where does bulk middleware go?
Bug #1485845 reported by
John Dickinson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Object Storage (swift) |
New
|
Low
|
Unassigned | ||
Bug Description
The sample proxy config says that the bulk middleware should go before ratelimit and auth. Why does it need to go before auth? If it's before auth, then each bulk subrequest may end up calling the auth system. I propose the following pipeline snippet is more correct:
pipeline = ... slo dlo bulk versioned_writes ratelimit proxy-logging proxy-server
If so, then the docs and samples should be updated
Revision history for this message
| Matthew Oliver (matt-0) wrote | #1 |
| Changed in swift: | |
| assignee: | nobody → Nithya Renganathan (narengan) |
| assignee: | Nithya Renganathan (narengan) → nobody |
| tags: | added: low-hanging-fruit |
To post a comment you must log in.
It is possible for the bulk middleware to create containers, so I could see a problem where a user could have write permissions to one container, and then somehow create others using bulk.. but in testing (using tempauth) I can't thanks to tempauth's swift.autherize method that gets run each time on the proxy for each request.
Will have to experiment with keystone to see if it's possible to do it there. But seeing as both use swift.authorize methods that will be run in the proxy app, it may not matter where it lives in the pipeline.