delta/openstack/python-swiftclient.git/swiftclient, branch stable/liberty opendev.org: openstack/python-swiftclient.git Do not reveal auth token in swiftclient log messages by default 2016-03-08T12:17:18+00:00 Joel Wright joel.wright@sohonet.com 2016-02-19T13:18:15+00:00 d95d14ac10996e1efb50d1c34e29f3d692cde150 Currently the swiftclient logs sensitive info in headers when logging HTTP requests. This patch hides sensitive info in headers such as 'X-Auth-Token' in a similar way to swift itself (we add a 'reveal_sensitive_prefix' configuration to the client). With this patch, tokens are truncated by removing the specified number of characters, after which '...' is appended to the logged token to indicate that it has been redacted. Also include client.parse_header_string() for safe unicode handling of header data. Backport based on commits: c3f06417049e17a8d45ee5926c5043cb6c8aa9ef 4d44dcf36086add13d3353915c014f095ab99c6d ce569f46517e10f2ce0d27e9ee0a922ad1d84e2f 46d817828082105a69d4da53fef2f2fbefc54809 aa0edd00966237163451fc44cda2c593a5215cbe Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Li Cheng <shcli@cn.ibm.com> Co-Authored-By: Zack M. Davis <zdavis@swiftstack.com> Change-Id: I71fc5aad23bc076b06f75888c3ea507feffc7b48 Closes-bug: #1516692 
Currently the swiftclient logs sensitive info in headers when logging
HTTP requests. This patch hides sensitive info in headers such as
'X-Auth-Token' in a similar way to swift itself (we add a
'reveal_sensitive_prefix' configuration to the client).

With this patch, tokens are truncated by removing the specified number
of characters, after which '...' is appended to the logged token to
indicate that it has been redacted.

Also include client.parse_header_string() for safe unicode handling
of header data.

Backport based on commits:

  c3f06417049e17a8d45ee5926c5043cb6c8aa9ef
  4d44dcf36086add13d3353915c014f095ab99c6d
  ce569f46517e10f2ce0d27e9ee0a922ad1d84e2f
  46d817828082105a69d4da53fef2f2fbefc54809
  aa0edd00966237163451fc44cda2c593a5215cbe

Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Co-Authored-By: Alistair Coles <alistair.coles@hpe.com>
Co-Authored-By: Li Cheng <shcli@cn.ibm.com>
Co-Authored-By: Zack M. Davis <zdavis@swiftstack.com>

Change-Id: I71fc5aad23bc076b06f75888c3ea507feffc7b48
Closes-bug: #1516692
Fix the http request headers being overwritten in logging 2016-02-25T11:05:45+00:00 Min Min Ren rminmin@cn.ibm.com 2015-12-02T08:27:53+00:00 ff880daccff57278129ed63b7d872c039f5e8fd2 Fix the http request headers in put_object being overwritten in logging Cherry-picked from commit 61880c6f980cb8e613bdf6cb48a9a61ce7488162 Change-Id: Id0d1e36561a61ed1ce30d93c801ec32f058a6fa4 Closes-bug: #1501292 
Fix the http request headers in put_object being overwritten in logging

Cherry-picked from commit 61880c6f980cb8e613bdf6cb48a9a61ce7488162

Change-Id: Id0d1e36561a61ed1ce30d93c801ec32f058a6fa4
Closes-bug: #1501292
absolute expiry option for tempURL generation 2015-09-04T21:57:30+00:00 Zack M. Davis zdavis@swiftstack.com 2015-09-04T21:57:30+00:00 52d39bebc11979fa1be5090ff75466710638e561 The `tempurl` subcommand's second positional argument is called `seconds` and has heretofore interpreted as the number of seconds for which the tempURL should be valid, counting from the moment of running the command. This is indeed a common, if not the most common, use-case. But some users, occasionally, might want to generate a tempURL that expires at some particular ("absolute") time, rather than a particular amount of time relative to the moment of happening to run the command. (One might make an analogy to the way in which Swift's expiring object support supports an `X-Delete-At` header in addition to `X-Delete-After`—and it's the former that must be regarded as ontologically prior.) Thus, this commit adds an `--absolute` optional argument to the `tempurl` subcommand; if present, the `seconds` argument will be interpreted as a Unix timestamp of when the tempURL should be expire, rather than a duration for which the tempURL should be valid starting from "now". Change-Id: If9ded96f2799800958d5063127f3de812f50ef06 
The `tempurl` subcommand's second positional argument is called
`seconds` and has heretofore interpreted as the number of seconds for
which the tempURL should be valid, counting from the moment of running
the command. This is indeed a common, if not the most common,
use-case. But some users, occasionally, might want to generate a tempURL
that expires at some particular ("absolute") time, rather than a
particular amount of time relative to the moment of happening to run the
command. (One might make an analogy to the way in which Swift's expiring
object support supports an `X-Delete-At` header in addition to
`X-Delete-After`—and it's the former that must be regarded as
ontologically prior.) Thus, this commit adds an `--absolute` optional
argument to the `tempurl` subcommand; if present, the `seconds` argument
will be interpreted as a Unix timestamp of when the tempURL should be
expire, rather than a duration for which the tempURL should be valid
starting from "now".

Change-Id: If9ded96f2799800958d5063127f3de812f50ef06
Merge "Log and report trace on service operation fails" 2015-09-04T01:46:18+00:00 Jenkins jenkins@review.openstack.org 2015-09-04T01:46:18+00:00 93666bb84abc1edc36fbb3ef5ec194cf774e4826 






Merge "Increase httplib._MAXHEADERS to 256."
2015-09-03T08:37:00+00:00

Jenkins
jenkins@review.openstack.org

2015-09-03T08:37:00+00:00

ff073ab34a10230cc78a4daa3cab2e22bf1fd17d












Merge "Stop Connection class modifying os_options parameter"
2015-09-03T01:18:10+00:00

Jenkins
jenkins@review.openstack.org

2015-09-03T01:18:10+00:00

e0ce24dd43838eef306bd1a0114305cd5ae39cf7












Log and report trace on service operation fails
2015-08-31T21:03:26+00:00

Joel Wright
joel.wright@sohonet.com

2015-04-05T15:48:34+00:00

3c0289844f73b9e685b8443c90b0ca80e0b18f28

This patch adds exception logging to the swift service API. Each
operation that results in failure of any operation will now log
the exception as well as report a timestamp and full stack trace
in the results returned by the service API calls.

Change-Id: I7336b28354e7740ea7d048bdf355e3c1a1b4436c





This patch adds exception logging to the swift service API. Each
operation that results in failure of any operation will now log
the exception as well as report a timestamp and full stack trace
in the results returned by the service API calls.

Change-Id: I7336b28354e7740ea7d048bdf355e3c1a1b4436c







Merge "Reduce memory usage for download/delete and add --no-shuffle option to st_download"
2015-08-28T00:48:52+00:00

Jenkins
jenkins@review.openstack.org

2015-08-28T00:48:52+00:00

e52df5d8a59708130054ef83068e4d516b2b6d01












Increase httplib._MAXHEADERS to 256.
2015-08-26T16:01:22+00:00

Charles Hsu
charles0126@gmail.com

2015-08-18T11:22:24+00:00

4b627327c9cca5d0ddd038cd5b42466945ae1657

By default Swift increase the number of max metadata count to 90
and extra header count to 32. That mean we can put 90 metadata to
Account/Container/Object by default, when user put 90 metadata to a
Account, the Account header count is close or more than 100. The
swift client unable to access Account and get an error likes,

('Connection aborted.', HTTPException('got more than 100 headers',))

So the default _MAXHEADERS(100) won't enough.

Change-Id: I5ffc4eb5d3e1ebc3dbdd7dc69376919ae3e1c5a8





By default Swift increase the number of max metadata count to 90
and extra header count to 32. That mean we can put 90 metadata to
Account/Container/Object by default, when user put 90 metadata to a
Account, the Account header count is close or more than 100. The
swift client unable to access Account and get an error likes,

('Connection aborted.', HTTPException('got more than 100 headers',))

So the default _MAXHEADERS(100) won't enough.

Change-Id: I5ffc4eb5d3e1ebc3dbdd7dc69376919ae3e1c5a8







Stop Connection class modifying os_options parameter
2015-08-25T08:47:09+00:00

Alistair Coles
alistair.coles@hp.com

2015-08-24T11:34:45+00:00

4b310083dfebe8c54e599fe319f801cca87f8dd6

When a caller passes an os_options dict to the Connection class
constructor, the constructor may modify the os_options dict,
which can surprise the caller if they re-use the os_options
dict. Specifically the os_options tenant_name and object_storage_url
may be modified, and the changed values would then leak through to a
subsequent Connection constructed using the same os_options dict.

This fix simply constructs a new dict from the supplied os_options.
The patch also adds a test that covers this and also verifies that
a preauth_url passed as a keyword arg to Connection() will take
precedence over any object_storage_url in an os_options parameter.

Closes-Bug: 1488070
Change-Id: Ic6b5cf3ac68c505de155619f2610be9529e15432





When a caller passes an os_options dict to the Connection class
constructor, the constructor may modify the os_options dict,
which can surprise the caller if they re-use the os_options
dict. Specifically the os_options tenant_name and object_storage_url
may be modified, and the changed values would then leak through to a
subsequent Connection constructed using the same os_options dict.

This fix simply constructs a new dict from the supplied os_options.
The patch also adds a test that covers this and also verifies that
a preauth_url passed as a keyword arg to Connection() will take
precedence over any object_storage_url in an os_options parameter.

Closes-Bug: 1488070
Change-Id: Ic6b5cf3ac68c505de155619f2610be9529e15432