-
-
Save notmyname/ab4712e51945e7a2a0cd5fb0363f0b61 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 02c6a35db8d5d01292575aa31a857753f7538a75 Mon Sep 17 00:00:00 2001 | |
From: John Dickinson <me@not.mn> | |
Date: Wed, 11 Jan 2017 10:55:30 -0800 | |
Subject: [PATCH 1/2] remove tokens and keys from debug | |
Change-Id: I8890125de5641545311b0dec8fb8f6bb10ca3ad5 | |
--- | |
swift/common/middleware/tempauth.py | 5 +---- | |
1 file changed, 1 insertion(+), 4 deletions(-) | |
diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py | |
index 11dad41f..349ac990 100644 | |
--- a/swift/common/middleware/tempauth.py | |
+++ b/swift/common/middleware/tempauth.py | |
@@ -247,8 +247,6 @@ class TempAuth(object): | |
if groups: | |
user = groups and groups.split(',', 1)[0] or '' | |
trans_id = env.get('swift.trans_id') | |
- self.logger.debug('User: %s uses token %s (trans_id %s)' % | |
- (user, 's3' if s3 else token, trans_id)) | |
env['REMOTE_USER'] = groups | |
env['swift.authorize'] = self.authorize | |
env['swift.clean_acl'] = clean_acl | |
@@ -537,8 +535,7 @@ class TempAuth(object): | |
and (req.environ['swift_sync_key'] == | |
req.headers.get('x-container-sync-key', None)) | |
and 'x-timestamp' in req.headers): | |
- self.logger.debug("Allow request with container sync-key: %s." | |
- % req.environ['swift_sync_key']) | |
+ self.logger.debug("Allow request with container sync-key") | |
return None | |
if req.method == 'OPTIONS': | |
-- | |
2.11.0 | |
From 692b881f2f64a937b25fbee61af1d98bb240d7d6 Mon Sep 17 00:00:00 2001 | |
From: John Dickinson <me@not.mn> | |
Date: Wed, 11 Jan 2017 10:59:34 -0800 | |
Subject: [PATCH 2/2] remove debug log noise | |
Change-Id: I62950aefeaf766713358ac51670c0ec7bc25e245 | |
--- | |
swift/common/middleware/tempauth.py | 19 ------------------- | |
1 file changed, 19 deletions(-) | |
diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py | |
index 349ac990..361fa16e 100644 | |
--- a/swift/common/middleware/tempauth.py | |
+++ b/swift/common/middleware/tempauth.py | |
@@ -508,8 +508,6 @@ class TempAuth(object): | |
account not in self.reseller_prefixes and \ | |
not self._dot_account(account): | |
req.environ['swift_owner'] = True | |
- self.logger.debug("User %s has reseller admin authorizing." | |
- % account_user) | |
return None | |
if account in user_groups and \ | |
@@ -521,40 +519,29 @@ class TempAuth(object): | |
'require_group') | |
if require_group and require_group in user_groups: | |
req.environ['swift_owner'] = True | |
- self.logger.debug("User %s has admin and %s group." | |
- " Authorizing." % (account_user, | |
- require_group)) | |
return None | |
elif not require_group: | |
req.environ['swift_owner'] = True | |
- self.logger.debug("User %s has admin authorizing." | |
- % account_user) | |
return None | |
if (req.environ.get('swift_sync_key') | |
and (req.environ['swift_sync_key'] == | |
req.headers.get('x-container-sync-key', None)) | |
and 'x-timestamp' in req.headers): | |
- self.logger.debug("Allow request with container sync-key") | |
return None | |
if req.method == 'OPTIONS': | |
# allow OPTIONS requests to proceed as normal | |
- self.logger.debug("Allow OPTIONS request.") | |
return None | |
referrers, groups = parse_acl(getattr(req, 'acl', None)) | |
if referrer_allowed(req.referer, referrers): | |
if obj or '.rlistings' in groups: | |
- self.logger.debug("Allow authorizing %s via referer ACL." | |
- % req.referer) | |
return None | |
for user_group in user_groups: | |
if user_group in groups: | |
- self.logger.debug("User %s allowed in ACL: %s authorizing." | |
- % (account_user, user_group)) | |
return None | |
# Check for access via X-Account-Access-Control | |
@@ -565,20 +552,14 @@ class TempAuth(object): | |
user_group_set = set(user_groups) | |
if user_group_set.intersection(acct_acls['admin']): | |
req.environ['swift_owner'] = True | |
- self.logger.debug('User %s allowed by X-Account-Access-Control' | |
- ' (admin)' % account_user) | |
return None | |
if (user_group_set.intersection(acct_acls['read-write']) and | |
(container or req.method in ('GET', 'HEAD'))): | |
# The RW ACL allows all operations to containers/objects, but | |
# only GET/HEAD to accounts (and OPTIONS, above) | |
- self.logger.debug('User %s allowed by X-Account-Access-Control' | |
- ' (read-write)' % account_user) | |
return None | |
if (user_group_set.intersection(acct_acls['read-only']) and | |
req.method in ('GET', 'HEAD')): | |
- self.logger.debug('User %s allowed by X-Account-Access-Control' | |
- ' (read-only)' % account_user) | |
return None | |
return self.denied_response(req) | |
-- | |
2.11.0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment