115
location = glance.store.swift.StoreLocation({})
117
# The legacy parse_uri doesn't unquote credentials
118
location.parse_uri = types.MethodType(legacy_parse_uri, location)
120
# The legacy _get_credstring doesn't quote credentials
121
location._get_credstring = types.MethodType(legacy__get_credstring,
125
116
decrypted_uri = decrypt_location(uri)
126
117
#NOTE (ameade): If a uri is not encrypted or incorrectly encoded then we
128
119
except (TypeError, ValueError) as e:
129
120
raise exception.Invalid(str(e))
131
location.parse_uri(decrypted_uri)
132
return encrypt_location(location.get_uri())
135
def legacy__get_credstring(self):
137
return '%s:%s@' % (self.user, self.key)
141
def legacy_parse_uri(self, uri):
122
return legacy_parse_uri(decrypted_uri, to_quoted)
125
def legacy_parse_uri(uri, to_quote):
143
127
Parse URLs. This method fixes an issue where credentials specified
144
128
in the URL are interpreted differently in Python 2.6.1+ than prior
146
130
Swift URIs have where a username can contain a ':', like so:
148
132
swift://account:user:pass@authurl.com/container/obj
134
If to_quoted is True, the uri is assumed to have credentials that
135
have not been quoted, and the resulting uri will contain quoted
138
If to_quoted is False, the uri is assumed to have credentials that
139
have been quoted, and the resulting uri will contain credentials
140
that have not been quoted.
150
142
# Make sure that URIs that contain multiple schemes, such as:
151
143
# swift://user:pass@http://authurl.com/v1/container/obj
164
156
pieces = urlparse.urlparse(uri)
165
157
assert pieces.scheme in ('swift', 'swift+http', 'swift+https')
166
self.scheme = pieces.scheme
158
scheme = pieces.scheme
167
159
netloc = pieces.netloc
168
160
path = pieces.path.lstrip('/')
187
179
# User can be account:user, in which case cred_parts[0:2] will be
188
180
# the account and user. Combine them into a single username of
190
if len(cred_parts) == 1:
191
reason = (_("Badly formed credentials '%(creds)s' in Swift "
194
raise exception.BadStoreUri()
195
elif len(cred_parts) == 3:
196
user = ':'.join(cred_parts[0:2])
183
if len(cred_parts) == 1:
184
reason = (_("Badly formed credentials '%(creds)s' in Swift "
187
raise exception.BadStoreUri()
188
elif len(cred_parts) == 3:
189
user = ':'.join(cred_parts[0:2])
196
if len(cred_parts) != 2:
197
reason = (_("Badly formed credentials in Swift URI."))
199
raise exception.BadStoreUri()
200
user, key = cred_parts
201
user = urllib.unquote(user)
202
key = urllib.unquote(key)
204
206
path_parts = path.split('/')
206
self.obj = path_parts.pop()
207
self.container = path_parts.pop()
208
obj = path_parts.pop()
209
container = path_parts.pop()
208
210
if not netloc.startswith('http'):
209
211
# push hostname back into the remaining to build full authurl
210
212
path_parts.insert(0, netloc)
211
self.auth_or_store_url = '/'.join(path_parts)
213
auth_or_store_url = '/'.join(path_parts)
212
214
except IndexError:
213
215
reason = _("Badly formed S3 URI: %s") % uri
214
216
LOG.error(message=reason)
215
217
raise exception.BadStoreUri()
219
if auth_or_store_url.startswith('http://'):
220
auth_or_store_url = auth_or_store_url[len('http://'):]
221
elif auth_or_store_url.startswith('https://'):
222
auth_or_store_url = auth_or_store_url[len('https://'):]
227
quote_user = urllib.quote(user)
228
quote_key = urllib.quote(key)
232
credstring = '%s:%s@' % (quote_user, quote_key)
234
auth_or_store_url = auth_or_store_url.strip('/')
235
container = container.strip('/')
238
uri = '%s://%s%s/%s/%s' % (scheme, credstring, auth_or_store_url,
240
return encrypt_location(uri)
added
removed
glance/db/sqlalchemy/migrate_repo/versions/017_quote_encrypted_swift_credentials.py
