rgw: swift: tempurl fixes for ceph #47723
Conversation
mdw-at-linuxbox
requested review from
dang,
tchaikov,
mattbenjamin,
cbodley and
prateek2211
src/rgw/rgw_rest_swift.cc
Outdated
| @@ -41,6 +41,110 @@ | |||
|
|
|||
| using namespace std; | |||
|
|
|||
| template <class H, bool O> | |||
There was a problem hiding this comment.
a comment clarifying what the H and O template parameters mean would be helpful--I mean obviously H is for HMAC. It took me a long time to find the H actually used at the bottom of the stack of templates. But it seems reasonable. I speculate below that it would be clearer if we were able to somehow remove the untemplated versions, that support multiple digest sizes in all their methods...
| size_t pos = x.find(':'); | ||
| if (pos == x.npos || pos <= 0) { | ||
| switch(x.length()) { | ||
| case CEPH_CRYPTO_HMACSHA1_DIGESTSIZE*2: |
There was a problem hiding this comment.
why hasn't the template split removed the need for the switch statement? i.e., you've templated out the HMAC and (um, O) parameters in descendant template types. Could the ancestor types become abstract, maybe?
There was a problem hiding this comment.
The switch statement here is part of the logic that decides at run-time which of the 6 different forms of template logic it should realize. All the template logic happens strictly at compile-time, it can't replace the ultimate need to do grody old-fashioned run-time string parsing, which is what's happening here.
There are however 2 things I didn't do in this direction: firrstly, there are 2 copies of get_sig_helper, one for tempurl and one for formpost. It could be trivially one templated function, or less trivially, integrated into some other base class. There's no runtime advantage to this, and it makes include files a bit more messy.
The other thing is the template classes RGWFormPost::SignatureHelper_x and TempURLSignature::SignatureHelper_x, these both mainly contain thunks for calc() and is_equal_to(). Slightly more clever class logic might eliminate the need for those, but I kept ending up with worse kludges chasing that down.
There was a problem hiding this comment.
I like the use of templates, sorry I seemed to be over reading here; I would rather we'd landed this in 22, rather than risking it getting stuck
src/rgw/rgw_swift_auth.cc
Outdated
| }; /* TempURLEngine::SignatureHelper */ | ||
| class TempURLEngine::SignatureHelper { |
There was a problem hiding this comment.
}; /* TempURLSignatureT */
src/rgw/rgw_swift_auth.cc
Outdated
| @@ -82,7 +82,7 @@ void TempURLEngine::get_owner_info(const DoutPrefixProvider* dpp, const req_stat | |||
| const string& bucket_name = s->init_state.url_bucket; | |||
|
|
|||
| /* TempURL requires that bucket and object names are specified. */ | |||
| if (bucket_name.empty() || s->object->empty()) { | |||
| if (bucket_name.empty() || !s->object || s->object->empty()) { | |||
There was a problem hiding this comment.
rgw::sal::Object::empty(s->object) seems to be the canonical way to check for both nullness and emptiness
There was a problem hiding this comment.
that's a useful observation, but I find this logic clear--the big risk would be missing part of the logic that is being fixed
src/rgw/rgw_swift_auth.cc
Outdated
| virtual bool is_equal_to(const std::string& rhs) { | ||
| return false; | ||
| }; | ||
| static SignatureHelper* get_sig_helper(std::string_view x); |
There was a problem hiding this comment.
please use std::unique_ptr as the return type for factory functions. otherwise it's not immediately obvious whether the caller is responsible for cleanup, or whether to use delete vs. free()
unique_ptr also means that the caller doesn't need to sprinkle deletes in all of the destructors and error paths
|
|
||
| TempURLEngine::SignatureHelper* TempURLEngine::SignatureHelper::get_sig_helper(std::string_view x) { | ||
| size_t pos = x.find(':'); | ||
| if (pos == x.npos || pos <= 0) { |
There was a problem hiding this comment.
pos is unsigned, but when pos == 0 that means x starts with a colon - is that ever a valid input?
maybe we should drop the || pos <= 0 part here, so that x.substr(0,pos) below gives us an empty string and guarantees we return BadSignatureHelper?
There was a problem hiding this comment.
is there any actual bug here?
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
Functest uses Ceph in gate which doesn't support sha256 as default. Please see: - https://review.opendev.org/c/openstack/tempest/+/832771 - https://tracker.ceph.com/issues/56564 - ceph/ceph#47723 Change-Id: I3e98301feca4b68b1f9ebb4a6b20feb505b2dd01 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Functest uses Ceph in gate which doesn't support sha256 as default. Please see: - https://review.opendev.org/c/openstack/tempest/+/832771 - https://tracker.ceph.com/issues/56564 - ceph/ceph#47723 Change-Id: I3e98301feca4b68b1f9ebb4a6b20feb505b2dd01 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 507cdba)
Functest uses Ceph in gate which doesn't support sha256 as default. Please see: - https://review.opendev.org/c/openstack/tempest/+/832771 - https://tracker.ceph.com/issues/56564 - ceph/ceph#47723 Change-Id: I3e98301feca4b68b1f9ebb4a6b20feb505b2dd01 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 507cdba)
|
bump |
|
bump |
1 similar comment
|
bump |
|
flagged for discussion in "marcus task backlog" |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
@mdw-at-linuxbox what is the status of this work? |
mdw-at-linuxbox
force-pushed
the
wip-master-tempurl
branch
from
2d9d8f8
to
8c6c135
Compare
|
I just force-pushed an updated copy of this. Builds [in fc37], haven't done any other testing. Apparently isn't building in github. sigh... |
mdw-at-linuxbox
force-pushed
the
wip-master-tempurl
branch
from
8c6c135
to
161d0f1
Compare
|
I pushed out an updated version that was also buildable in el9. Sadly, github was mean and threw away my comment saying that I had done so. Or at least, I thought it was buildable, not sure why "make check" failed again. |
|
jenkins test make check |
|
|
^ ping @mdw-at-linuxbox |
|
bump |
1 similar comment
|
bump |
|
@mdw-at-linuxbox you have been revisiting this, correct? |
swift tempurl (and formpost) now suport sha256 and sha512. hmacsha256 was there, adding hmacsha512 to round out the collection. Fixes: https://tracker.ceph.com/issues/56564 Signed-off-by: Marcus Watts <mwatts@redhat.com>
In openstack swift, formpost and tempurl share the same signature logic, so both now support sha1 / sha256 / sha512. Here are changes to ceph's formpost logic to match what swift does. Most of the guts of the signature logic are moved from .h to .cc because this logic is only useful to the actual formpost code. Fixes: https://tracker.ceph.com/issues/56564 Signed-off-by: Marcus Watts <mwatts@redhat.com>
mdw-at-linuxbox
force-pushed
the
wip-master-tempurl
branch
from
161d0f1
to
1d838bb
Compare
|
I've pushed a new version. I believe the problem Casey cited above was some unrelated problem in the base. The new version is simply the same commits rebased to the latest "main". It built for me on fc37 and el9, and also built without issue at ceph-ci https://shaman.ceph.com/builds/ceph/mdw-master-tempurl-6/ I have not done any other testing on this |
|
thanks @mdw-at-linuxbox
still hitting those errors in 'make check'. unlike shaman, these builds use clang |
The latest openstack swift logic supports sha256 and sha512 checksums for tempurl and formpost, which can be either hexadecimal or hashname:base64. This adds logic to inspect the incoming signature for type and to internally construct the same hash to compare. Also:: fixes an incidental crash if a malformed swift path does not contain an object name. Fixes: https://tracker.ceph.com/issues/56564 Signed-off-by: Marcus Watts <mwatts@redhat.com>
mdw-at-linuxbox
force-pushed
the
wip-master-tempurl
branch
from
1d838bb
to
e2023d2
Compare
|
I've pushed a version that builds correctly with clang. Also built on ceph-ci here, https://shaman.ceph.com/builds/ceph/mdw-master-tempurl-7/ |
|
from qa/suites/rgw/tempest/tasks/tempest.yaml we'll need to change this to get test coverage |
Signed-off-by: Casey Bodley <cbodley@redhat.com>
|
jenkins test make check |
|
jenkins test windows |
|
I'm having trouble figuring out why "make check" fails here. From the leg messgaes linked above, it appears it couldn't load a cls library, which sugests some kind of link problem. I haven't been able to reproduce that problem, mostly because I don't know how to get "make check" to run just the piece I care about, and the whole thing, as best I can tell, takes hours to run. So far, I think I understand the unrelated environment problems that made my setup give up after 90 minutes, well before the failure reported above. So am I looking at an "expected" problem, that I should ignore, or is this behavior I've introduced and need to solve? |
|
jenkins test make check |
rgw: swift: tempurl fixes for ceph
This is a set of 3 commits to update the swift tempurl (and formpost) logic to support sha256 and sha512 signatures. These fixes should make it possible for the tempest tests to pass.
This is intended to fix: https://tracker.ceph.com/issues/56564