New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: improve handling of illformed Swift's container ACLs. #13248
Conversation
Tempest hasn't found any regression here. |
@Jing-Scott: could you please take a look? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. I've considered this bug before. The SWIF indeed supports the cleaned ACLs.
src/rgw/rgw_acl_swift.cc
Outdated
@@ -64,99 +66,123 @@ static bool uid_is_public(const string& uid) | |||
sub.compare(".referrer") == 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return is_referrer(sub);
may be better, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Absolutely.
src/rgw/rgw_acl_swift.cc
Outdated
url_spec = url_spec.substr(1); | ||
boost::algorithm::trim_if(url_spec, boost::is_any_of(" \t\r\n")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the boost::algorithm::trim_if
satisfied what I wanted before. very good!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rzarzynski if these strings are only passed as headers, i don't think we should be trying to handle control characters like \t\r\n
here. looking at http://docs.openstack.org/developer/swift/overview_acl.html:
Spaces may occur between elements as shown in the following example:
.r : *, .rlistings, 7ec59e87c6584c348b563254aae4c221:*
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DONE.
ldout(cct, 10) << "normalized referer to url_spec=" << url_spec | ||
<< ", is_negative=" << is_negative << dendl; | ||
} | ||
int RGWAccessControlPolicy_SWIFT::add_grants(RGWRados* const store, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah! This logic looks more clear and more easy to understand!
71a835b
to
ebf2f51
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Look good!
@cbodley @mattbenjamin |
@Jing-Scott: we definitely need to obtain results from Teuthology first. Just scheduled a run together with #13242. |
The Teuthology run is green except one but unrelated failure. |
Fixes: http://tracker.ceph.com/issues/18796 Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
ebf2f51
to
f780fc6
Compare
@cbodley: I've addressed your comment regarding the whitespace characters by switching from |
Fixes: http://tracker.ceph.com/issues/18796
Signed-off-by: Radoslaw Zarzynski rzarzynski@mirantis.com