Created
June 15, 2020 19:17
-
-
Save clayg/72494e96b616c92fb0ea95e062f8793d to your computer and use it in GitHub Desktop.
don't HEAD buckets to get account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/swift/common/middleware/s3api/s3request.py b/swift/common/middleware/s3api/s3request.py | |
index 28e734f0b..2a0193867 100644 | |
--- a/swift/common/middleware/s3api/s3request.py | |
+++ b/swift/common/middleware/s3api/s3request.py | |
@@ -37,8 +37,7 @@ from swift.common.http import HTTP_OK, HTTP_CREATED, HTTP_ACCEPTED, \ | |
HTTP_TOO_MANY_REQUESTS, HTTP_RATE_LIMITED, is_success | |
from swift.common.constraints import check_utf8 | |
-from swift.proxy.controllers.base import get_container_info, \ | |
- headers_to_container_info | |
+from swift.proxy.controllers.base import get_container_info | |
from swift.common.request_helpers import check_path_header | |
from swift.common.middleware.s3api.controllers import ServiceController, \ | |
@@ -1436,25 +1435,28 @@ class S3Request(swob.Request): | |
:raises: NoSuchBucket when the container doesn't exist | |
:raises: InternalError when the request failed without 404 | |
""" | |
- if self.is_authenticated: | |
- # if we have already authenticated, yes we can use the account | |
- # name like as AUTH_xxx for performance efficiency | |
- sw_req = self.to_swift_req(app, self.container_name, None) | |
- info = get_container_info(sw_req.environ, app, swift_source='S3') | |
- if is_success(info['status']): | |
- return info | |
- elif info['status'] == 404: | |
- raise NoSuchBucket(self.container_name) | |
- else: | |
- raise InternalError( | |
- 'unexpected status code %d' % info['status']) | |
+ if not self.is_authenticated: | |
+ sw_req = self.to_swift_req('TEST', None, None, body='') | |
+ # don't show log message of this request | |
+ sw_req.environ['swift.proxy_access_log_made'] = True | |
+ | |
+ sw_resp = sw_req.get_response(app) | |
+ | |
+ if not sw_req.remote_user: | |
+ raise SignatureDoesNotMatch( | |
+ **self.signature_does_not_match_kwargs()) | |
+ | |
+ _, self.account, _ = split_path(sw_resp.environ['PATH_INFO'], | |
+ 2, 3, True) | |
+ sw_req = self.to_swift_req(app, self.container_name, None) | |
+ info = get_container_info(sw_req.environ, app, swift_source='S3') | |
+ if is_success(info['status']): | |
+ return info | |
+ elif info['status'] == 404: | |
+ raise NoSuchBucket(self.container_name) | |
else: | |
- # otherwise we do naive HEAD request with the authentication | |
- resp = self.get_response(app, 'HEAD', self.container_name, '') | |
- headers = resp.sw_headers.copy() | |
- headers.update(resp.sysmeta_headers) | |
- return headers_to_container_info( | |
- headers, resp.status_int) # pylint: disable-msg=E1101 | |
+ raise InternalError( | |
+ 'unexpected status code %d' % info['status']) | |
def gen_multipart_manifest_delete_query(self, app, obj=None, version=None): | |
if not self.allow_multipart_uploads: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment