that over the 404.

Closes-Bug: 1415957

Change-Id: I4f41fd9e445238e14af74b6208885d83698cc08d

Changed in swift:
status:	In Progress → Fix Committed

Revision history for this message

clayg (clay-gerrard) wrote on 2015-02-13:

#13

backport?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-21: Fix proposed to swift (feature/ec)

#14

Fix proposed to branch: feature/ec
Review: https://review.openstack.org/158087

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-22: Fix merged to swift (feature/ec)

#15

Download full text (15.3 KiB)

Reviewed: https://review.openstack.org/158087
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=c84d50f43fdfbdc72ea9c0867769cfa7fdbb09c0
Submitter: Jenkins
Branch: feature/ec

commit db29ffc98384a9f61c2d4cc48bb2faf9f5dd0478
Author: Samuel Merritt <email address hidden>
Date: Fri Feb 20 11:04:24 2015 -0800

Make proxy_logging close the WSGI iterator

    PEP 333 says that the WSGI framework will call .close() on the
    iterator returned by a WSGI application once it's done, provided such
    a method exists. So, if our code wraps an iterator, then we have to
    call .close() on it once we're done with it. proxy_logging wasn't.

    Since WSGIContext gets it right, I looked at making proxy_logging use
    WSGIContext. However, WSGIContext is all about forcing the first chunk
    out of the iterator so that it can capture the final HTTP status and
    headers; it doesn't help if you want to look at every chunk.
    proxy_logging wants every chunk so it can count the bytes sent.

    This didn't hurt anything in Swift, but pconstantine was complaining
    in IRC that our failure to call .close() was goofing up some other
    middleware he had.

Change-Id: Ic6ea0795ccef6cda2b5c6737697ef7d58eac9ab4

commit 4ca08cc395e686265574366497a6869e94eebcb2
Author: Alistair Coles <email address hidden>
Date: Tue Feb 17 10:27:44 2015 +0000

Update guest VM OS recommendation in SAIO doc

The target development platform has changed to Ubuntu 14.04 [1].
This patch makes the suggested SAIO platform the same.

    Also, remove pointer to wiki page for other platform install
    instructions that either redirects back to this SAIO doc or
    to another wike page and then a dead link.

[1] I0a96bcf692bb240f3ab5aab7fefd294a07735a83

DocImpact

Change-Id: I9f96104b5437c1f1f28f924c048ef83cf03338f4

commit 7bc09dfdea0893a49e50005b22b426ae21c11d22
Author: Arnaud JOST <email address hidden>
Date: Wed Feb 18 11:56:11 2015 +0100

Add support of x-remove- headers for container-sync

    If the used tool to send header doesn't support empty headers (older versions
    of curl), x-remove can be used to remove metadata.
    sync-key and sync-to metadata, used by container-sync, can now be removed using
    x-remove headers.

Change-Id: I0edb4d5425a99d20a973aa4fceaf9af6c2ddecc0

commit 949804eda4a85c3c960b0baa090e16f1aa48e95e
Author: John Dickinson <email address hidden>
Date: Mon Feb 16 14:00:24 2015 -0800

update the getting started doc

Change-Id: I0a96bcf692bb240f3ab5aab7fefd294a07735a83

commit dd1a05f52765a6273906b5d6ce55f81e269bad12
Author: OpenStack Proposal Bot <email address hidden>
Date: Mon Feb 16 06:30:54 2015 +0000

Imported Translations from Transifex

For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure

Change-Id: I013976c6192a8bff891c9050f829ae7a1e2fec59

commit 7acc2911296f48f10165282eee6bfe8e5c817a69
Author: John Dickinson <email address hidden>
Date: Sun Feb 15 17:14:31 2015 -0800

added swift_source to ratelimit info calls

Change-Id: I2b4cc...

Reviewed:  https://review.openstack.org/158087
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=c84d50f43fdfbdc72ea9c0867769cfa7fdbb09c0
Submitter: Jenkins
Branch:    feature/ec

commit db29ffc98384a9f61c2d4cc48bb2faf9f5dd0478
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Fri Feb 20 11:04:24 2015 -0800

Make proxy_logging close the WSGI iterator
    
    PEP 333 says that the WSGI framework will call .close() on the
    iterator returned by a WSGI application once it's done, provided such
    a method exists. So, if our code wraps an iterator, then we have to
    call .close() on it once we're done with it. proxy_logging wasn't.
    
    Since WSGIContext gets it right, I looked at making proxy_logging use
    WSGIContext. However, WSGIContext is all about forcing the first chunk
    out of the iterator so that it can capture the final HTTP status and
    headers; it doesn't help if you want to look at every chunk.
    proxy_logging wants every chunk so it can count the bytes sent.
    
    This didn't hurt anything in Swift, but pconstantine was complaining
    in IRC that our failure to call .close() was goofing up some other
    middleware he had.
    
    Change-Id: Ic6ea0795ccef6cda2b5c6737697ef7d58eac9ab4

commit 4ca08cc395e686265574366497a6869e94eebcb2
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Tue Feb 17 10:27:44 2015 +0000

Update guest VM OS recommendation in SAIO doc
    
    The target development platform has changed to Ubuntu 14.04 [1].
    This patch makes the suggested SAIO platform the same.
    
    Also, remove pointer to wiki page for other platform install
    instructions that either redirects back to this SAIO doc or
    to another wike page and then a dead link.
    
    [1] I0a96bcf692bb240f3ab5aab7fefd294a07735a83
    
    DocImpact
    
    Change-Id: I9f96104b5437c1f1f28f924c048ef83cf03338f4

commit 7bc09dfdea0893a49e50005b22b426ae21c11d22
Author: Arnaud JOST <arnaud.jost@ovh.net>
Date:   Wed Feb 18 11:56:11 2015 +0100

Add support of x-remove- headers for container-sync
    
    If the used tool to send header doesn't support empty headers (older versions
    of curl), x-remove can be used to remove metadata.
    sync-key and sync-to metadata, used by container-sync, can now be removed using
    x-remove headers.
    
    Change-Id: I0edb4d5425a99d20a973aa4fceaf9af6c2ddecc0

commit 949804eda4a85c3c960b0baa090e16f1aa48e95e
Author: John Dickinson <me@not.mn>
Date:   Mon Feb 16 14:00:24 2015 -0800

update the getting started doc
    
    Change-Id: I0a96bcf692bb240f3ab5aab7fefd294a07735a83

commit dd1a05f52765a6273906b5d6ce55f81e269bad12
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Mon Feb 16 06:30:54 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: I013976c6192a8bff891c9050f829ae7a1e2fec59

commit 7acc2911296f48f10165282eee6bfe8e5c817a69
Author: John Dickinson <me@not.mn>
Date:   Sun Feb 15 17:14:31 2015 -0800

added swift_source to ratelimit info calls
    
    Change-Id: I2b4ccb809c0f4505098e261f546f53c27440dd43

commit 023e29fa1e5ea9e22b12c897ea6f944c537c6bf3
Author: Richard Hawkins <richard.hawkins@rackspace.com>
Date:   Thu Feb 12 16:39:48 2015 -0600

Add functional tests for container TempURLs
    
    Change-Id: I7f54594df1522d72dd1d13556be0b9d33e811b30

commit ca0fce8542645b9f7b934817eb4cab7835ec0d3c
Author: Leah Klearman <lklrmn@gmail.com>
Date:   Fri Feb 13 16:55:45 2015 -0800

more probe test refactoring
    
    * move get_to_final_state into ProbeTest
    * get rid of kill_servers
    * add replicators manager and updaters manager to ProbeTest
    
    (this is all going someplace, i promise)
    
    Change-Id: I8393a2ebc0d04051cae48cc3c49580f70818dbf2

commit 2655465d82b8b0acb29babf5d7520808860702cc
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Fri Feb 13 13:11:40 2015 -0800

Promote some of the best developers I know to CORE Emeritus
    
    Change-Id: I4095bdbb2c137615bf9492e373a837daadea8920

commit 596042b9c778114dcfab1670e1ca40aa3a8c71ee
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Thu Feb 12 16:15:42 2015 -0800

Minor cleanup post efficent multi-region replication
    
    One log line had a typo, and I refactored the per object cleanup code out of
    update_deleted into the per object hashdir cleanup method.
    
    Change-Id: I19d03d0706a75bd8ec2fe327a1eb1b5ec36de6d2

commit b8e85a42ec18d234bbbe45d0c94f386610e4cd8a
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Fri Feb 13 06:10:44 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: I7655ef8e64b6700be9b8aaa6387c36de32a2d7b8

commit a4ffd1d1c6f8027d408c73076113ddafdc79ebc0
Author: Leah Klearman <lklrmn@gmail.com>
Date:   Thu Feb 12 20:32:35 2015 -0800

move test comments around
    
    should make later refactoring easier
    
    Change-Id: I7af399a14c8bc78fcfc438e4440d2f023c8aa5db

commit 82e5090848ecf2e5225acf1741e40c670ad3f121
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Thu Feb 12 21:30:37 2015 +0000

Fix ssync send_delete
    
    The ssync_sender send_delete method treats its
    timestamp argument as a string when in fact it is
    passed a Timestamp object. As a result the method
    always raises an exception and deletes are never
    replicated.
    
    This patch fixes bug and adds unit and probe tests
    to verify expected behavior.
    
    Closes-Bug: 1421425
    
    Change-Id: I664fb8d5dfea7362313037a67927ea90021c3f62

commit a9b5982d525d6b1ed369e780835b5b26a250ad95
Author: Samuel Merritt <sam@swiftstack.com>
Date:   Thu Feb 12 09:59:48 2015 -0800

Fix account-reaper
    
    As part of commit efb39a5, the account reaper grew a bind_port
    attribute, but it wasn't being converted to int, so naturally "6002"
    != 6002, and it wouldn't reap anything.
    
    The bind_port was only used for determining the local devices. Rather
    than fix the code to call int(), this commit removes the need for
    bind_port entirely by skipping the port check. If your rings have IPs,
    this is the same behavior as pre-efb39a5, and if your rings have
    hostnames, this still works.
    
    Change-Id: I7bd18e9952f7b9e0d7ce2dce230ee54c5e23709a

commit 2c1b5af06218fa936c8c9fb0180f22db212bf18a
Author: Leah Klearman <lklrmn@gmail.com>
Date:   Thu Feb 12 11:30:21 2015 -0800

refactor probe tests
    
    * refactor probe tests to use probe.common.ProbeTest
    * move reset_environment functionality to ProbeTest.setUp()
    * choose rings and policies that meet the criteria - raise SkipTest if
    nothing matches
    * replace all AssertionErrors in setup with SkipTest
    
    Change-Id: Id56c497d58083f5fd55f5283cdd346840df039d3

commit f5b533fb2f217a987d9bd7898b6baed31e9a1a31
Author: Richard Hawkins <richard.hawkins@rackspace.com>
Date:   Wed Feb 11 12:44:08 2015 -0600

Update TempURL docs to include containers
    
    Change-Id: Ifb7c26b23ec81e3bde96b6e3bad0e950c0ca9408

commit f5ab30574ea92c1457a30dccaedc1f1883fab64e
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Wed Feb 11 17:49:41 2015 +0000

Fix logger test coupling
    
    Two tests fail if test/unit/common/test_daemon.py is excluded
    from the test set:
    
    test.unit.common.test_utils.TestUtils.test_swift_log_formatter
    test.unit.common.test_utils.TestStatsdLoggingDelegation.test_thread_locals
    
    They fail because they assert that logger.txn_id is None,
    when previous tests cause txn_id to be set. This coupling is masked
    when test_daemon.py is included because it reloads the common/utils
    module, and is executed just before test.unit.common.test_utils.
    
    The coupling can be observed by running, for example:
    
    nosetests ./test/unit/common/middleware/test_except.py ./test/unit/common/test_utils.py
    or
    nosetests ./test/unit/proxy ./test/unit/common/test_utils.py
    
    The failing tests should reset logger thread_locals before making
    assertions. test_utils.reset_loggers() attempts this but is broken
    because it sets thread_local on the wrong object.
    
    Changes in this patch:
     - fix reset_loggers() to reset the LogAdapter thread local state
     - add a reset_logger_state decorator to call reset_loggers
       before and after a decorated method
     - use the decorator for increased isolation of tests that previously
       called reset_loggers only on exit
    
    Change-Id: If9aa781a2dd1929a47ef69322ec8c53263d47660

commit ca90be414e0e50fd83c09550c5e999bc93c5c35c
Author: Clay Gerrard <clay.gerrard@gmail.com>
Date:   Wed Feb 11 16:36:51 2015 -0800

Add developer tools section to associated projects
    
    vagrant-swift-all-in-one is being used and maintained by a number of swift
    developers, it has an open source license.
    
    The ansible playbook project serves a similar goal but it's based on a Fedora
    distribution and includes Swift-on-File support.
    
    Drive-by fix for the Swift-on-File link which has migrated to stackforge.
    
    Change-Id: Id7478d58adcead57cf56ac4e1d05c6556c8c9b7b

commit f5d509471b36dfe1a008523a3a8e1ec4e5518f02
Author: Daisuke Morita <morita.daisuke@lab.ntt.co.jp>
Date:   Thu Feb 12 05:12:56 2015 +0900

Logging a policy index when container PUT request conflicts
    
    This is a continuing work of patch afdbf73. This patch enables
    proxy-server to log a policy index when container PUT request
    conflicts with existing container's policy index.
    
    Change-Id: I6d40044c510632a0f61b817a9af2f6c13a721d39
    Implements: blueprint logging-policy-number

commit 69797efcbba2076eae944754e0a8585122374544
Author: David Goetz <dpgoetz@gmail.com>
Date:   Wed Feb 11 11:37:31 2015 -0800

small bug with account to account copy
    
    Change-Id: I7fdf432666f7640082e9839b9dc3d7af94a0715f

commit 843ce7e301ce06c6dc14e576a46b942bcb640c04
Author: Donagh McCabe <donagh.mccabe@hp.com>
Date:   Wed Feb 11 10:24:23 2015 +0000

API document update for container-level tempurl/formpost
    
    Tempurl and Formpost now support secret keys at the container
    level [1]. Adds these headers:
    
        X-Container-Meta-Temp-Url-Key
        X-Container-Meta-Temp-Url-Key-2
    
    DocImpact -- because headers need to be added to [2]
    
    [1] https://review.openstack.org/#/c/154293
    [2] http://developer.openstack.org/api-ref-objectstorage-v1.html
    
    Change-Id: I157cd4a540dcc4a9b45bc3d806df152ab56e2354

commit 489dd5ff5db0590f5232e5c309bf50ba9481f804
Author: Richard Hawkins <richard.hawkins@rackspace.com>
Date:   Mon Feb 9 17:51:01 2015 -0600

Add support for container TempURL Keys
    
    Change-Id: Ic22b0b84b657e6cac7e0062fa410eefb09bc0f4d
    Co-Authored-By: Christian Schwede <christian.schwede@enovance.com>

commit 20ca279d747523f5cb942567515f85d03779eb8a
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Thu May 29 00:54:07 2014 -0700

Efficient Replication for Distributed Regions
    
    This change provides a efficient way of replication
    between regions of a global distributed cluster.
    
    This approach makes object-replicator to push replicas
    to a primary node in a remote region, then, to skip
    pushing them to next primary node in the region with
    expecting asynchronous replication.
    
    This implementation includes a couple of changes on
    ssync_sender to allow object-replicator to delete local
    handoff objects correctly. One is to return a list of existing
    objects in remote region. The list includes local paths of the
    objects which exist both on the local device and the remote device.
    The other is supporting existence check for specified objects.
    It requires the object list build by the first change. When
    the object list is given, ssync_sender does only missing_check
    based on the list. These changes are needed because current
    swift can not handle the existence check in object-level.
    
    Note that this feature will work partially (i.e. only when
    primary-to-primary) with rsync.
    
    Implements: blueprint efficient-replication
    Change-Id: I5d990444d7977f4127bb37f9256212c893438df1

commit a82bfb25ba180dbde700d2f9108acf1c85f5d61f
Author: Alistair Coles <alistair.coles@hp.com>
Date:   Thu Jan 29 14:26:01 2015 +0000

Make container GET call authorize when account not found
    
    When an account was not found, ContainerController would
    return 404 unconditionally for a container GET or HEAD request,
    without checking that the request was authorized.
    
    This patch modifies the GETorHEAD method to first call any
    callback method registered under 'swift.authorize' in the
    request environ and prefer any response from that over the 404.
    
    Closes-Bug: 1415957
    
    Change-Id: I4f41fd9e445238e14af74b6208885d83698cc08d

commit 8607833fddba074823de58f4f4bd2707bf90fc9c
Author: Daisuke Morita <morita.daisuke@lab.ntt.co.jp>
Date:   Fri Dec 12 10:37:33 2014 +0900

Output account-reaper's logs for PolicyError
    
    By some operational mistakes, policy settings can be inconsistent among
    servers of swift cluster. Before this patch, if a policy setting of the
    server where account-reaper daemon is running is different from other
    servers, reap_object process failed without outputing error logs and
    count up remaining objects.
    
    Change-Id: Ic84fef7b49c77f0197f0bec4d41401686114d50e
    Related-Bug: 1375384

commit afdbf73f1285319003fecb0415a691dd9c9e9c98
Author: Daisuke Morita <morita.daisuke@lab.ntt.co.jp>
Date:   Thu Nov 27 18:42:49 2014 +0900

Output logs of policy index
    
    To make it easier for Swift operators to specify problematic devices,
    a policy index will be recorded in log files of proxy and storage servers
    for each user request which is related to storage policy.
    
    This patch simply adds 'storage_policy_index' field in a log format.
    If there is no specified policy index, '-' is output in this field.
    
    Extra fix: Doc about the log line of storage nodes now properly reflects
               'server_pid' field.
    
    DocImpact
    
    Change-Id: I7286ae85bcbcec73b5377dc115cbdb0f57d1b025
    Implements: blueprint logging-policy-number

commit f8fa1a9234cd0c1d7466dd51d8528e2abd859c2b
Author: Daisuke Morita <morita.daisuke@lab.ntt.co.jp>
Date:   Fri Nov 28 20:19:02 2014 +0900

Show each policy's information on quarantined files in recon
    
    After the release of Swift ver. 2.0.0, some recon responses do not
    show each policy's information yet. To make things worse, some recon
    results only count on policy-0's score, therefore the total is not
    shown in the recon results.
    
    This patch makes the count of quarantined files policy-aware for recon
    requests. Suppose a number of quarantined objects for policy-0 is 2
    and a number for policy-1 is 3, recon sums up every policy's amount
    and shows information for each policy as follows.
    
    $ curl http://<host>:<port>/recon/quarantined
    {"accounts": 0, "containers": 0, "objects": 5, "policies": {"0":
    {"objects": 2}, "1": {"objects": 3}}}
    
    Moreover, this patch adds stats for each policy in CLI output.
    
    Change-Id: I07217c635f6fc4ea809ddbc3d859c4e81c4fde37
    Related-Bug: 1375327
    Related-Bug: 1375332

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-23: Fix proposed to swift (feature/crypto)

#16

Fix proposed to branch: feature/crypto
Review: https://review.openstack.org/158370

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-23: Fix merged to swift (feature/crypto)

#17

Download full text (17.0 KiB)

Reviewed: https://review.openstack.org/158370
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=24d3f51386965197c36d506228e34ca1c4100165
Submitter: Jenkins
Branch: feature/crypto

commit db29ffc98384a9f61c2d4cc48bb2faf9f5dd0478
Author: Samuel Merritt <email address hidden>
Date: Fri Feb 20 11:04:24 2015 -0800

Make proxy_logging close the WSGI iterator

    PEP 333 says that the WSGI framework will call .close() on the
    iterator returned by a WSGI application once it's done, provided such
    a method exists. So, if our code wraps an iterator, then we have to
    call .close() on it once we're done with it. proxy_logging wasn't.

    Since WSGIContext gets it right, I looked at making proxy_logging use
    WSGIContext. However, WSGIContext is all about forcing the first chunk
    out of the iterator so that it can capture the final HTTP status and
    headers; it doesn't help if you want to look at every chunk.
    proxy_logging wants every chunk so it can count the bytes sent.

    This didn't hurt anything in Swift, but pconstantine was complaining
    in IRC that our failure to call .close() was goofing up some other
    middleware he had.

Change-Id: Ic6ea0795ccef6cda2b5c6737697ef7d58eac9ab4

commit 4ca08cc395e686265574366497a6869e94eebcb2
Author: Alistair Coles <email address hidden>
Date: Tue Feb 17 10:27:44 2015 +0000

Update guest VM OS recommendation in SAIO doc

The target development platform has changed to Ubuntu 14.04 [1].
This patch makes the suggested SAIO platform the same.

    Also, remove pointer to wiki page for other platform install
    instructions that either redirects back to this SAIO doc or
    to another wike page and then a dead link.

[1] I0a96bcf692bb240f3ab5aab7fefd294a07735a83

DocImpact

Change-Id: I9f96104b5437c1f1f28f924c048ef83cf03338f4

commit 7bc09dfdea0893a49e50005b22b426ae21c11d22
Author: Arnaud JOST <email address hidden>
Date: Wed Feb 18 11:56:11 2015 +0100

Add support of x-remove- headers for container-sync

    If the used tool to send header doesn't support empty headers (older versions
    of curl), x-remove can be used to remove metadata.
    sync-key and sync-to metadata, used by container-sync, can now be removed using
    x-remove headers.

Change-Id: I0edb4d5425a99d20a973aa4fceaf9af6c2ddecc0

commit 949804eda4a85c3c960b0baa090e16f1aa48e95e
Author: John Dickinson <email address hidden>
Date: Mon Feb 16 14:00:24 2015 -0800

update the getting started doc

Change-Id: I0a96bcf692bb240f3ab5aab7fefd294a07735a83

commit dd1a05f52765a6273906b5d6ce55f81e269bad12
Author: OpenStack Proposal Bot <email address hidden>
Date: Mon Feb 16 06:30:54 2015 +0000

Imported Translations from Transifex

For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure

Change-Id: I013976c6192a8bff891c9050f829ae7a1e2fec59

commit 7acc2911296f48f10165282eee6bfe8e5c817a69
Author: John Dickinson <email address hidden>
Date: Sun Feb 15 17:14:31 2015 -0800

added swift_source to ratelimit info calls

Change-Id: I2...

Reviewed:  https://review.openstack.org/158370
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=24d3f51386965197c36d506228e34ca1c4100165
Submitter: Jenkins
Branch:    feature/crypto