swift 2.32.0__py2.py3-none-any.whl → 2.34.0__py2.py3-none-any.whl

swift/common/middleware/crypto/crypto_utils.py

@@ -22,7 +22,6 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 import six
 from six.moves.urllib import parse as urlparse
 
-from swift import gettext_ as _
 from swift.common.exceptions import EncryptionException, UnknownSecretIdError
 from swift.common.swob import HTTPInternalServerError
 from swift.common.utils import get_logger
@@ -160,7 +159,7 @@ class CryptoWSGIContext(WSGIContext):
         try:
             fetch_crypto_keys = env[CRYPTO_KEY_CALLBACK]
         except KeyError:
-            self.logger.exception(_('ERROR get_keys() missing callback'))
+            self.logger.exception('ERROR get_keys() missing callback')
             raise HTTPInternalServerError(
                 "Unable to retrieve encryption keys.")
 
@@ -181,12 +180,12 @@ class CryptoWSGIContext(WSGIContext):
                 self.crypto.check_key(key)
                 continue
             except KeyError:
-                self.logger.exception(_("Missing key for %r") % name)
+                self.logger.exception("Missing key for %r", name)
             except TypeError:
-                self.logger.exception(_("Did not get a keys dict"))
+                self.logger.exception("Did not get a keys dict")
             except ValueError as e:
                 # don't include the key in any messages!
-                self.logger.exception(_("Bad key for %(name)r: %(err)s") %
+                self.logger.exception("Bad key for %(name)r: %(err)s",
                                       {'name': name, 'err': e})
             raise HTTPInternalServerError(
                 "Unable to retrieve encryption keys.")

swift/common/middleware/crypto/decrypter.py

@@ -16,7 +16,6 @@
 import base64
 import json
 
-from swift import gettext_ as _
 from swift.common.header_key_dict import HeaderKeyDict
 from swift.common.http import is_success
 from swift.common.middleware.crypto.crypto_utils import CryptoWSGIContext, \
@@ -77,10 +76,10 @@ class BaseDecrypterContext(CryptoWSGIContext):
                                           crypto_meta['body_key'])
         except KeyError as err:
             self.logger.error(
-                _('Error decrypting %(resp_type)s: Missing %(key)s'),
+                'Error decrypting %(resp_type)s: Missing %(key)s',
                 {'resp_type': self.server_type, 'key': err})
         except ValueError as err:
-            self.logger.error(_('Error decrypting %(resp_type)s: %(reason)s'),
+            self.logger.error('Error decrypting %(resp_type)s: %(reason)s',
                               {'resp_type': self.server_type, 'reason': err})
         raise HTTPInternalServerError(
             body='Error decrypting %s' % self.server_type,
@@ -178,7 +177,7 @@ class DecrypterObjContext(BaseDecrypterContext):
                 value, key, required, bytes_to_wsgi)
         except EncryptionException as err:
             self.logger.error(
-                _("Error decrypting header %(header)s: %(error)s"),
+                "Error decrypting header %(header)s: %(error)s",
                 {'header': header, 'error': err})
             raise HTTPInternalServerError(
                 body='Error decrypting header',
@@ -313,7 +312,7 @@ class DecrypterObjContext(BaseDecrypterContext):
             try:
                 crypto_meta = self.get_crypto_meta(header, check)
             except EncryptionException as err:
-                self.logger.error(_('Error decrypting object: %s'), err)
+                self.logger.error('Error decrypting object: %s', err)
                 raise HTTPInternalServerError(
                     body='Error decrypting object', content_type='text/plain')
         return crypto_meta

swift/common/middleware/crypto/kms_keymaster.py

@@ -34,7 +34,7 @@ class KmsKeyMaster(BaseKeyMaster):
                       'domain_id', 'domain_name', 'project_id',
                       'project_domain_id', 'reauthenticate',
                       'auth_endpoint', 'api_class', 'key_id*',
-                      'active_root_secret_id')
+                      'barbican_endpoint', 'active_root_secret_id')
     keymaster_conf_section = 'kms_keymaster'
 
     def _get_root_secret(self, conf):
@@ -67,6 +67,7 @@ class KmsKeyMaster(BaseKeyMaster):
         oslo_conf = cfg.ConfigOpts()
         options.set_defaults(
             oslo_conf, auth_endpoint=conf.get('auth_endpoint'),
+            barbican_endpoint=conf.get('barbican_endpoint'),
             api_class=conf.get('api_class')
         )
         options.enable_logging()

swift/common/middleware/proxy_logging.py

@@ -27,19 +27,28 @@ The logging format implemented below is as follows::
         start_time end_time policy_index
 
 These values are space-separated, and each is url-encoded, so that they can
-be separated with a simple .split()
-
-* remote_addr is the contents of the REMOTE_ADDR environment variable, while
-  client_ip is swift's best guess at the end-user IP, extracted variously
-  from the X-Forwarded-For header, X-Cluster-Ip header, or the REMOTE_ADDR
-  environment variable.
-
-* source (swift.source in the WSGI environment) indicates the code
+be separated with a simple ``.split()``.
+
+* ``remote_addr`` is the contents of the REMOTE_ADDR environment variable,
+  while ``client_ip`` is swift's best guess at the end-user IP, extracted
+  variously from the X-Forwarded-For header, X-Cluster-Ip header, or the
+  REMOTE_ADDR environment variable.
+
+* ``status_int`` is the integer part of the ``status`` string passed to this
+  middleware's start_response function, unless the WSGI environment has an item
+  with key ``swift.proxy_logging_status``, in which case the value of that item
+  is used. Other middleware's may set ``swift.proxy_logging_status`` to
+  override the logging of ``status_int``. In either case, the logged
+  ``status_int`` value is forced to 499 if a client disconnect is detected
+  while this middleware is handling a request, or 500 if an exception is caught
+  while handling a request.
+
+* ``source`` (``swift.source`` in the WSGI environment) indicates the code
   that generated the request, such as most middleware. (See below for
   more detail.)
 
-* log_info (swift.log_info in the WSGI environment) is for additional
-  information that could prove quite useful, such as any x-delete-at
+* ``log_info`` (``swift.log_info`` in the WSGI environment) is for additional
+  information that could prove quite useful, such as any ``x-delete-at``
   value or other "behind the scenes" activity that might not
   otherwise be detectable from the plain log information. Code that
   wishes to add additional log information should use code like
@@ -62,24 +71,26 @@ For example, with staticweb, the middleware might intercept a request to
 /v1/AUTH_acc/cont/, make a subrequest to the proxy to retrieve
 /v1/AUTH_acc/cont/index.html and, in effect, respond to the client's original
 request using the 2nd request's body. In this instance the subrequest will be
-logged by the rightmost middleware (with a swift.source set) and the outgoing
-request (with body overridden) will be logged by leftmost middleware.
+logged by the rightmost middleware (with a ``swift.source`` set) and the
+outgoing request (with body overridden) will be logged by leftmost middleware.
 
 Requests that follow the normal pipeline (use the same wsgi environment
 throughout) will not be double logged because an environment variable
-(swift.proxy_access_log_made) is checked/set when a log is made.
+(``swift.proxy_access_log_made``) is checked/set when a log is made.
 
-All middleware making subrequests should take care to set swift.source when
+All middleware making subrequests should take care to set ``swift.source`` when
 needed. With the doubled proxy logs, any consumer/processor of swift's proxy
-logs should look at the swift.source field, the rightmost log value, to decide
-if this is a middleware subrequest or not. A log processor calculating
-bandwidth usage will want to only sum up logs with no swift.source.
+logs should look at the ``swift.source`` field, the rightmost log value, to
+decide if this is a middleware subrequest or not. A log processor calculating
+bandwidth usage will want to only sum up logs with no ``swift.source``.
 """
 
 import os
 import time
 
+from swift.common.constraints import valid_api_version
 from swift.common.middleware.catch_errors import enforce_byte_count
+from swift.common.request_helpers import get_log_info
 from swift.common.swob import Request
 from swift.common.utils import (get_logger, get_remote_client,
                                 config_true_value, reiterate,
@@ -238,6 +249,7 @@ class ProxyLoggingMiddleware(object):
         :param start_time: timestamp request started
         :param end_time: timestamp request completed
         :param resp_headers: dict of the response headers
+        :param ttfb: time to first byte
         :param wire_status_int: the on the wire status int
         """
         self.obscure_req(req)
@@ -260,10 +272,8 @@ class ProxyLoggingMiddleware(object):
         duration_time_str = "%.4f" % (end_time - start_time)
         policy_index = get_policy_index(req.headers, resp_headers)
 
-        acc, cont, obj = None, None, None
         swift_path = req.environ.get('swift.backend_path', req.path)
-        if swift_path.startswith('/v1/'):
-            _, acc, cont, obj = split_path(swift_path, 1, 4, True)
+        acc, cont, obj = self.get_aco_from_path(swift_path)
 
         replacements = {
             # Time information
@@ -308,8 +318,7 @@ class ProxyLoggingMiddleware(object):
             'transaction_id': req.environ.get('swift.trans_id'),
             'request_time': duration_time_str,
             'source': req.environ.get('swift.source'),
-            'log_info':
-                ','.join(req.environ.get('swift.log_info', '')),
+            'log_info': get_log_info(req.environ),
             'policy_index': policy_index,
             'ttfb': ttfb,
             'pid': self.pid,
@@ -338,22 +347,28 @@ class ProxyLoggingMiddleware(object):
             self.access_logger.update_stats(metric_name_policy + '.xfer',
                                             bytes_received + bytes_sent)
 
+    def get_aco_from_path(self, swift_path):
+        try:
+            version, acc, cont, obj = split_path(swift_path, 1, 4, True)
+            if not valid_api_version(version):
+                raise ValueError
+        except ValueError:
+            acc, cont, obj = None, None, None
+        return acc, cont, obj
+
     def get_metric_name_type(self, req):
         swift_path = req.environ.get('swift.backend_path', req.path)
-        if swift_path.startswith('/v1/'):
-            try:
-                stat_type = [None, 'account', 'container',
-                             'object'][swift_path.strip('/').count('/')]
-            except IndexError:
-                stat_type = 'object'
-        else:
-            stat_type = req.environ.get('swift.source')
-        return stat_type
+        acc, cont, obj = self.get_aco_from_path(swift_path)
+        if obj:
+            return 'object'
+        if cont:
+            return 'container'
+        if acc:
+            return 'account'
+        return req.environ.get('swift.source') or 'UNKNOWN'
 
     def statsd_metric_name(self, req, status_int, method):
         stat_type = self.get_metric_name_type(req)
-        if stat_type is None:
-            return None
         stat_method = method if method in self.valid_methods \
             else 'BAD_METHOD'
         return '.'.join((stat_type, stat_method, str(status_int)))
@@ -389,11 +404,11 @@ class ProxyLoggingMiddleware(object):
         def my_start_response(status, headers, exc_info=None):
             start_response_args[0] = (status, list(headers), exc_info)
 
-        def status_int_for_logging(start_status, client_disconnect=False):
+        def status_int_for_logging():
             # log disconnected clients as '499' status code
-            if client_disconnect or input_proxy.client_disconnect:
+            if input_proxy.client_disconnect:
                 return 499
-            return start_status
+            return env.get('swift.proxy_logging_status')
 
         def iter_response(iterable):
             iterator = reiterate(iterable)
@@ -438,21 +453,19 @@ class ProxyLoggingMiddleware(object):
                         metric_name_policy + '.first-byte.timing', ttfb * 1000)
 
             bytes_sent = 0
-            client_disconnect = False
-            start_status = wire_status_int
             try:
                 for chunk in iterator:
                     bytes_sent += len(chunk)
                     yield chunk
             except GeneratorExit:  # generator was closed before we finished
-                client_disconnect = True
+                env['swift.proxy_logging_status'] = 499
                 raise
             except Exception:
-                start_status = 500
+                env['swift.proxy_logging_status'] = 500
                 raise
             finally:
-                status_int = status_int_for_logging(
-                    start_status, client_disconnect)
+                env.setdefault('swift.proxy_logging_status', wire_status_int)
+                status_int = status_int_for_logging()
                 self.log_request(
                     req, status_int, input_proxy.bytes_received, bytes_sent,
                     start_time, time.time(), resp_headers=resp_headers,
@@ -463,7 +476,8 @@ class ProxyLoggingMiddleware(object):
             iterable = self.app(env, my_start_response)
         except Exception:
             req = Request(env)
-            status_int = status_int_for_logging(500)
+            env['swift.proxy_logging_status'] = 500
+            status_int = status_int_for_logging()
             self.log_request(
                 req, status_int, input_proxy.bytes_received, 0, start_time,
                 time.time())

swift/common/middleware/ratelimit.py

@@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import time
-from swift import gettext_ as _
 
 import eventlet
 
@@ -261,7 +260,7 @@ class RateLimitMiddleware(object):
 
         if account_name in self.ratelimit_blacklist or \
                 account_global_ratelimit == 'BLACKLIST':
-            self.logger.error(_('Returning 497 because of blacklisting: %s'),
+            self.logger.error('Returning 497 because of blacklisting: %s',
                               account_name)
             eventlet.sleep(self.BLACK_LIST_SLEEP)
             return Response(status='497 Blacklisted',
@@ -276,8 +275,8 @@ class RateLimitMiddleware(object):
                 if self.log_sleep_time_seconds and \
                         need_to_sleep > self.log_sleep_time_seconds:
                     self.logger.warning(
-                        _("Ratelimit sleep log: %(sleep)s for "
-                          "%(account)s/%(container)s/%(object)s"),
+                        "Ratelimit sleep log: %(sleep)s for "
+                        "%(account)s/%(container)s/%(object)s",
                         {'sleep': need_to_sleep, 'account': account_name,
                          'container': container_name, 'object': obj_name})
                 if need_to_sleep > 0:
@@ -288,8 +287,8 @@ class RateLimitMiddleware(object):
                 else:
                     path = '/'.join((account_name, container_name))
                 self.logger.error(
-                    _('Returning 498 for %(meth)s to %(path)s. '
-                      'Ratelimit (Max Sleep) %(e)s'),
+                    'Returning 498 for %(meth)s to %(path)s. '
+                    'Ratelimit (Max Sleep) %(e)s',
                     {'meth': req.method, 'path': path, 'e': str(e)})
                 error_resp = Response(status='498 Rate Limited',
                                       body='Slow down', request=req)
@@ -309,7 +308,7 @@ class RateLimitMiddleware(object):
             self.memcache_client = cache_from_env(env)
         if not self.memcache_client:
             self.logger.warning(
-                _('Warning: Cannot ratelimit without a memcached client'))
+                'Warning: Cannot ratelimit without a memcached client')
             return self.app(env, start_response)
         try:
             version, account, container, obj = req.split_path(1, 4, True)

swift/common/middleware/recon.py

@@ -20,7 +20,6 @@ import time
 from resource import getpagesize
 
 from swift import __version__ as swiftver
-from swift import gettext_ as _
 from swift.common.constraints import check_mount
 from swift.common.storage_policy import POLICIES
 from swift.common.swob import Request, Response
@@ -89,11 +88,11 @@ class ReconMiddleware(object):
             if err.errno == errno.ENOENT and ignore_missing:
                 pass
             else:
-                self.logger.exception(_('Error reading recon cache file'))
+                self.logger.exception('Error reading recon cache file')
         except ValueError:
-            self.logger.exception(_('Error parsing recon cache file'))
+            self.logger.exception('Error parsing recon cache file')
         except Exception:
-            self.logger.exception(_('Error retrieving recon data'))
+            self.logger.exception('Error retrieving recon data')
         return dict((key, None) for key in cache_keys)
 
     def get_version(self):
@@ -181,7 +180,7 @@ class ReconMiddleware(object):
         try:
             return {self.devices: os.listdir(self.devices)}
         except Exception:
-            self.logger.exception(_('Error listing devices'))
+            self.logger.exception('Error listing devices')
             return {self.devices: None}
 
     def get_updater_info(self, recon_type):
@@ -277,7 +276,7 @@ class ReconMiddleware(object):
                 except IOError as err:
                     sums[ringfile] = None
                     if err.errno != errno.ENOENT:
-                        self.logger.exception(_('Error reading ringfile'))
+                        self.logger.exception('Error reading ringfile')
         return sums
 
     def get_swift_conf_md5(self):
@@ -287,7 +286,7 @@ class ReconMiddleware(object):
             hexsum = md5_hash_for_file(SWIFT_CONF_FILE)
         except IOError as err:
             if err.errno != errno.ENOENT:
-                self.logger.exception(_('Error reading swift.conf'))
+                self.logger.exception('Error reading swift.conf')
         return {SWIFT_CONF_FILE: hexsum}
 
     def get_quarantine_count(self):

swift/common/middleware/s3api/acl_handlers.py

@@ -133,6 +133,15 @@ class BaseAclHandler(object):
                 query = {}
             else:
                 query = {'version-id': version_id}
+            if self.req.method == 'HEAD':
+                # This HEAD for ACL is going to also be the definitive response
+                # to the client so we need to include client params. We don't
+                # do this for other client request methods because they may
+                # have invalid combinations of params and headers for a swift
+                # HEAD request.
+                part_number = self.req.params.get('partNumber')
+                if part_number is not None:
+                    query['part-number'] = part_number
             resp = self.req.get_acl_response(app, 'HEAD',
                                              container, obj,
                                              headers, query=query)
@@ -168,7 +177,7 @@ class BaseAclHandler(object):
                 elem = fromstring(body, ACL.root_tag)
                 acl = ACL.from_elem(
                     elem, True, self.req.conf.allow_no_owner)
-            except(XMLSyntaxError, DocumentInvalid):
+            except (XMLSyntaxError, DocumentInvalid):
                 raise MalformedACLError()
             except Exception as e:
                 self.logger.error(e)

swift/common/middleware/s3api/controllers/__init__.py

@@ -33,6 +33,8 @@ from swift.common.middleware.s3api.controllers.versioning import \
     VersioningController
 from swift.common.middleware.s3api.controllers.tagging import \
     TaggingController
+from swift.common.middleware.s3api.controllers.object_lock import \
+    ObjectLockController
 
 __all__ = [
     'Controller',
@@ -50,6 +52,7 @@ __all__ = [
     'LoggingStatusController',
     'VersioningController',
     'TaggingController',
+    'ObjectLockController',
 
     'UnsupportedController',
 ]

swift/common/middleware/s3api/controllers/acl.py

@@ -19,8 +19,9 @@ from swift.common.utils import public
 
 from swift.common.middleware.s3api.exception import ACLError
 from swift.common.middleware.s3api.controllers.base import Controller
-from swift.common.middleware.s3api.s3response import HTTPOk, S3NotImplemented,\
-    MalformedACLError, UnexpectedContent, MissingSecurityHeader
+from swift.common.middleware.s3api.s3response import (
+    HTTPOk, S3NotImplemented, MalformedACLError, UnexpectedContent,
+    MissingSecurityHeader)
 from swift.common.middleware.s3api.etree import Element, SubElement, tostring
 from swift.common.middleware.s3api.acl_utils import swift_acl_translate, \
     XMLNS_XSI

swift/common/middleware/s3api/controllers/logging.py

@@ -18,8 +18,8 @@ from swift.common.utils import public
 from swift.common.middleware.s3api.controllers.base import Controller, \
     bucket_operation
 from swift.common.middleware.s3api.etree import Element, tostring
-from swift.common.middleware.s3api.s3response import HTTPOk, S3NotImplemented,\
-    NoLoggingStatusForKey
+from swift.common.middleware.s3api.s3response import (
+    HTTPOk, S3NotImplemented, NoLoggingStatusForKey)
 
 
 class LoggingStatusController(Controller):

swift/common/middleware/s3api/controllers/multi_upload.py

@@ -68,8 +68,9 @@ import time
 import six
 
 from swift.common import constraints
-from swift.common.swob import Range, bytes_to_wsgi, normalize_etag, wsgi_to_str
-from swift.common.utils import json, public, reiterate, md5
+from swift.common.swob import Range, bytes_to_wsgi, normalize_etag, \
+    wsgi_to_str
+from swift.common.utils import json, public, reiterate, md5, Timestamp
 from swift.common.db import utf8encode
 from swift.common.request_helpers import get_container_update_override_key, \
     get_param
@@ -82,7 +83,7 @@ from swift.common.middleware.s3api.s3response import InvalidArgument, \
     ErrorResponse, MalformedXML, BadDigest, KeyTooLongError, \
     InvalidPart, BucketAlreadyExists, EntityTooSmall, InvalidPartOrder, \
     InvalidRequest, HTTPOk, HTTPNoContent, NoSuchKey, NoSuchUpload, \
-    NoSuchBucket, BucketAlreadyOwnedByYou
+    NoSuchBucket, BucketAlreadyOwnedByYou, ServiceUnavailable
 from swift.common.middleware.s3api.utils import unique_id, \
     MULTIUPLOAD_SUFFIX, S3Timestamp, sysmeta_header
 from swift.common.middleware.s3api.etree import Element, SubElement, \
@@ -96,6 +97,17 @@ MAX_COMPLETE_UPLOAD_BODY_SIZE = 2048 * 1024
 
 
 def _get_upload_info(req, app, upload_id):
+    """
+    Make a HEAD request for existing upload object metadata. Tries the upload
+    marker first, and then falls back to the manifest object.
+
+    :param req: an S3Request object.
+    :param app: the wsgi app.
+    :param upload_id: the upload id.
+    :returns: a tuple of (S3Response, boolean) where the boolean is True if the
+        response is from the upload marker and False otherwise.
+    :raises: NoSuchUpload if neither the marker nor the manifest were found.
+    """
 
     container = req.container_name + MULTIUPLOAD_SUFFIX
     obj = '%s/%s' % (req.object_name, upload_id)
@@ -106,14 +118,17 @@ def _get_upload_info(req, app, upload_id):
     # it off for now...
     copy_source = req.headers.pop('X-Amz-Copy-Source', None)
     try:
-        return req.get_response(app, 'HEAD', container=container, obj=obj)
+        resp = req.get_response(app, 'HEAD', container=container, obj=obj)
+        return resp, True
     except NoSuchKey:
+        # ensure consistent path and policy are logged despite manifest HEAD
         upload_marker_path = req.environ.get('s3api.backend_path')
+        policy_index = req.policy_index
         try:
             resp = req.get_response(app, 'HEAD')
             if resp.sysmeta_headers.get(sysmeta_header(
                     'object', 'upload-id')) == upload_id:
-                return resp
+                return resp, False
         except NoSuchKey:
             pass
         finally:
@@ -121,6 +136,8 @@ def _get_upload_info(req, app, upload_id):
             # path, so put it back
             if upload_marker_path is not None:
                 req.environ['s3api.backend_path'] = upload_marker_path
+            if policy_index is not None:
+                req.policy_index = policy_index
         raise NoSuchUpload(upload_id=upload_id)
     finally:
         # ...making sure to restore any copy-source before returning
@@ -179,15 +196,7 @@ class PartController(Controller):
             raise InvalidArgument('ResourceType', 'partNumber',
                                   'Unexpected query string parameter')
 
-        try:
-            part_number = int(get_param(req, 'partNumber'))
-            if part_number < 1 or self.conf.max_upload_part_num < part_number:
-                raise Exception()
-        except Exception:
-            err_msg = 'Part number must be an integer between 1 and %d,' \
-                      ' inclusive' % self.conf.max_upload_part_num
-            raise InvalidArgument('partNumber', get_param(req, 'partNumber'),
-                                  err_msg)
+        part_number = req.validate_part_number()
 
         upload_id = get_param(req, 'uploadId')
         _get_upload_info(req, self.app, upload_id)
@@ -651,7 +660,14 @@ class UploadController(Controller):
         Handles Complete Multipart Upload.
         """
         upload_id = get_param(req, 'uploadId')
-        resp = _get_upload_info(req, self.app, upload_id)
+        resp, is_marker = _get_upload_info(req, self.app, upload_id)
+        if (is_marker and
+                resp.sw_headers.get('X-Backend-Timestamp') >= Timestamp.now()):
+            # Somehow the marker was created in the future w.r.t. this thread's
+            # clock. The manifest PUT may succeed but the subsequent marker
+            # DELETE will fail, so don't attempt either.
+            raise ServiceUnavailable
+
         headers = {'Accept': 'application/json',
                    sysmeta_header('object', 'upload-id'): upload_id}
         for key, val in resp.headers.items():

swift/common/middleware/s3api/controllers/obj.py

@@ -90,8 +90,14 @@ class ObjectController(Controller):
         if version_id not in ('null', None) and \
                 'object_versioning' not in get_swift_info():
             raise S3NotImplemented()
+        part_number = req.validate_part_number(check_max=False)
+
+        query = {}
+        if version_id is not None:
+            query['version-id'] = version_id
+        if part_number is not None:
+            query['part-number'] = part_number
 
-        query = {} if version_id is None else {'version-id': version_id}
         if version_id not in ('null', None):
             container_info = req.get_container_info(self.app)
             if not container_info.get(
@@ -101,6 +107,19 @@ class ObjectController(Controller):
 
         resp = req.get_response(self.app, query=query)
 
+        if not resp.is_slo:
+            # SLO ignores part_number for non-slo objects, but s3api only
+            # allows the query param for non-MPU if it's exactly 1.
+            part_number = req.validate_part_number(parts_count=1)
+            if part_number == 1:
+                # When the query param *is* exactly 1 the response status code
+                # and headers are updated.
+                resp.status = HTTP_PARTIAL_CONTENT
+                resp.headers['Content-Range'] = \
+                    'bytes 0-%d/%s' % (int(resp.headers['Content-Length']) - 1,
+                                       resp.headers['Content-Length'])
+            # else: part_number is None
+
         if req.method == 'HEAD':
             resp.app_iter = None
 

swift/common/middleware/s3api/controllers/object_lock.py

@@ -0,0 +1,44 @@
+# Copyright (c) 2010-2023 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from swift.common.utils import public
+
+from swift.common.middleware.s3api.controllers.base import Controller, \
+    bucket_operation, S3NotImplemented
+from swift.common.middleware.s3api.s3response import \
+    ObjectLockConfigurationNotFoundError
+
+
+class ObjectLockController(Controller):
+    """
+    Handles GET object-lock request, which always returns
+    <ObjectLockEnabled>Disabled</ObjectLockEnabled>
+    """
+    @public
+    @bucket_operation
+    def GET(self, req):
+        """
+        Handles GET object-lock param calls.
+        """
+        raise ObjectLockConfigurationNotFoundError(req.container_name)
+
+    @public
+    @bucket_operation
+    def PUT(self, req):
+        """
+        Handles PUT object-lock param calls.
+        """
+        # Basically we don't support it, so return a 501
+        raise S3NotImplemented('The requested resource is not implemented')

swift/common/middleware/s3api/s3api.py

@@ -149,6 +149,7 @@ from six.moves.urllib.parse import parse_qs
 from swift.common.constraints import valid_api_version
 from swift.common.middleware.listing_formats import \
     MAX_CONTAINER_LISTING_CONTENT_LENGTH
+from swift.common.request_helpers import append_log_info
 from swift.common.wsgi import PipelineWrapper, loadcontext, WSGIContext
 
 from swift.common.middleware import app_property
@@ -353,6 +354,7 @@ class S3ApiMiddleware(object):
             self.logger.debug(e.cause)
         except ErrorResponse as err_resp:
             self.logger.increment(err_resp.metric_name)
+            append_log_info(env, 's3:err:%s' % err_resp.summary)
             if isinstance(err_resp, InternalError):
                 self.logger.exception(err_resp)
             resp = err_resp
@@ -366,6 +368,7 @@ class S3ApiMiddleware(object):
 
         if 's3api.backend_path' in env and 'swift.backend_path' not in env:
             env['swift.backend_path'] = env['s3api.backend_path']
+
         return resp(env, start_response)
 
     def handle_request(self, req):
@@ -390,6 +393,9 @@ class S3ApiMiddleware(object):
             raise MethodNotAllowed(req.method,
                                    req.controller.resource_type())
 
+        if req.policy_index is not None:
+            res.headers.setdefault('X-Backend-Storage-Policy-Index',
+                                   req.policy_index)
         return res
 
     def check_pipeline(self, wsgi_conf):