swift 2.31.1__py2.py3-none-any.whl → 2.32.1__py2.py3-none-any.whl

swift/common/memcached.py

@@ -48,7 +48,9 @@ import os
 import six
 import json
 import logging
-import time
+# the name of 'time' module is changed to 'tm', to avoid changing the
+# signatures of member functions in this file.
+import time as tm
 from bisect import bisect
 
 from eventlet.green import socket, ssl
@@ -99,7 +101,7 @@ def sanitize_timeout(timeout):
     additional second), client beware.
     """
     if timeout > (30 * 24 * 60 * 60):
-        timeout += time.time()
+        timeout += tm.time()
     return int(timeout)
 
 
@@ -121,6 +123,10 @@ class MemcacheConnectionError(Exception):
     pass
 
 
+class MemcacheIncrNotFoundError(MemcacheConnectionError):
+    pass
+
+
 class MemcachePoolTimeout(Timeout):
     pass
 
@@ -174,6 +180,29 @@ class MemcacheConnPool(Pool):
             raise
 
 
+class MemcacheCommand(object):
+    """
+    Helper class that encapsulates common parameters of a command.
+
+    :param method: the name of the MemcacheRing method that was called.
+    :param key: the memcached key.
+    """
+    __slots__ = ('method', 'key', 'command', 'hash_key')
+
+    def __init__(self, method, key):
+        self.method = method
+        self.key = key
+        self.command = method.encode()
+        self.hash_key = md5hash(key)
+
+    @property
+    def key_prefix(self):
+        # get the prefix of a user provided memcache key by removing the
+        # content after the last '/', all current usages within swift are using
+        # prefix, such as "shard-updating-v2", "nvratelimit" and etc.
+        return self.key.rsplit('/', 1)[0]
+
+
 class MemcacheRing(object):
     """
     Simple, consistent-hashed memcache client.
@@ -216,18 +245,56 @@ class MemcacheRing(object):
     def memcache_servers(self):
         return list(self._client_cache.keys())
 
-    def _exception_occurred(self, server, e, action='talking',
-                            sock=None, fp=None, got_connection=True):
+    """
+    Handles exceptions.
+
+    :param server: a server.
+    :param e: an exception.
+    :param cmd: an instance of MemcacheCommand.
+    :param conn_start_time: the time at which the failed operation started.
+    :param action: a verb describing the operation.
+    :param sock: an optional socket that needs to be closed by this method.
+    :param fp: an optional file pointer that needs to be closed by this method.
+    :param got_connection: if ``True``, the server's connection will be reset
+        in the cached connection pool.
+    """
+    def _exception_occurred(self, server, e, cmd, conn_start_time,
+                            action='talking', sock=None,
+                            fp=None, got_connection=True):
         if isinstance(e, Timeout):
-            self.logger.error("Timeout %(action)s to memcached: %(server)s",
-                              {'action': action, 'server': server})
+            self.logger.error(
+                "Timeout %(action)s to memcached: %(server)s"
+                ": with key_prefix %(key_prefix)s, method %(method)s, "
+                "config_timeout %(config_timeout)s, time_spent %(time_spent)s",
+                {'action': action, 'server': server,
+                 'key_prefix': cmd.key_prefix, 'method': cmd.method,
+                 'config_timeout': e.seconds,
+                 'time_spent': tm.time() - conn_start_time})
+            self.logger.timing_since(
+                'memcached.' + cmd.method + '.timeout.timing',
+                conn_start_time)
         elif isinstance(e, (socket.error, MemcacheConnectionError)):
             self.logger.error(
-                "Error %(action)s to memcached: %(server)s: %(err)s",
-                {'action': action, 'server': server, 'err': e})
+                "Error %(action)s to memcached: %(server)s: "
+                "with key_prefix %(key_prefix)s, method %(method)s, "
+                "time_spent %(time_spent)s, %(err)s",
+                {'action': action, 'server': server,
+                 'key_prefix': cmd.key_prefix, 'method': cmd.method,
+                 'time_spent': tm.time() - conn_start_time, 'err': e})
+            self.logger.timing_since(
+                'memcached.' + cmd.method + '.conn_err.timing',
+                conn_start_time)
         else:
-            self.logger.exception("Error %(action)s to memcached: %(server)s",
-                                  {'action': action, 'server': server})
+            self.logger.exception(
+                "Error %(action)s to memcached: %(server)s"
+                ": with key_prefix %(key_prefix)s, method %(method)s, "
+                "time_spent %(time_spent)s",
+                {'action': action, 'server': server,
+                 'key_prefix': cmd.key_prefix, 'method': cmd.method,
+                 'time_spent': tm.time() - conn_start_time})
+            self.logger.timing_since(
+                'memcached.' + cmd.method + '.errors.timing', conn_start_time)
+
         try:
             if fp:
                 fp.close()
@@ -245,10 +312,16 @@ class MemcacheRing(object):
             # A new connection will be created the next time it is retrieved
             self._return_conn(server, None, None)
 
+        if isinstance(e, MemcacheIncrNotFoundError):
+            # these errors can be caused by other greenthreads not yielding to
+            # the incr greenthread often enough, rather than a server problem,
+            # so don't error limit the server
+            return
+
         if self._error_limit_time <= 0 or self._error_limit_duration <= 0:
             return
 
-        now = time.time()
+        now = tm.time()
         self._errors[server].append(now)
         if len(self._errors[server]) > self._error_limit_count:
             self._errors[server] = [err for err in self._errors[server]
@@ -257,14 +330,15 @@ class MemcacheRing(object):
                 self._error_limited[server] = now + self._error_limit_duration
                 self.logger.error('Error limiting server %s', server)
 
-    def _get_conns(self, key):
+    def _get_conns(self, cmd):
         """
         Retrieves a server conn from the pool, or connects a new one.
         Chooses the server based on a consistent hash of "key".
 
+        :param cmd: an instance of MemcacheCommand.
         :return: generator to serve memcached connection
         """
-        pos = bisect(self._sorted, key)
+        pos = bisect(self._sorted, cmd.hash_key)
         served = []
         any_yielded = False
         while len(served) < self._tries:
@@ -273,7 +347,8 @@ class MemcacheRing(object):
             if server in served:
                 continue
             served.append(server)
-            if self._error_limited[server] > time.time():
+            pool_start_time = tm.time()
+            if self._error_limited[server] > pool_start_time:
                 continue
             sock = None
             try:
@@ -282,15 +357,15 @@ class MemcacheRing(object):
                 any_yielded = True
                 yield server, fp, sock
             except MemcachePoolTimeout as e:
-                self._exception_occurred(
-                    server, e, action='getting a connection',
-                    got_connection=False)
+                self._exception_occurred(server, e, cmd, pool_start_time,
+                                         action='getting a connection',
+                                         got_connection=False)
             except (Exception, Timeout) as e:
                 # Typically a Timeout exception caught here is the one raised
                 # by the create() method of this server's MemcacheConnPool
                 # object.
-                self._exception_occurred(
-                    server, e, action='connecting', sock=sock)
+                self._exception_occurred(server, e, cmd, pool_start_time,
+                                         action='connecting', sock=sock)
         if not any_yielded:
             self.logger.error('All memcached servers error-limited')
 
@@ -318,7 +393,7 @@ class MemcacheRing(object):
         :param raise_on_error: if True, propagate Timeouts and other errors.
                                By default, errors are ignored.
         """
-        key = md5hash(key)
+        cmd = MemcacheCommand('set', key)
         timeout = sanitize_timeout(time)
         flags = 0
         if serialize:
@@ -329,10 +404,11 @@ class MemcacheRing(object):
         elif not isinstance(value, bytes):
             value = str(value).encode('utf-8')
 
-        for (server, fp, sock) in self._get_conns(key):
+        for (server, fp, sock) in self._get_conns(cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
-                    sock.sendall(set_msg(key, flags, timeout, value))
+                    sock.sendall(set_msg(cmd.hash_key, flags, timeout, value))
                     # Wait for the set to complete
                     msg = fp.readline().strip()
                     if msg != b'STORED':
@@ -352,7 +428,8 @@ class MemcacheRing(object):
                     self._return_conn(server, fp, sock)
                     return
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
         if raise_on_error:
             raise MemcacheConnectionError(
                 "No memcached connections succeeded.")
@@ -368,19 +445,21 @@ class MemcacheRing(object):
                                By default, errors are treated as cache misses.
         :returns: value of the key in memcache
         """
-        key = md5hash(key)
+        cmd = MemcacheCommand('get', key)
         value = None
-        for (server, fp, sock) in self._get_conns(key):
+        for (server, fp, sock) in self._get_conns(cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
-                    sock.sendall(b'get ' + key + b'\r\n')
+                    sock.sendall(b'get ' + cmd.hash_key + b'\r\n')
                     line = fp.readline().strip().split()
                     while True:
                         if not line:
                             raise MemcacheConnectionError('incomplete read')
                         if line[0].upper() == b'END':
                             break
-                        if line[0].upper() == b'VALUE' and line[1] == key:
+                        if (line[0].upper() == b'VALUE' and
+                                line[1] == cmd.hash_key):
                             size = int(line[3])
                             value = fp.read(size)
                             if int(line[2]) & PICKLE_FLAG:
@@ -392,11 +471,29 @@ class MemcacheRing(object):
                     self._return_conn(server, fp, sock)
                     return value
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
         if raise_on_error:
             raise MemcacheConnectionError(
                 "No memcached connections succeeded.")
 
+    def _incr_or_decr(self, fp, sock, cmd, delta):
+        sock.sendall(b' '.join([cmd.command, cmd.hash_key, delta]) + b'\r\n')
+        line = fp.readline().strip().split()
+        if not line:
+            raise MemcacheConnectionError('incomplete read')
+        if line[0].upper() == b'NOT_FOUND':
+            return None
+        return int(line[0].strip())
+
+    def _add(self, fp, sock, cmd, add_val, timeout):
+        sock.sendall(b' '.join([
+            b'add', cmd.hash_key, b'0', str(timeout).encode('ascii'),
+            str(len(add_val)).encode('ascii')
+        ]) + b'\r\n' + add_val + b'\r\n')
+        line = fp.readline().strip().split()
+        return None if line[0].upper() == b'NOT_STORED' else int(add_val)
+
     @memcached_timing_stats(sample_rate=TIMING_SAMPLE_RATE_LOW)
     def incr(self, key, delta=1, time=0):
         """
@@ -415,43 +512,33 @@ class MemcacheRing(object):
         :returns: result of incrementing
         :raises MemcacheConnectionError:
         """
-        key = md5hash(key)
-        command = b'incr'
-        if delta < 0:
-            command = b'decr'
-        delta = str(abs(int(delta))).encode('ascii')
+        cmd = MemcacheCommand('incr' if delta >= 0 else 'decr', key)
+        delta_val = str(abs(int(delta))).encode('ascii')
         timeout = sanitize_timeout(time)
-        for (server, fp, sock) in self._get_conns(key):
+        for (server, fp, sock) in self._get_conns(cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
-                    sock.sendall(b' '.join([
-                        command, key, delta]) + b'\r\n')
-                    line = fp.readline().strip().split()
-                    if not line:
-                        raise MemcacheConnectionError('incomplete read')
-                    if line[0].upper() == b'NOT_FOUND':
-                        add_val = delta
-                        if command == b'decr':
-                            add_val = b'0'
-                        sock.sendall(b' '.join([
-                            b'add', key, b'0', str(timeout).encode('ascii'),
-                            str(len(add_val)).encode('ascii')
-                        ]) + b'\r\n' + add_val + b'\r\n')
-                        line = fp.readline().strip().split()
-                        if line[0].upper() == b'NOT_STORED':
-                            sock.sendall(b' '.join([
-                                command, key, delta]) + b'\r\n')
-                            line = fp.readline().strip().split()
-                            ret = int(line[0].strip())
-                        else:
-                            ret = int(add_val)
-                    else:
-                        ret = int(line[0].strip())
+                    new_val = self._incr_or_decr(fp, sock, cmd, delta_val)
+                    if new_val is None:
+                        add_val = b'0' if cmd.method == 'decr' else delta_val
+                        new_val = self._add(fp, sock, cmd, add_val, timeout)
+                        if new_val is None:
+                            new_val = self._incr_or_decr(
+                                fp, sock, cmd, delta_val)
+                            if new_val is None:
+                                # This can happen if this thread takes more
+                                # than the TTL to get from the first failed
+                                # incr to the second incr, during which time
+                                # the key was concurrently added and expired.
+                                raise MemcacheIncrNotFoundError(
+                                    'expired ttl=%s' % time)
                     self._return_conn(server, fp, sock)
-                    return ret
+                    return new_val
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
-        raise MemcacheConnectionError("No Memcached connections succeeded.")
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
+        raise MemcacheConnectionError("No memcached connections succeeded.")
 
     @memcached_timing_stats(sample_rate=TIMING_SAMPLE_RATE_LOW)
     def decr(self, key, delta=1, time=0):
@@ -478,18 +565,21 @@ class MemcacheRing(object):
         :param server_key: key to use in determining which server in the ring
                             is used
         """
-        key = md5hash(key)
-        server_key = md5hash(server_key) if server_key else key
-        for (server, fp, sock) in self._get_conns(server_key):
+        cmd = server_cmd = MemcacheCommand('delete', key)
+        if server_key:
+            server_cmd = MemcacheCommand('delete', server_key)
+        for (server, fp, sock) in self._get_conns(server_cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
-                    sock.sendall(b'delete ' + key + b'\r\n')
+                    sock.sendall(b'delete ' + cmd.hash_key + b'\r\n')
                     # Wait for the delete to complete
                     fp.readline()
                     self._return_conn(server, fp, sock)
                     return
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
 
     @memcached_timing_stats(sample_rate=TIMING_SAMPLE_RATE_HIGH)
     def set_multi(self, mapping, server_key, serialize=True, time=0,
@@ -508,7 +598,7 @@ class MemcacheRing(object):
                            python-memcached interface. This implementation
                            ignores it
         """
-        server_key = md5hash(server_key)
+        cmd = MemcacheCommand('set_multi', server_key)
         timeout = sanitize_timeout(time)
         msg = []
         for key, value in mapping.items():
@@ -520,7 +610,8 @@ class MemcacheRing(object):
                 value = json.dumps(value).encode('ascii')
                 flags |= JSON_FLAG
             msg.append(set_msg(key, flags, timeout, value))
-        for (server, fp, sock) in self._get_conns(server_key):
+        for (server, fp, sock) in self._get_conns(cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
                     sock.sendall(b''.join(msg))
@@ -530,7 +621,8 @@ class MemcacheRing(object):
                     self._return_conn(server, fp, sock)
                     return
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
 
     @memcached_timing_stats(sample_rate=TIMING_SAMPLE_RATE_HIGH)
     def get_multi(self, keys, server_key):
@@ -542,12 +634,13 @@ class MemcacheRing(object):
                            is used
         :returns: list of values
         """
-        server_key = md5hash(server_key)
-        keys = [md5hash(key) for key in keys]
-        for (server, fp, sock) in self._get_conns(server_key):
+        cmd = MemcacheCommand('get_multi', server_key)
+        hash_keys = [md5hash(key) for key in keys]
+        for (server, fp, sock) in self._get_conns(cmd):
+            conn_start_time = tm.time()
             try:
                 with Timeout(self._io_timeout):
-                    sock.sendall(b'get ' + b' '.join(keys) + b'\r\n')
+                    sock.sendall(b'get ' + b' '.join(hash_keys) + b'\r\n')
                     line = fp.readline().strip().split()
                     responses = {}
                     while True:
@@ -566,7 +659,7 @@ class MemcacheRing(object):
                             fp.readline()
                         line = fp.readline().strip().split()
                     values = []
-                    for key in keys:
+                    for key in hash_keys:
                         if key in responses:
                             values.append(responses[key])
                         else:
@@ -574,7 +667,8 @@ class MemcacheRing(object):
                     self._return_conn(server, fp, sock)
                     return values
             except (Exception, Timeout) as e:
-                self._exception_occurred(server, e, sock=sock, fp=fp)
+                self._exception_occurred(server, e, cmd, conn_start_time,
+                                         sock=sock, fp=fp)
 
 
 def load_memcache(conf, logger):

swift/common/middleware/__init__.py

@@ -17,6 +17,10 @@ import re
 from swift.common.wsgi import WSGIContext
 
 
+def app_property(name):
+    return property(lambda self: getattr(self.app, name))
+
+
 class RewriteContext(WSGIContext):
     base_re = None
 

swift/common/middleware/account_quotas.py

@@ -19,9 +19,19 @@ given account quota (in bytes) is exceeded while DELETE requests are still
 allowed.
 
 ``account_quotas`` uses the ``x-account-meta-quota-bytes`` metadata entry to
-store the quota. Write requests to this metadata entry are only permitted for
-resellers. There is no quota limit if ``x-account-meta-quota-bytes`` is not
-set.
+store the overall account quota. Write requests to this metadata entry are
+only permitted for resellers. There is no overall account quota limit if
+``x-account-meta-quota-bytes`` is not set.
+
+Additionally, account quotas may be set for each storage policy, using metadata
+of the form ``x-account-quota-bytes-policy-<policy name>``. Again, only
+resellers may update these metadata, and there will be no limit for a
+particular policy if the corresponding metadata is not set.
+
+.. note::
+   Per-policy quotas need not sum to the overall account quota, and the sum of
+   all :ref:`container_quotas` for a given policy need not sum to the account's
+   policy quota.
 
 The ``account_quotas`` middleware should be added to the pipeline in your
 ``/etc/swift/proxy-server.conf`` file just after any auth middleware.
@@ -55,7 +65,8 @@ account size has been updated.
 from swift.common.swob import HTTPForbidden, HTTPBadRequest, \
     HTTPRequestEntityTooLarge, wsgify
 from swift.common.registry import register_swift_info
-from swift.proxy.controllers.base import get_account_info
+from swift.common.storage_policy import POLICIES
+from swift.proxy.controllers.base import get_account_info, get_container_info
 
 
 class AccountQuotaMiddleware(object):
@@ -68,29 +79,49 @@ class AccountQuotaMiddleware(object):
         self.app = app
 
     def handle_account(self, request):
-        # account request, so we pay attention to the quotas
-        new_quota = request.headers.get(
-            'X-Account-Meta-Quota-Bytes')
-        if request.headers.get(
-                'X-Remove-Account-Meta-Quota-Bytes'):
-            new_quota = 0    # X-Remove dominates if both are present
-
-        if request.environ.get('reseller_request') is True:
-            if new_quota and not new_quota.isdigit():
-                return HTTPBadRequest()
-            return self.app
-
-        # deny quota set for non-reseller
-        if new_quota is not None:
-            return HTTPForbidden()
-        return self.app
+        if request.method in ("POST", "PUT"):
+            # account request, so we pay attention to the quotas
+            new_quotas = {}
+            new_quotas[None] = request.headers.get(
+                'X-Account-Meta-Quota-Bytes')
+            if request.headers.get(
+                    'X-Remove-Account-Meta-Quota-Bytes'):
+                new_quotas[None] = 0  # X-Remove dominates if both are present
+
+            for policy in POLICIES:
+                tail = 'Account-Quota-Bytes-Policy-%s' % policy.name
+                if request.headers.get('X-Remove-' + tail):
+                    new_quotas[policy.idx] = 0
+                else:
+                    quota = request.headers.pop('X-' + tail, None)
+                    new_quotas[policy.idx] = quota
+
+            if request.environ.get('reseller_request') is True:
+                if any(quota and not quota.isdigit()
+                       for quota in new_quotas.values()):
+                    return HTTPBadRequest()
+                for idx, quota in new_quotas.items():
+                    if idx is None:
+                        continue  # For legacy reasons, it's in user meta
+                    hdr = 'X-Account-Sysmeta-Quota-Bytes-Policy-%d' % idx
+                    request.headers[hdr] = quota
+            elif any(quota is not None for quota in new_quotas.values()):
+                # deny quota set for non-reseller
+                return HTTPForbidden()
+
+        resp = request.get_response(self.app)
+        # Non-resellers can't update quotas, but they *can* see them
+        for policy in POLICIES:
+            infix = 'Quota-Bytes-Policy'
+            value = resp.headers.get('X-Account-Sysmeta-%s-%d' % (
+                infix, policy.idx))
+            if value:
+                resp.headers['X-Account-%s-%s' % (infix, policy.name)] = value
+        return resp
 
     @wsgify
     def __call__(self, request):
 
-        if request.method not in ("POST", "PUT"):
-            return self.app
-
         try:
             ver, account, container, obj = request.split_path(
                 2, 4, rest_with_last=True)
@@ -102,7 +133,7 @@ class AccountQuotaMiddleware(object):
         # container or object request; even if the quota headers are set
         # in the request, they're meaningless
 
-        if request.method == "POST" or not obj:
+        if not (request.method == "PUT" and obj):
             return self.app
         # OK, object PUT
 
@@ -110,6 +141,7 @@ class AccountQuotaMiddleware(object):
             # but resellers aren't constrained by quotas :-)
             return self.app
 
+        # Object PUT request
         content_length = (request.content_length or 0)
 
         account_info = get_account_info(request.environ, self.app,
@@ -119,24 +151,50 @@ class AccountQuotaMiddleware(object):
         try:
             quota = int(account_info['meta'].get('quota-bytes', -1))
         except ValueError:
-            return self.app
-        if quota < 0:
-            return self.app
-
-        new_size = int(account_info['bytes']) + content_length
-        if quota < new_size:
-            resp = HTTPRequestEntityTooLarge(body='Upload exceeds quota.')
-            if 'swift.authorize' in request.environ:
-                orig_authorize = request.environ['swift.authorize']
+            quota = -1
+        if quota >= 0:
+            new_size = int(account_info['bytes']) + content_length
+            if quota < new_size:
+                resp = HTTPRequestEntityTooLarge(body='Upload exceeds quota.')
+                if 'swift.authorize' in request.environ:
+                    orig_authorize = request.environ['swift.authorize']
+
+                    def reject_authorize(*args, **kwargs):
+                        aresp = orig_authorize(*args, **kwargs)
+                        if aresp:
+                            return aresp
+                        return resp
+                    request.environ['swift.authorize'] = reject_authorize
+                else:
+                    return resp
 
-                def reject_authorize(*args, **kwargs):
-                    aresp = orig_authorize(*args, **kwargs)
-                    if aresp:
-                        return aresp
+        container_info = get_container_info(request.environ, self.app,
+                                            swift_source='AQ')
+        if not container_info:
+            return self.app
+        policy_idx = container_info['storage_policy']
+        sysmeta_key = 'quota-bytes-policy-%s' % policy_idx
+        try:
+            policy_quota = int(account_info['sysmeta'].get(sysmeta_key, -1))
+        except ValueError:
+            policy_quota = -1
+        if policy_quota >= 0:
+            policy_stats = account_info['storage_policies'].get(policy_idx, {})
+            new_size = int(policy_stats.get('bytes', 0)) + content_length
+            if policy_quota < new_size:
+                resp = HTTPRequestEntityTooLarge(
+                    body='Upload exceeds policy quota.')
+                if 'swift.authorize' in request.environ:
+                    orig_authorize = request.environ['swift.authorize']
+
+                    def reject_authorize(*args, **kwargs):
+                        aresp = orig_authorize(*args, **kwargs)
+                        if aresp:
+                            return aresp
+                        return resp
+                    request.environ['swift.authorize'] = reject_authorize
+                else:
                     return resp
-                request.environ['swift.authorize'] = reject_authorize
-            else:
-                return resp
 
         return self.app
 

swift/common/middleware/backend_ratelimit.py

@@ -17,7 +17,8 @@ import time
 from collections import defaultdict
 
 from swift.common.request_helpers import split_and_validate_path
-from swift.common.swob import Request, HTTPTooManyBackendRequests
+from swift.common.swob import Request, HTTPTooManyBackendRequests, \
+    HTTPException
 from swift.common.utils import get_logger, non_negative_float, \
     EventletRateLimiter
 
@@ -66,13 +67,14 @@ class BackendRateLimitMiddleware(object):
             try:
                 device, partition, _ = split_and_validate_path(req, 1, 3, True)
                 int(partition)  # check it's a valid partition
+            except (ValueError, HTTPException):
+                # request may not have device/partition e.g. a healthcheck req
+                pass
+            else:
                 rate_limiter = self.rate_limiters[device]
                 if not rate_limiter.is_allowed():
                     self.logger.increment('backend.ratelimit')
                     handler = HTTPTooManyBackendRequests()
-            except Exception:  # noqa
-                # request may not have device/partition e.g. a healthcheck req
-                pass
         return handler(env, start_response)