)]}'
{"swift/common/middleware/s3api/controllers/versioning.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"943e7dba3f6a0e5aab18c4ec011e950faf0c66b7","unresolved":true,"context_lines":[{"line_number":41,"context_line":"        \"\"\""},{"line_number":42,"context_line":"        Handles GET Bucket versioning."},{"line_number":43,"context_line":"        \"\"\""},{"line_number":44,"context_line":"        resp \u003d req.get_response(self.app, method\u003d\u0027HEAD\u0027)"},{"line_number":45,"context_line":"        enabled \u003d resp.sw_headers.get(\u0027X-Container-Sysmeta-Versions-Enabled\u0027)"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"        elem \u003d Element(\u0027VersioningConfiguration\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"433f1d6a_ee03151a","line":44,"updated":"2022-03-30 00:31:13.000000000","message":"There\u0027s a downside here: previously we could service requests from memcache, but now we have to talk to a container server and go to disk. Could we do the ACL check based on what\u0027s in memcache? If that\u0027s tricky, what do you think about doing something like\n\n if s3_acl:\n     resp \u003d req.get_response(self.app, method\u003d\u0027HEAD\u0027)\n     enabled \u003d resp.sw_headers.get(\u0027X-Container-Sysmeta-Versions-Enabled\u0027)\n else:\n     sysmeta \u003d req.get_container_info(self.app).get(\u0027sysmeta\u0027, {})\n     enabled \u003d sysmeta.get(\u0027versions-enabled\u0027)\n\nso we only do the more-intensive thing when s3_acl is enabled?","commit_id":"7a3d86253394ca164367a19a10503e4324bed877"},{"author":{"_account_id":32333,"name":"Aymeric Ducroquetz","email":"aymeric.ducroquetz@gmail.com","username":"AymericDu"},"change_message_id":"911ec1fc38a156a3aab87c867ef5506e934eba0e","unresolved":true,"context_lines":[{"line_number":41,"context_line":"        \"\"\""},{"line_number":42,"context_line":"        Handles GET Bucket versioning."},{"line_number":43,"context_line":"        \"\"\""},{"line_number":44,"context_line":"        resp \u003d req.get_response(self.app, method\u003d\u0027HEAD\u0027)"},{"line_number":45,"context_line":"        enabled \u003d resp.sw_headers.get(\u0027X-Container-Sysmeta-Versions-Enabled\u0027)"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"        elem \u003d Element(\u0027VersioningConfiguration\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"a83c6e49_5969282c","line":44,"in_reply_to":"433f1d6a_ee03151a","updated":"2022-03-30 14:59:50.000000000","message":"Currently, without this option `s3_acl`, there is also the problem. All users belonging to the same account can know the versioning state (even if some do not have the rights).\n\nIndeed, to check the ACLs, currently, we cannot use the cache. But I think this state is not read very often. Also, it\u0027s a problem beyond this PR. Some controllers use this method only to check ACLs (for example https://github.com/openstack/swift/blob/master/swift/common/middleware/s3api/controllers/location.py#L35).","commit_id":"7a3d86253394ca164367a19a10503e4324bed877"}],"test/functional/s3api/test_versioning.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"943e7dba3f6a0e5aab18c4ec011e950faf0c66b7","unresolved":true,"context_lines":[{"line_number":168,"context_line":"        self.assertEqual(get_error_code(body), \u0027MalformedXML\u0027)"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"    def test_versioning_get_access_denied(self):"},{"line_number":171,"context_line":"        if config_true_value(tf.cluster_info[\u0027s3api\u0027].get(\u0027s3_acl\u0027)):"},{"line_number":172,"context_line":"            if \u0027s3_access_key2\u0027 not in tf.config or \\"},{"line_number":173,"context_line":"                    \u0027s3_secret_key2\u0027 not in tf.config:"},{"line_number":174,"context_line":"                raise tf.SkipTest("}],"source_content_type":"text/x-python","patch_set":2,"id":"aed9a622_c81ba3f7","line":171,"updated":"2022-03-30 00:31:13.000000000","message":"I think I\u0027d rather have something like\n\n if not config_true_value(tf.cluster_info[\u0027s3api\u0027].get(\u0027s3_acl\u0027)):\n     raise tf.SkipTest(\u0027s3_acl not enabled\u0027)","commit_id":"7a3d86253394ca164367a19a10503e4324bed877"},{"author":{"_account_id":32333,"name":"Aymeric Ducroquetz","email":"aymeric.ducroquetz@gmail.com","username":"AymericDu"},"change_message_id":"911ec1fc38a156a3aab87c867ef5506e934eba0e","unresolved":false,"context_lines":[{"line_number":168,"context_line":"        self.assertEqual(get_error_code(body), \u0027MalformedXML\u0027)"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"    def test_versioning_get_access_denied(self):"},{"line_number":171,"context_line":"        if config_true_value(tf.cluster_info[\u0027s3api\u0027].get(\u0027s3_acl\u0027)):"},{"line_number":172,"context_line":"            if \u0027s3_access_key2\u0027 not in tf.config or \\"},{"line_number":173,"context_line":"                    \u0027s3_secret_key2\u0027 not in tf.config:"},{"line_number":174,"context_line":"                raise tf.SkipTest("}],"source_content_type":"text/x-python","patch_set":2,"id":"14302978_900e76f4","line":171,"in_reply_to":"aed9a622_c81ba3f7","updated":"2022-03-30 14:59:50.000000000","message":"After doing further tests, I realized that the problem was also present without this option. To highlight the problem, a non-admin user should be used.","commit_id":"7a3d86253394ca164367a19a10503e4324bed877"}]}