search

gholt / swauth

This is the historical location of Swauth; active development is now at https://github.com/openstack/swauth
45 stars 30 forks source link

When creating account create account in Swift first. #74

Closed onovy closed 9 years ago

onovy commented 9 years ago

When you try to create account with same suffix as already existed before, Swift raises error. But SwAuth already created container for this account in .auth which creates inconsistency.

gholt commented 9 years ago

I haven't worked with this stuff in quite some time. However, my curiosity has me: What error does Swift return in this situation? My first thought it that a PUT to an account that already exists would return success.

onovy commented 9 years ago

When I create account, delete that account and then try to create same (same name, same suffix) account, Swift returns 403 forbidden:

Apr 20 15:09:40 swift1 proxy-server: STDOUT: EXCEPTION IN handle: Traceback (most recent call last):#012 File "/usr/local/lib/python2.7/dist-packages/swauth-1.0.9.dev-py2.7.egg/swauth/middleware.py", line 465, in handle#012 return self.handle_request(req)(env, start_response)#012 File "/usr/local/lib/python2.7/dist-packages/swauth-1.0.9.dev-py2.7.egg/swauth/middleware.py", line 532, in handle_request#012 req.response = handler(req)#012 File "/usr/local/lib/python2.7/dist-packages/swauth-1.0.9.dev-py2.7.egg/swauth/middleware.py", line 776, in handle_put_account#012 'cluster: %s %s %s' % (path, resp.status, resp.reason))#012Exception: Could not create account on the Swift cluster: /v1/AUTH_test2 403 Forbidden#012: {'HTTP_REFERER': 'http://swift1.dev:8080/auth/', 'SCRIPT_NAME': '/auth/v2/test2', 'swift.proxy_access_log_made': True, 'REQUEST_METHOD': 'PUT', 'PATH_INFO': '', 'HTTP_ORIGIN': 'http://swift1.dev:8080', 'SERVER_PROTOCOL': 'HTTP/1.0', 'swift.account/v2': {'status': 404, 'container_count': 0, 'bytes': None, 'total_object_count': None, 'meta': {}, 'sysmeta': {}}, 'CONTENT_LENGTH': '0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36', 'HTTP_CONNECTION': 'keep-alive', 'eventlet.posthooks': [(<bound method Swauth.posthooklogger of <swauth.middleware.Swauth object at 0x2faead0>>, (<swift.common.swob.Request object at 0x2fc76d0>,), {})], 'SERVER_NAME': '10.0.162.46', 'REMOTE_ADDR': '10.0.133.66', 'eventlet.input': <eventlet.wsgi.Input object at 0x2fc7510>, 'HTTP_X_AUTH_ADMIN_KEY': 'tank', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8080', 'HTTP_X_AUTH_ADMIN_USER': '.super_admin', 'wsgi.input': <swift.common.utils.InputProxy object at 0x2fc7f10>, 'HTTP_HOST': 'swift1.dev:8080', 'swift.cache': <swift.common.memcached.MemcacheRing object at 0x3065710>, 'HTTP_X_ACCOUNT_SUFFIX': 'test2', 'wsgi.multithread': True, 'HTTPACCEPT': '/_', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <swift.common.utils.

gholt commented 9 years ago

Ah, that makes sense to me now, the whole "can't create an account recently deleted" thing. Thanks for satisfying my curiosity.