swift 2.32.0__py2.py3-none-any.whl → 2.34.0__py2.py3-none-any.whl

swift/common/memcached.py

@@ -59,6 +59,8 @@ from eventlet import Timeout
 from six.moves import range
 from six.moves.configparser import ConfigParser, NoSectionError, NoOptionError
 from swift.common import utils
+from swift.common.exceptions import MemcacheConnectionError, \
+    MemcacheIncrNotFoundError, MemcachePoolTimeout
 from swift.common.utils import md5, human_readable, config_true_value, \
     memcached_timing_stats
 
@@ -83,6 +85,9 @@ TIMING_SAMPLE_RATE_HIGH = 0.1
 TIMING_SAMPLE_RATE_MEDIUM = 0.01
 TIMING_SAMPLE_RATE_LOW = 0.001
 
+# The max value of a delta expiration time.
+EXPTIME_MAXDELTA = 30 * 24 * 60 * 60
+
 
 def md5hash(key):
     if not isinstance(key, bytes):
@@ -100,7 +105,7 @@ def sanitize_timeout(timeout):
     translates negative values to mean a delta of 30 days in seconds (and 1
     additional second), client beware.
     """
-    if timeout > (30 * 24 * 60 * 60):
+    if timeout > EXPTIME_MAXDELTA:
         timeout += tm.time()
     return int(timeout)
 
@@ -119,18 +124,6 @@ def set_msg(key, flags, timeout, value):
     ]) + (b'\r\n' + value + b'\r\n')
 
 
-class MemcacheConnectionError(Exception):
-    pass
-
-
-class MemcacheIncrNotFoundError(MemcacheConnectionError):
-    pass
-
-
-class MemcachePoolTimeout(Timeout):
-    pass
-
-
 class MemcacheConnPool(Pool):
     """
     Connection pool for Memcache Connections
@@ -245,6 +238,13 @@ class MemcacheRing(object):
     def memcache_servers(self):
         return list(self._client_cache.keys())
 
+    def _log_error(self, server, cmd, action, msg):
+        self.logger.error(
+            "Error %(action)s to memcached: %(server)s"
+            ": with key_prefix %(key_prefix)s, method %(method)s: %(msg)s",
+            {'action': action, 'server': server, 'key_prefix': cmd.key_prefix,
+             'method': cmd.method, 'msg': msg})
+
     """
     Handles exceptions.
 
@@ -367,7 +367,8 @@ class MemcacheRing(object):
                 self._exception_occurred(server, e, cmd, pool_start_time,
                                          action='connecting', sock=sock)
         if not any_yielded:
-            self.logger.error('All memcached servers error-limited')
+            self._log_error('ALL', cmd, 'connecting',
+                            'No more memcached servers to try')
 
     def _return_conn(self, server, fp, sock):
         """Returns a server connection to the pool."""
@@ -404,6 +405,14 @@ class MemcacheRing(object):
         elif not isinstance(value, bytes):
             value = str(value).encode('utf-8')
 
+        if 0 <= self.item_size_warning_threshold <= len(value):
+            self.logger.warning(
+                "Item size larger than warning threshold: "
+                "%d (%s) >= %d (%s)", len(value),
+                human_readable(len(value)),
+                self.item_size_warning_threshold,
+                human_readable(self.item_size_warning_threshold))
+
         for (server, fp, sock) in self._get_conns(cmd):
             conn_start_time = tm.time()
             try:
@@ -414,17 +423,7 @@ class MemcacheRing(object):
                     if msg != b'STORED':
                         if not six.PY2:
                             msg = msg.decode('ascii')
-                        self.logger.error(
-                            "Error setting value in memcached: "
-                            "%(server)s: %(msg)s",
-                            {'server': server, 'msg': msg})
-                    if 0 <= self.item_size_warning_threshold <= len(value):
-                        self.logger.warning(
-                            "Item size larger than warning threshold: "
-                            "%d (%s) >= %d (%s)", len(value),
-                            human_readable(len(value)),
-                            self.item_size_warning_threshold,
-                            human_readable(self.item_size_warning_threshold))
+                        raise MemcacheConnectionError('failed set: %s' % msg)
                     self._return_conn(server, fp, sock)
                     return
             except (Exception, Timeout) as e:

swift/common/middleware/account_quotas.py

@@ -18,15 +18,39 @@
 given account quota (in bytes) is exceeded while DELETE requests are still
 allowed.
 
-``account_quotas`` uses the ``x-account-meta-quota-bytes`` metadata entry to
-store the overall account quota. Write requests to this metadata entry are
-only permitted for resellers. There is no overall account quota limit if
-``x-account-meta-quota-bytes`` is not set.
-
-Additionally, account quotas may be set for each storage policy, using metadata
-of the form ``x-account-quota-bytes-policy-<policy name>``. Again, only
-resellers may update these metadata, and there will be no limit for a
-particular policy if the corresponding metadata is not set.
+``account_quotas`` uses the following metadata entries to store the account
+quota
+
++---------------------------------------------+-------------------------------+
+|Metadata                                     | Use                           |
++=============================================+===============================+
+| X-Account-Meta-Quota-Bytes (obsoleted)      | Maximum overall bytes stored  |
+|                                             | in account across containers. |
++---------------------------------------------+-------------------------------+
+| X-Account-Quota-Bytes                       | Maximum overall bytes stored  |
+|                                             | in account across containers. |
++---------------------------------------------+-------------------------------+
+| X-Account-Quota-Bytes-Policy-<policyname>   | Maximum overall bytes stored  |
+|                                             | in account across containers, |
+|                                             | for the given policy.         |
++---------------------------------------------+-------------------------------+
+| X-Account-Quota-Count                       | Maximum object count under    |
+|                                             | account.                      |
++---------------------------------------------+-------------------------------+
+| X-Account-Quota-Count-Policy-<policyname>   | Maximum object count under    |
+|                                             | account, for the given policy.|
++---------------------------------------------+-------------------------------+
+
+
+Write requests to those metadata entries are only permitted for resellers.
+There is no overall byte or object count limit set if the corresponding
+metadata entries are not set.
+
+Additionally, account quotas, of type quota-bytes or quota-count, may be set
+for each storage policy, using metadata of the form ``x-account-<quota type>-\
+policy-<policy name>``. Again, only resellers may update these metadata, and
+there will be no limit for a particular policy if the corresponding metadata
+is not set.
 
 .. note::
    Per-policy quotas need not sum to the overall account quota, and the sum of
@@ -78,45 +102,69 @@ class AccountQuotaMiddleware(object):
     def __init__(self, app, *args, **kwargs):
         self.app = app
 
+    def validate_and_translate_quotas(self, request, quota_type):
+        new_quotas = {}
+        new_quotas[None] = request.headers.get(
+            'X-Account-%s' % quota_type)
+        if request.headers.get(
+                'X-Remove-Account-%s' % quota_type):
+            new_quotas[None] = ''  # X-Remove dominates if both are present
+
+        for policy in POLICIES:
+            tail = 'Account-%s-Policy-%s' % (quota_type, policy.name)
+            if request.headers.get('X-Remove-' + tail):
+                new_quotas[policy.idx] = ''
+            else:
+                quota = request.headers.pop('X-' + tail, None)
+                new_quotas[policy.idx] = quota
+
+        if request.environ.get('reseller_request') is True:
+            if any(quota and not quota.isdigit()
+                    for quota in new_quotas.values()):
+                raise HTTPBadRequest()
+            for idx, quota in new_quotas.items():
+                if idx is None:
+                    hdr = 'X-Account-Sysmeta-%s' % quota_type
+                else:
+                    hdr = 'X-Account-Sysmeta-%s-Policy-%d' % (quota_type, idx)
+                request.headers[hdr] = quota
+        elif any(quota is not None for quota in new_quotas.values()):
+            # deny quota set for non-reseller
+            raise HTTPForbidden()
+
     def handle_account(self, request):
         if request.method in ("POST", "PUT"):
+            # Support old meta format
+            for legacy_header in [
+                'X-Account-Meta-Quota-Bytes',
+                'X-Remove-Account-Meta-Quota-Bytes',
+            ]:
+                new_header = legacy_header.replace('-Meta-', '-')
+                legacy_value = request.headers.get(legacy_header)
+                if legacy_value is not None and not \
+                        request.headers.get(new_header):
+                    request.headers[new_header] = legacy_value
             # account request, so we pay attention to the quotas
-            new_quotas = {}
-            new_quotas[None] = request.headers.get(
-                'X-Account-Meta-Quota-Bytes')
-            if request.headers.get(
-                    'X-Remove-Account-Meta-Quota-Bytes'):
-                new_quotas[None] = 0  # X-Remove dominates if both are present
-
-            for policy in POLICIES:
-                tail = 'Account-Quota-Bytes-Policy-%s' % policy.name
-                if request.headers.get('X-Remove-' + tail):
-                    new_quotas[policy.idx] = 0
-                else:
-                    quota = request.headers.pop('X-' + tail, None)
-                    new_quotas[policy.idx] = quota
-
-            if request.environ.get('reseller_request') is True:
-                if any(quota and not quota.isdigit()
-                       for quota in new_quotas.values()):
-                    return HTTPBadRequest()
-                for idx, quota in new_quotas.items():
-                    if idx is None:
-                        continue  # For legacy reasons, it's in user meta
-                    hdr = 'X-Account-Sysmeta-Quota-Bytes-Policy-%d' % idx
-                    request.headers[hdr] = quota
-            elif any(quota is not None for quota in new_quotas.values()):
-                # deny quota set for non-reseller
-                return HTTPForbidden()
-
+            self.validate_and_translate_quotas(request, "Quota-Bytes")
+            self.validate_and_translate_quotas(request, "Quota-Count")
         resp = request.get_response(self.app)
         # Non-resellers can't update quotas, but they *can* see them
-        for policy in POLICIES:
-            infix = 'Quota-Bytes-Policy'
-            value = resp.headers.get('X-Account-Sysmeta-%s-%d' % (
-                infix, policy.idx))
+        # Global quotas
+        postfixes = ('Quota-Bytes', 'Quota-Count')
+        for postfix in postfixes:
+            value = resp.headers.get('X-Account-Sysmeta-%s' % postfix)
             if value:
-                resp.headers['X-Account-%s-%s' % (infix, policy.name)] = value
+                resp.headers['X-Account-%s' % postfix] = value
+
+        # Per policy quotas
+        for policy in POLICIES:
+            infixes = ('Quota-Bytes-Policy', 'Quota-Count-Policy')
+            for infix in infixes:
+                value = resp.headers.get('X-Account-Sysmeta-%s-%d' % (
+                    infix, policy.idx))
+                if value:
+                    resp.headers['X-Account-%s-%s' % (
+                        infix, policy.name)] = value
         return resp
 
     @wsgify
@@ -148,8 +196,14 @@ class AccountQuotaMiddleware(object):
                                         swift_source='AQ')
         if not account_info:
             return self.app
+
+        # Check for quota byte violation
         try:
-            quota = int(account_info['meta'].get('quota-bytes', -1))
+            quota = int(
+                account_info["sysmeta"].get(
+                    "quota-bytes", account_info["meta"].get("quota-bytes", -1)
+                )
+            )
         except ValueError:
             quota = -1
         if quota >= 0:
@@ -168,11 +222,34 @@ class AccountQuotaMiddleware(object):
                 else:
                     return resp
 
+        # Check for quota count violation
+        try:
+            quota = int(account_info['sysmeta'].get('quota-count', -1))
+        except ValueError:
+            quota = -1
+        if quota >= 0:
+            new_count = int(account_info['total_object_count']) + 1
+            if quota < new_count:
+                resp = HTTPRequestEntityTooLarge(body='Upload exceeds quota.')
+                if 'swift.authorize' in request.environ:
+                    orig_authorize = request.environ['swift.authorize']
+
+                    def reject_authorize(*args, **kwargs):
+                        aresp = orig_authorize(*args, **kwargs)
+                        if aresp:
+                            return aresp
+                        return resp
+                    request.environ['swift.authorize'] = reject_authorize
+                else:
+                    return resp
+
         container_info = get_container_info(request.environ, self.app,
                                             swift_source='AQ')
         if not container_info:
             return self.app
         policy_idx = container_info['storage_policy']
+
+        # Check quota-byte per policy
         sysmeta_key = 'quota-bytes-policy-%s' % policy_idx
         try:
             policy_quota = int(account_info['sysmeta'].get(sysmeta_key, -1))
@@ -196,6 +273,30 @@ class AccountQuotaMiddleware(object):
                 else:
                     return resp
 
+        # Check quota-count per policy
+        sysmeta_key = 'quota-count-policy-%s' % policy_idx
+        try:
+            policy_quota = int(account_info['sysmeta'].get(sysmeta_key, -1))
+        except ValueError:
+            policy_quota = -1
+        if policy_quota >= 0:
+            policy_stats = account_info['storage_policies'].get(policy_idx, {})
+            new_size = int(policy_stats.get('object_count', 0)) + 1
+            if policy_quota < new_size:
+                resp = HTTPRequestEntityTooLarge(
+                    body='Upload exceeds policy quota.')
+                if 'swift.authorize' in request.environ:
+                    orig_authorize = request.environ['swift.authorize']
+
+                    def reject_authorize(*args, **kwargs):
+                        aresp = orig_authorize(*args, **kwargs)
+                        if aresp:
+                            return aresp
+                        return resp
+                    request.environ['swift.authorize'] = reject_authorize
+                else:
+                    return resp
+
         return self.app
 
 

swift/common/middleware/backend_ratelimit.py

@@ -12,47 +12,188 @@
 # implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import os
 import time
-from collections import defaultdict
 
 from swift.common.request_helpers import split_and_validate_path
 from swift.common.swob import Request, HTTPTooManyBackendRequests, \
     HTTPException
 from swift.common.utils import get_logger, non_negative_float, \
-    EventletRateLimiter
+    EventletRateLimiter, readconf
 
 RATE_LIMITED_METHODS = ('GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'UPDATE',
                         'REPLICATE')
+BACKEND_RATELIMIT_CONFIG_SECTION = 'backend_ratelimit'
+DEFAULT_BACKEND_RATELIMIT_CONF_FILE = 'backend-ratelimit.conf'
+DEFAULT_CONFIG_RELOAD_INTERVAL = 60.0
+DEFAULT_REQUESTS_PER_DEVICE_PER_SECOND = 0.0
+DEFAULT_REQUESTS_PER_DEVICE_RATE_BUFFER = 1.0
 
 
 class BackendRateLimitMiddleware(object):
     """
     Backend rate-limiting middleware.
 
-    Rate-limits requests to backend storage node devices. Each device is
-    independently rate-limited. All requests with a 'GET', 'HEAD', 'PUT',
-    'POST', 'DELETE', 'UPDATE' or 'REPLICATE' method are included in a device's
-    rate limit.
+    Rate-limits requests to backend storage node devices. Each (device, request
+    method) combination is independently rate-limited. All requests with a
+    'GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'UPDATE' or 'REPLICATE' method are
+    rate limited on a per-device basis by both a method-specific rate and an
+    overall device rate limit.
 
-    If a request would cause the rate-limit to be exceeded then a response with
-    a 529 status code is returned.
+    If a request would cause the rate-limit to be exceeded for the method
+    and/or device then a response with a 529 status code is returned.
     """
-    def __init__(self, app, conf, logger=None):
+    def __init__(self, app, filter_conf, logger=None):
         self.app = app
-        self.logger = logger or get_logger(conf, log_route='backend_ratelimit')
-        self.requests_per_device_per_second = non_negative_float(
-            conf.get('requests_per_device_per_second', 0.0))
-        self.requests_per_device_rate_buffer = non_negative_float(
-            conf.get('requests_per_device_rate_buffer', 1.0))
-
-        # map device -> RateLimiter
-        self.rate_limiters = defaultdict(
-            lambda: EventletRateLimiter(
-                max_rate=self.requests_per_device_per_second,
+        self.filter_conf = filter_conf
+        self.logger = logger or get_logger(self.filter_conf,
+                                           log_route='backend_ratelimit')
+        self.requests_per_device_rate_buffer = \
+            DEFAULT_REQUESTS_PER_DEVICE_RATE_BUFFER
+        # map (device, method) -> rate
+        self.requests_per_device_per_second = {}
+        # map (device, method) -> RateLimiter, populated on-demand
+        self.rate_limiters = {}
+
+        # some config options are *only* read from filter conf at startup...
+        default_conf_path = os.path.join(
+            self.filter_conf.get('swift_dir', '/etc/swift'),
+            DEFAULT_BACKEND_RATELIMIT_CONF_FILE)
+        try:
+            self.conf_path = self.filter_conf['backend_ratelimit_conf_path']
+            self.is_config_file_expected = True
+        except KeyError:
+            self.conf_path = default_conf_path
+            self.is_config_file_expected = False
+        self.config_reload_interval = non_negative_float(
+            filter_conf.get('config_reload_interval',
+                            DEFAULT_CONFIG_RELOAD_INTERVAL))
+
+        # other conf options are read from filter section at startup but may
+        # also be overridden by options in a separate config file...
+        self._last_config_reload_attempt = time.time()
+        self._apply_config(self.filter_conf)
+        self._load_config_file()
+
+    def _refresh_ratelimiters(self):
+        # note: if we ever wanted to prune the ratelimiters (in case devices
+        # have been removed) we could inspect each ratelimiter's running_time
+        # and remove those with very old running_time
+        for (dev, method), rl in self.rate_limiters.items():
+            rl.set_max_rate(self.requests_per_device_per_second[method])
+            rl.set_rate_buffer(self.requests_per_device_rate_buffer)
+
+    def _apply_config(self, conf):
+        modified = False
+        reqs_per_device_rate_buffer = non_negative_float(
+            conf.get('requests_per_device_rate_buffer',
+                     DEFAULT_REQUESTS_PER_DEVICE_RATE_BUFFER))
+
+        # note: 'None' key holds the aggregate per-device limit for all methods
+        reqs_per_device_per_second = {None: non_negative_float(
+            conf.get('requests_per_device_per_second', 0.0))}
+        for method in RATE_LIMITED_METHODS:
+            val = non_negative_float(
+                conf.get('%s_requests_per_device_per_second'
+                         % method.lower(), 0.0))
+            reqs_per_device_per_second[method] = val
+
+        if reqs_per_device_rate_buffer != self.requests_per_device_rate_buffer:
+            self.requests_per_device_rate_buffer = reqs_per_device_rate_buffer
+            modified = True
+        if reqs_per_device_per_second != self.requests_per_device_per_second:
+            self.requests_per_device_per_second = reqs_per_device_per_second
+            self.is_any_rate_limit_configured = any(
+                self.requests_per_device_per_second.values())
+            modified = True
+        if modified:
+            self._refresh_ratelimiters()
+        return modified
+
+    def _load_config_file(self):
+        # If conf file can be read then apply its options to the filter conf
+        # options, discarding *all* options previously loaded from the conf
+        # file i.e. options deleted from the conf file will revert to the
+        # filter conf value or default value. If the conf file cannot be read
+        # or is invalid, then the current config is left unchanged.
+        try:
+            new_conf = dict(self.filter_conf)  # filter_conf not current conf
+            new_conf.update(
+                readconf(self.conf_path, BACKEND_RATELIMIT_CONFIG_SECTION))
+            modified = self._apply_config(new_conf)
+            if modified:
+                self.logger.info('Loaded config file %s, config changed',
+                                 self.conf_path)
+            elif not self.is_config_file_expected:
+                self.logger.info('Loaded new config file %s, config unchanged',
+                                 self.conf_path)
+            else:
+                self.logger.debug(
+                    'Loaded existing config file %s, config unchanged',
+                    self.conf_path)
+            self.is_config_file_expected = True
+        except IOError as err:
+            if self.is_config_file_expected:
+                self.logger.warning(
+                    'Failed to load config file, config unchanged: %s', err)
+            self.is_config_file_expected = False
+        except ValueError as err:
+            # ...but if it exists it should be valid
+            self.logger.warning('Invalid config file %s, config unchanged: %s',
+                                self.conf_path, err)
+
+    def _maybe_reload_config(self):
+        if self.config_reload_interval:
+            now = time.time()
+            if (now - self._last_config_reload_attempt
+                    >= self.config_reload_interval):
+                try:
+                    self._load_config_file()
+                except Exception:  # noqa
+                    self.logger.exception('Error reloading config file')
+                finally:
+                    # always reset last loaded time to avoid re-try storm
+                    self._last_config_reload_attempt = now
+
+    def _get_ratelimiter(self, device, method=None):
+        """
+        Get a rate limiter for the (device, method) combination. If a rate
+        limiter does not yet exist for the given (device, method) combination
+        then it is created and added to the map of rate limiters.
+
+        :param: the device.
+        :method: the request method; if None then the aggregate rate limiter
+            for all requests to the device is returned.
+        :returns: an instance of ``EventletRateLimiter``.
+        """
+        try:
+            rl = self.rate_limiters[(device, method)]
+        except KeyError:
+            rl = EventletRateLimiter(
+                max_rate=self.requests_per_device_per_second[method],
                 rate_buffer=self.requests_per_device_rate_buffer,
                 running_time=time.time(),
-                burst_after_idle=True))
+                burst_after_idle=True)
+            self.rate_limiters[(device, method)] = rl
+        return rl
+
+    def _is_allowed(self, device, method):
+        """
+        Evaluate backend rate-limiting policies for the incoming request.
+
+        A request is allowed when neither the per-(device, method) rate-limit
+        nor the per-device rate-limit has been reached.
+
+        Note: a request will be disallowed if the aggregate per-device
+        rate-limit has been reached, even if the per-(device, method)
+        rate-limit has not been reached for the request's method.
+
+        :param: the device.
+        :method: the request method.
+        :returns: boolean, is_allowed.
+        """
+        return (self._get_ratelimiter(device, None).is_allowed()
+                and self._get_ratelimiter(device, method).is_allowed())
 
     def __call__(self, env, start_response):
         """
@@ -61,9 +202,11 @@ class BackendRateLimitMiddleware(object):
         :param env: WSGI environment dictionary
         :param start_response: WSGI callable
         """
+        self._maybe_reload_config()
         req = Request(env)
         handler = self.app
-        if req.method in RATE_LIMITED_METHODS:
+        if (self.is_any_rate_limit_configured
+                and req.method in RATE_LIMITED_METHODS):
             try:
                 device, partition, _ = split_and_validate_path(req, 1, 3, True)
                 int(partition)  # check it's a valid partition
@@ -71,8 +214,7 @@ class BackendRateLimitMiddleware(object):
                 # request may not have device/partition e.g. a healthcheck req
                 pass
             else:
-                rate_limiter = self.rate_limiters[device]
-                if not rate_limiter.is_allowed():
+                if not self._is_allowed(device, req.method):
                     self.logger.increment('backend.ratelimit')
                     handler = HTTPTooManyBackendRequests()
         return handler(env, start_response)

swift/common/middleware/catch_errors.py

@@ -13,8 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from swift import gettext_ as _
-
 from swift.common.swob import Request, HTTPServerError
 from swift.common.utils import get_logger, generate_trans_id, close_if_possible
 from swift.common.wsgi import WSGIContext
@@ -74,7 +72,7 @@ class CatchErrorsContext(WSGIContext):
             # catch any errors in the pipeline
             resp = self._app_call(env)
         except:  # noqa
-            self.logger.exception(_('Error: An error occurred'))
+            self.logger.exception('Error: An error occurred')
             resp = HTTPServerError(request=Request(env),
                                    body=b'An error occurred',
                                    content_type='text/plain')

swift/common/middleware/cname_lookup.py

@@ -29,8 +29,6 @@ rewritten and the request is passed further down the WSGI chain.
 
 import six
 
-from swift import gettext_ as _
-
 try:
     import dns.resolver
     import dns.exception
@@ -167,7 +165,7 @@ class CNAMELookupMiddleware(object):
                 elif self._domain_endswith_in_storage_domain(found_domain):
                     # Found it!
                     self.logger.info(
-                        _('Mapped %(given_domain)s to %(found_domain)s') %
+                        'Mapped %(given_domain)s to %(found_domain)s',
                         {'given_domain': given_domain,
                          'found_domain': found_domain})
                     if port:
@@ -180,8 +178,8 @@ class CNAMELookupMiddleware(object):
                 else:
                     # try one more deep in the chain
                     self.logger.debug(
-                        _('Following CNAME chain for  '
-                          '%(given_domain)s to %(found_domain)s') %
+                        'Following CNAME chain for  '
+                        '%(given_domain)s to %(found_domain)s',
                         {'given_domain': given_domain,
                          'found_domain': found_domain})
                     a_domain = found_domain

swift/common/middleware/container_sync.py

@@ -17,6 +17,7 @@ import os
 
 from swift.common.constraints import valid_api_version
 from swift.common.container_sync_realms import ContainerSyncRealms
+from swift.common.request_helpers import append_log_info
 from swift.common.swob import HTTPBadRequest, HTTPUnauthorized, wsgify
 from swift.common.utils import (
     config_true_value, get_logger, streq_const_time)
@@ -109,20 +110,17 @@ class ContainerSync(object):
             valid = False
             auth = auth.split()
             if len(auth) != 3:
-                req.environ.setdefault('swift.log_info', []).append(
-                    'cs:not-3-args')
+                append_log_info(req.environ, 'cs:not-3-args')
             else:
                 realm, nonce, sig = auth
                 realm_key = self.realms_conf.key(realm)
                 realm_key2 = self.realms_conf.key2(realm)
                 if not realm_key:
-                    req.environ.setdefault('swift.log_info', []).append(
-                        'cs:no-local-realm-key')
+                    append_log_info(req.environ, 'cs:no-local-realm-key')
                 else:
                     user_key = info.get('sync_key')
                     if not user_key:
-                        req.environ.setdefault('swift.log_info', []).append(
-                            'cs:no-local-user-key')
+                        append_log_info(req.environ, 'cs:no-local-user-key')
                     else:
                         # x-timestamp headers get shunted by gatekeeper
                         if 'x-backend-inbound-x-timestamp' in req.headers:
@@ -139,11 +137,9 @@ class ContainerSync(object):
                             realm_key2, user_key) if realm_key2 else expected
                         if not streq_const_time(sig, expected) and \
                                 not streq_const_time(sig, expected2):
-                            req.environ.setdefault(
-                                'swift.log_info', []).append('cs:invalid-sig')
+                            append_log_info(req.environ, 'cs:invalid-sig')
                         else:
-                            req.environ.setdefault(
-                                'swift.log_info', []).append('cs:valid')
+                            append_log_info(req.environ, 'cs:valid')
                             valid = True
             if not valid:
                 exc = HTTPUnauthorized(