Fix inaccurate s3 rewrite rule.

[ksauzz]

Riak CS doesn't handle some specific characters in object name well.

see: https://gist.github.com/ksauzz/9f0dc13c9b8cb0f2a85e
related to #910

This PR includes:

• Fix s3 rewrite rule which results in losing backward compability.
• Introduce riak_cs_s3_rewrite_legacy to keep backward compatibility.
• Add regression test for riak_cs_s3_rewrite_legacy.

Topics I'd like to discuss

• Is using test-python reasonable for regression test ? At least, boto test saved me from my bad codes.

How access log format changes after this patches.

before

172.17.42.1 - - [07/Jan/2015:08:27:07 +0000] "PUT /buckets/test/objects/path1%2Fpath2%2Fte%2Bst.txt HTTP/1.1" 200 0 "" ""

after

127.0.0.1 - - [07/Jan/2015:17:28:23 +0900] "PUT /buckets/test/objects/path1%2Fpath2%2Fte%252Bst.txt HTTP/1.1" 200 0 "" ""

TODO:

• Update releasenote about description the change of rewrite rule, and how to keep backward compatibility.

[kuenishi]

I'd recommend just using rt_cs_dev:cmd/2 instead.

[kuenishi]

I don't like duplicate code ^^;

[ksauzz]

rt_cs_dev:cmd/2 doesn't look suitable for this case because it doesn't handle exit code, or output log until the command finishes.I'd like to extract these function to rtcs module.

[kuenishi]

In master branch of riak_test rtdev:cmd/2 handles the return value. We're just stale.

[kuenishi]

And also in master branch, rt_cs_dev:cmd/2 does.

[kuenishi]

This is a stale comment from copy source.

[kuenishi]

I believe you should update riak_cs_config:api/0 to handle riak_cs_s3_rewrite_legacy, or it does no harm to riak_cs_wm_common:maybe_create_user/6 ?

[kuenishi]

I also believe it is a good opportunity to write eqc tests on rewrite. If you can't afford time for now, I can do it later.

[kuenishi]

I'd be good if this test includes the exact case where the problem happened, like:

• put key "foo bar" with content "foo bar"
• put key "foo+bar" with content "foo+bar"
• read "foo bar" and "foo+bar" and verify they have different content

[kuenishi]

Maybe it's about testing legacy code, so I'd say this is enough to test old behaviour.

[kuenishi]

Memo: to preserve old path translation behaviour, users should update app.config as {rewrite_module, riak_cs_s3_rewrite_legacy} from default when updating from 1.5.3 or older.

[kuenishi]

After upgraded to the latest version and not to preserve old odd behaviour, new key for the old object put as "foo+bar", is "foo bar".

[shino]

By removing URL decode at rewrite module, bucket part of path style
access is never decoded.

For example, using GET Bucket request (client can URL encode any characters in path part, %74 is t):

s3curl.pl --id cs --get -- -x 127.0.0.1:15018 -i -s 'http://s3.amazonaws.com/%74est2'

Current release/1.5 branch responds with 200 OK and contents:

HTTP/1.1 200 OK
Server: Riak CS
Date: Thu, 08 Jan 2015 02:14:39 GMT
Content-Type: application/xml
Content-Length: 253

<?xml version="1.0" encoding="UTF-8"?><ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>test2</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><Delimiter></Delimiter><IsTruncated>false</IsTruncated></ListBucketResult>%

This branch (at commit d1c3d02) responds with error:

HTTP/1.1 404 Object Not Found
Server: Riak CS
Date: Thu, 08 Jan 2015 02:14:08 GMT
Content-Type: application/xml
Content-Length: 185

<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><Resource>/%74est2</Resource><RequestId></RequestId></Error>%

[kuenishi]

As for @shino 's comment, we'll leave it for bucket names bug just fix object keys. If legacy behaviour preferred, just use legacy rewrite module.

[shino]

@kuenishi The bug was fixed by 40609c5 (if I understand correctly).

[kuenishi]

ah 🙏

[kuenishi]

All riak_test has passed as usual. test-riak_cs is still screwed, although.

[kuenishi]

[kuenishi]

quote state     RAW    escaped(1)  escaped(2)    example

                 *                               'baz/foo bar'        'baz/foo+bar'
client app       +--------+                      'baz/foo%20bar'      'baz/foo%2Bbar'
                          |
HTTP                      |
                          |
webmachine                |
before rewrite            |
rewrite                   +------------+         'baz%2Ffoo%2520bar'  'baz%2Ffoo%252Bbar'
after rewrite                          |
                                       |
extract_key      +---------------------+
                 |
                 v
                 *                               'baz/foo bar'        'baz/foo+bar'

[shino]

Note: The above diagram is only on objects part of the path in case of "virtual host style" access. buckets part in "path style" and subresource part are different, not doubly escaped at any point of time.

[ksauzz]

@borshop merge

[shino]

This also fixed #977 which described the case of % character and subsequent [0-9a-zA-Z]{2} as well as + sign (in client application layer).

[Basho-JIRA]

Reopening to get on sprint backlog - will close again shortly.

_[posted via JIRA by Deborah Rakow]_

[Basho-JIRA]

Re-closing after adding to sprint

_[posted via JIRA by Deborah Rakow]_