2014cdb906
Preventing access to expired objects
------------------------------------
Re-enabled accepting X-Delete-At and X-Delete-After headers. During a GET on
an expired object, DiskFileExpired is raised by DiskFile class. This will
result in object-server returning HTTPNotFound (404) to the client.
Tracking objects to be deleted
------------------------------
Objects to be deleted are tracked using "tracker objects". These are PUT into
a special account(a volume, for now). These zero size "tracker objects" have
names that contain:
* Expiration timestamp
* Path of the actual object to be deleted
Deleting actual objects from GlusterFS volume
---------------------------------------------
The object-expirer daemon runs a pass once every X seconds. For every pass it
makes, it queries the special account for "tracker objects". Based on
(timestamp, path) present in name of "tracker objects", object-expirer then
deletes the actual object and the corresponding tracker object.
To run object-expirer forever:
swift-init object-expirer start
To run just once:
swift-object-expirer -o -v /etc/swift/object-expirer.conf
Caveat/Limitation: Object-expirer needs a separate account(volume) that
is not used by other services like gswauth. By default, this volume is
named "gsexpiring" and is configurable.
More info about object expiration:
http://docs.openstack.org/developer/swift/overview_expiring_objects.html
Change-Id: I876995bf4f16ef4bfdff901561e0558ecf1dc38f
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6891
Tested-by: Chetan Risbud <crisbud@redhat.com>
Reviewed-by: pushpesh sharma <psharma@redhat.com>
Tested-by: pushpesh sharma <psharma@redhat.com>
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
156 lines
6.6 KiB
Python
156 lines
6.6 KiB
Python
# Copyright (c) 2013 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import unittest
|
|
import swift.common.constraints
|
|
from nose import SkipTest
|
|
from mock import Mock, patch
|
|
from gluster.swift.common import constraints as cnt
|
|
|
|
|
|
def mock_glusterfs_mount(*args, **kwargs):
|
|
return True
|
|
|
|
|
|
def mock_constraints_conf_int(*args, **kwargs):
|
|
return 1000
|
|
|
|
|
|
def mock_check_object_creation(*args, **kwargs):
|
|
return None
|
|
|
|
|
|
def mock_check_mount(*args, **kwargs):
|
|
return True
|
|
|
|
|
|
def mock_check_mount_err(*args, **kwargs):
|
|
return False
|
|
|
|
|
|
class TestConstraints(unittest.TestCase):
|
|
""" Tests for common.constraints """
|
|
|
|
def tearDown(self):
|
|
cnt.set_object_name_component_length()
|
|
|
|
def test_set_object_name_component_length(self):
|
|
len = cnt.get_object_name_component_length()
|
|
cnt.set_object_name_component_length(len+1)
|
|
self.assertEqual(len, cnt.get_object_name_component_length()-1)
|
|
|
|
if hasattr(swift.common.constraints, 'constraints_conf_int'):
|
|
len = swift.common.constraints.constraints_conf_int(
|
|
'max_object_name_component_length', 255)
|
|
cnt.set_object_name_component_length()
|
|
self.assertEqual(len, cnt.get_object_name_component_length())
|
|
|
|
with patch('swift.common.constraints.constraints_conf_int',
|
|
mock_constraints_conf_int):
|
|
cnt.set_object_name_component_length()
|
|
self.assertEqual(cnt.get_object_name_component_length(), 1000)
|
|
|
|
def test_validate_obj_name_component(self):
|
|
max_obj_len = cnt.get_object_name_component_length()
|
|
self.assertFalse(cnt.validate_obj_name_component('tests'*(max_obj_len/5)))
|
|
cnt.set_object_name_component_length(300)
|
|
self.assertFalse(cnt.validate_obj_name_component('tests'*60))
|
|
|
|
def test_validate_obj_name_component_err(self):
|
|
max_obj_len = cnt.get_object_name_component_length()
|
|
self.assertTrue(cnt.validate_obj_name_component('tests'*(max_obj_len/5+1)))
|
|
self.assertTrue(cnt.validate_obj_name_component('.'))
|
|
self.assertTrue(cnt.validate_obj_name_component('..'))
|
|
self.assertTrue(cnt.validate_obj_name_component(''))
|
|
|
|
def test_validate_headers(self):
|
|
req = Mock()
|
|
req.headers = []
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-some-header']
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
#TODO: Although we now support x-delete-at and x-delete-after,
|
|
#retained this test case as we may add some other header to
|
|
#unsupported list in future
|
|
raise SkipTest
|
|
req.headers = ['x-delete-at', 'x-some-header']
|
|
self.assertNotEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-delete-after', 'x-some-header']
|
|
self.assertNotEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-delete-at', 'x-delete-after', 'x-some-header']
|
|
self.assertNotEqual(cnt.validate_headers(req), '')
|
|
|
|
def test_validate_headers_ignoring_config_set(self):
|
|
with patch('gluster.swift.common.constraints.'
|
|
'Glusterfs._ignore_unsupported_headers', True):
|
|
req = Mock()
|
|
req.headers = []
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-some-header']
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
#TODO: Although we now support x-delete-at and x-delete-after,
|
|
#retained this test case as we may add some other header to
|
|
#unsupported list in future
|
|
raise SkipTest
|
|
req.headers = ['x-delete-at', 'x-some-header']
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-delete-after', 'x-some-header']
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
req.headers = ['x-delete-at', 'x-delete-after', 'x-some-header']
|
|
self.assertEqual(cnt.validate_headers(req), '')
|
|
|
|
def test_gluster_check_metadata(self):
|
|
mock_check_metadata = Mock()
|
|
with patch('gluster.swift.common.constraints.__check_metadata',
|
|
mock_check_metadata):
|
|
req = Mock()
|
|
req.headers = []
|
|
cnt.gluster_check_metadata(req, 'object')
|
|
self.assertTrue(1, mock_check_metadata.call_count)
|
|
cnt.gluster_check_metadata(req, 'object', POST=False)
|
|
self.assertTrue(1, mock_check_metadata.call_count)
|
|
req.headers = ['x-some-header']
|
|
self.assertEqual(cnt.gluster_check_metadata(req, 'object', POST=False), None)
|
|
#TODO: Although we now support x-delete-at and x-delete-after,
|
|
#retained this test case as we may add some other header to
|
|
#unsupported list in future
|
|
raise SkipTest
|
|
req.headers = ['x-delete-at', 'x-some-header']
|
|
self.assertNotEqual(cnt.gluster_check_metadata(req, 'object', POST=False), None)
|
|
req.headers = ['x-delete-after', 'x-some-header']
|
|
self.assertNotEqual(cnt.gluster_check_metadata(req, 'object', POST=False), None)
|
|
req.headers = ['x-delete-at', 'x-delete-after', 'x-some-header']
|
|
self.assertNotEqual(cnt.gluster_check_metadata(req, 'object', POST=False), None)
|
|
|
|
def test_gluster_check_object_creation(self):
|
|
with patch('gluster.swift.common.constraints.__check_object_creation',
|
|
mock_check_object_creation):
|
|
req = Mock()
|
|
req.headers = []
|
|
self.assertFalse(cnt.gluster_check_object_creation(req, 'dir/z'))
|
|
|
|
def test_gluster_check_object_creation_err(self):
|
|
with patch('gluster.swift.common.constraints.__check_object_creation',
|
|
mock_check_object_creation):
|
|
req = Mock()
|
|
req.headers = []
|
|
self.assertTrue(cnt.gluster_check_object_creation(req, 'dir/.'))
|
|
#TODO: Although we now support x-delete-at and x-delete-after,
|
|
#retained this test case as we may add some other header to
|
|
#unsupported list in future
|
|
raise SkipTest
|
|
req.headers = ['x-delete-at']
|
|
self.assertTrue(cnt.gluster_check_object_creation(req, 'dir/z'))
|