)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"8844a80908c0b7532a76a5fd7ee97edba31dc706","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"67dc73cb_891ad268","updated":"2023-03-15 06:04:24.000000000","message":"Having a play with this in a VSAIO. I still seem to be having some func test fails with unicode paths.. but let me double check my env first, maybe my test.conf isn\u0027t setup properly yet. And a bunch of s3 func tests are also failing. Are we supporting unicode accounts via s3?.. Just started looking so haven\u0027t quote dug in too deep yet.\nJust wanted to give an update to say I\u0027m in the middle of looking :) ","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"cbecb5352f12565e910423bd5d5b8a97ab508d09","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b578127e_835589a4","updated":"2023-03-13 15:45:54.000000000","message":"I\u0027m super nervous about this one\n\n1) I thought was had functests for unicode accounts!?\n2) fixing temp-auth doesn\u0027t fix swiftstack-auth\n3) how can there be so many places in the *proxy* need to change!?","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"97deb5f7b75767caa2aa98bcad6e206cddbd1dcc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b65c30fc_e6178fa2","updated":"2023-03-14 19:41:45.000000000","message":"This chain had me able to run func tests with a config like\n\n [func_test]\n auth_uri \u003d https://saio/auth/v1.0\n account \u003d testﺕ\n username \u003d testerﺕ\n password \u003d testingﺕ\n account2 \u003d tést2\n username2 \u003d téster2\n password2 \u003d tésting2\n\n(and suitable `proxy-server.conf`, of course.)","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"f7a95cc757e44dfe0727c2d5db51c1df3e10d254","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"95d5c8f9_9557c9b1","updated":"2023-03-14 16:22:46.000000000","message":"recheck","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d3ae2a4b68c9752d2e1d85ac217768cbd567d83f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"94826ef2_59c28698","updated":"2023-03-13 22:57:49.000000000","message":"recheck\n\npep8 failure was resolved by https://review.opendev.org/c/openstack/swift/+/877131","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"ff20135852374a3e753c949fe116214fd3db8077","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d4909aa1_1270dd22","updated":"2023-05-16 20:38:47.000000000","message":"there\u0027s a few things going on here\n\n1) make func tests work with unicode account names\n2) make tempauth work with unicode account names (has unittests)\n3) fix bugs in the proxy handling unicode account names in paths and acls\n\n... thanks for pulling out what you can with the pre-factors; it would be nice to have some targeted unittests to highlight the fixes in the proxy.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"0f98ce265823e88a636a7a8d0be535d8591f73a3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"88bbd50c_0caf8182","in_reply_to":"67dc73cb_891ad268","updated":"2023-03-22 17:40:47.000000000","message":"\u003e Are we supporting unicode accounts via s3?\n\nI\u0027ve not had any luck with s3 and non-ascii access key ids -- seemed to be an issue with boto/boto3 IIRC? Might be more doable with an auth system that allows you to decouple access key id from account... At any rate, there was a reason I put https://review.opendev.org/c/openstack/swift/+/877145 ahead of this ;-)","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"ce60d59e8c6eff8f55e8fc2f0cf43b56ff3c1183","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"313d2683_588e07c1","in_reply_to":"b578127e_835589a4","updated":"2023-05-01 21:36:57.000000000","message":"\u003e 1) I thought was had functests for unicode accounts!?\n\nNope -- gotta hack up your accounts in your SAIO yourself. We have unit tests that exercise some non-ASCII stuff, but obviously not well enough.\n\n\u003e 2) fixing temp-auth doesn\u0027t fix swiftstack-auth\n\n_Not_ fixing the proxy means we have no hope of fixing other auth middlewares.\n\n\u003e 3) how can there be so many places in the *proxy* need to change!?\n\n2 is \"so many\"? They hardly surprise me, too -- the one in `base` was subtle, but they both made sense once I traced where data was coming from.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"b3b8ef3e04df8ad4ce647d3b92080a4fc3ce14d2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"f57a34a9_5d7b4e77","updated":"2023-06-13 23:54:01.000000000","message":"I think there\u0027s few small related things going on here; but they all look fantastic","commit_id":"b46b735a3e7b1f5b515edde6046e0c53dc3923ae"}],"swift/common/middleware/tempauth.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a062d5cac544e1faecae1b11e72818c65d404004","unresolved":true,"context_lines":[{"line_number":814,"context_line":"        account_user \u003d account + \u0027:\u0027 + user"},{"line_number":815,"context_line":"        if account_user not in self.users:"},{"line_number":816,"context_line":"            self.logger.increment(\u0027token_denied\u0027)"},{"line_number":817,"context_line":"            auth \u003d \u0027Swift realm\u003d\"%s\"\u0027 % account"},{"line_number":818,"context_line":"            return HTTPUnauthorized(request\u003dreq,"},{"line_number":819,"context_line":"                                    headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":820,"context_line":"        if self.users[account_user][\u0027key\u0027] !\u003d key:"}],"source_content_type":"text/x-python","patch_set":1,"id":"84d90940_8688ad96","side":"PARENT","line":817,"updated":"2023-06-13 22:33:18.000000000","message":"In retrospect, this part feels weird. We don\u0027t recognize the user/account, yet we say we you need to auth with this (still unknown!) account?","commit_id":"052bcadb27d602c2b81ed8ac1a415c54b054a43c"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"97deb5f7b75767caa2aa98bcad6e206cddbd1dcc","unresolved":true,"context_lines":[{"line_number":819,"context_line":"                                    headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":820,"context_line":"        if self.users[account_user][\u0027key\u0027] !\u003d key:"},{"line_number":821,"context_line":"            self.logger.increment(\u0027token_denied\u0027)"},{"line_number":822,"context_line":"            auth \u003d \u0027Swift realm\u003d\"unknown\"\u0027"},{"line_number":823,"context_line":"            return HTTPUnauthorized(request\u003dreq,"},{"line_number":824,"context_line":"                                    headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":825,"context_line":"        account_id \u003d self.users[account_user][\u0027url\u0027].rsplit(\u0027/\u0027, 1)[-1]"}],"source_content_type":"text/x-python","patch_set":1,"id":"8c340773_651df97a","side":"PARENT","line":822,"range":{"start_line":822,"start_character":33,"end_line":822,"end_character":40},"updated":"2023-03-14 19:41:45.000000000","message":"This changed, but IDK why we were sending back \"unknown\" before...","commit_id":"052bcadb27d602c2b81ed8ac1a415c54b054a43c"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"ff20135852374a3e753c949fe116214fd3db8077","unresolved":true,"context_lines":[{"line_number":819,"context_line":"                                    headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":820,"context_line":"        if self.users[account_user][\u0027key\u0027] !\u003d key:"},{"line_number":821,"context_line":"            self.logger.increment(\u0027token_denied\u0027)"},{"line_number":822,"context_line":"            auth \u003d \u0027Swift realm\u003d\"unknown\"\u0027"},{"line_number":823,"context_line":"            return HTTPUnauthorized(request\u003dreq,"},{"line_number":824,"context_line":"                                    headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":825,"context_line":"        account_id \u003d self.users[account_user][\u0027url\u0027].rsplit(\u0027/\u0027, 1)[-1]"}],"source_content_type":"text/x-python","patch_set":1,"id":"d4a581b2_6c3d5236","side":"PARENT","line":822,"range":{"start_line":822,"start_character":33,"end_line":822,"end_character":40},"in_reply_to":"8c340773_651df97a","updated":"2023-05-16 20:38:47.000000000","message":"did any tests catch this?","commit_id":"052bcadb27d602c2b81ed8ac1a415c54b054a43c"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"ff20135852374a3e753c949fe116214fd3db8077","unresolved":true,"context_lines":[{"line_number":797,"context_line":"                self.logger.increment(\u0027token_denied\u0027)"},{"line_number":798,"context_line":"                auth \u003d \u0027Swift realm\u003d\"unknown\"\u0027"},{"line_number":799,"context_line":"                return HTTPUnauthorized(request\u003dreq,"},{"line_number":800,"context_line":"                                        headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":801,"context_line":"            account, user \u003d user.split(\u0027:\u0027, 1)"},{"line_number":802,"context_line":"            key \u003d req.headers.get(\u0027x-auth-key\u0027)"},{"line_number":803,"context_line":"            if not key:"}],"source_content_type":"text/x-python","patch_set":1,"id":"e6ef2549_96bc63f0","line":800,"updated":"2023-05-16 20:38:47.000000000","message":"more Swift realm\u003d stuff up here to maybe catch in this little refactor you have going on?","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a062d5cac544e1faecae1b11e72818c65d404004","unresolved":true,"context_lines":[{"line_number":797,"context_line":"                self.logger.increment(\u0027token_denied\u0027)"},{"line_number":798,"context_line":"                auth \u003d \u0027Swift realm\u003d\"unknown\"\u0027"},{"line_number":799,"context_line":"                return HTTPUnauthorized(request\u003dreq,"},{"line_number":800,"context_line":"                                        headers\u003d{\u0027Www-Authenticate\u0027: auth})"},{"line_number":801,"context_line":"            account, user \u003d user.split(\u0027:\u0027, 1)"},{"line_number":802,"context_line":"            key \u003d req.headers.get(\u0027x-auth-key\u0027)"},{"line_number":803,"context_line":"            if not key:"}],"source_content_type":"text/x-python","patch_set":1,"id":"cad3ca4b_379596f1","line":800,"in_reply_to":"e6ef2549_96bc63f0","updated":"2023-06-13 22:33:18.000000000","message":"IDK, `unknown` seems legit here -- the user wasn\u0027t provided or *couldn\u0027t* be valid.\n\nFWIW, there\u0027s also a couple more `Www-Authenticate` headers above, when `req.path_info` looks like `/v1/\u003caccount\u003e/auth`, but it\u0027s not clear to me how we could unify these.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"97deb5f7b75767caa2aa98bcad6e206cddbd1dcc","unresolved":true,"context_lines":[{"line_number":813,"context_line":"        # Authenticate user"},{"line_number":814,"context_line":"        account \u003d wsgi_to_str(account)"},{"line_number":815,"context_line":"        user \u003d wsgi_to_str(user)"},{"line_number":816,"context_line":"        key \u003d wsgi_to_str(key)"},{"line_number":817,"context_line":"        account_user \u003d account + \u0027:\u0027 + user"},{"line_number":818,"context_line":"        if account_user not in self.users:"},{"line_number":819,"context_line":"            self.logger.increment(\u0027token_denied\u0027)"}],"source_content_type":"text/x-python","patch_set":1,"id":"1462a332_c1486d1f","line":816,"updated":"2023-03-14 19:41:45.000000000","message":"Our in-memory users DB was read from configs as proper unicode on py3, but these all came from the request environ (i.e., were WSGI strings).","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"}],"swift/proxy/controllers/base.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"97deb5f7b75767caa2aa98bcad6e206cddbd1dcc","unresolved":true,"context_lines":[{"line_number":2154,"context_line":"        Autocreate an account"},{"line_number":2155,"context_line":""},{"line_number":2156,"context_line":"        :param req: request leading to this autocreate"},{"line_number":2157,"context_line":"        :param account: the unquoted account name"},{"line_number":2158,"context_line":"        \"\"\""},{"line_number":2159,"context_line":"        partition, nodes \u003d self.app.account_ring.get_nodes(account)"},{"line_number":2160,"context_line":"        path \u003d \u0027/%s\u0027 % account"}],"source_content_type":"text/x-python","patch_set":1,"id":"6505fcc3_6a4964e4","line":2157,"updated":"2023-03-14 19:41:45.000000000","message":"This is always `self.account_name` (... so why do we pass it at all?), which comes from `urllib.parse.unquote`ing the `account_name` passed when creating the controller, which is parsed from the `wsgi_to_str`ed `path_info` in `get_controller`.\n\nI strongly suspect that there\u0027s still a bug lurking here -- `path_info` should already be `unquote`d -- but in practice, account names with `%` in them (much less `%` followed by two hex digits) are uncommon, to say the least.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"cbecb5352f12565e910423bd5d5b8a97ab508d09","unresolved":true,"context_lines":[{"line_number":2167,"context_line":"        headers.update((k, v)"},{"line_number":2168,"context_line":"                       for k, v in req.headers.items()"},{"line_number":2169,"context_line":"                       if is_sys_meta(\u0027account\u0027, k))"},{"line_number":2170,"context_line":"        resp \u003d self.make_requests(Request.blank(str_to_wsgi(\u0027/v1\u0027 + path)),"},{"line_number":2171,"context_line":"                                  self.app.account_ring, partition, \u0027PUT\u0027,"},{"line_number":2172,"context_line":"                                  path, [headers] * len(nodes))"},{"line_number":2173,"context_line":"        if is_success(resp.status_int):"}],"source_content_type":"text/x-python","patch_set":1,"id":"ea35ac7f_d93d9e1e","line":2170,"updated":"2023-03-13 15:45:54.000000000","message":"so were already didn\u0027t \"handle\" unicode *paths* correctly?  srly?","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a062d5cac544e1faecae1b11e72818c65d404004","unresolved":true,"context_lines":[{"line_number":2167,"context_line":"        headers.update((k, v)"},{"line_number":2168,"context_line":"                       for k, v in req.headers.items()"},{"line_number":2169,"context_line":"                       if is_sys_meta(\u0027account\u0027, k))"},{"line_number":2170,"context_line":"        resp \u003d self.make_requests(Request.blank(str_to_wsgi(\u0027/v1\u0027 + path)),"},{"line_number":2171,"context_line":"                                  self.app.account_ring, partition, \u0027PUT\u0027,"},{"line_number":2172,"context_line":"                                  path, [headers] * len(nodes))"},{"line_number":2173,"context_line":"        if is_success(resp.status_int):"}],"source_content_type":"text/x-python","patch_set":1,"id":"45491a86_077621fb","line":2170,"in_reply_to":"0e01a2c2_bd8ec664","updated":"2023-06-13 22:33:18.000000000","message":"And none of them use non-ascii accounts -- `test/unit/proxy/test_server.py::TestContainerController::test_PUT_autocreate_account_utf8` will, though!","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"ff20135852374a3e753c949fe116214fd3db8077","unresolved":true,"context_lines":[{"line_number":2167,"context_line":"        headers.update((k, v)"},{"line_number":2168,"context_line":"                       for k, v in req.headers.items()"},{"line_number":2169,"context_line":"                       if is_sys_meta(\u0027account\u0027, k))"},{"line_number":2170,"context_line":"        resp \u003d self.make_requests(Request.blank(str_to_wsgi(\u0027/v1\u0027 + path)),"},{"line_number":2171,"context_line":"                                  self.app.account_ring, partition, \u0027PUT\u0027,"},{"line_number":2172,"context_line":"                                  path, [headers] * len(nodes))"},{"line_number":2173,"context_line":"        if is_success(resp.status_int):"}],"source_content_type":"text/x-python","patch_set":1,"id":"0e01a2c2_bd8ec664","line":2170,"in_reply_to":"68279ab8_97c7e478","updated":"2023-05-16 20:38:47.000000000","message":"there\u0027s a few tests that go over this code path\n\n\tFAILED swift/test/unit/proxy/test_mem_server.py::TestContainerController::test_PUT - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_mem_server.py::TestContainerController::test_PUT_autocreate_account_with_sysmeta - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_mem_server.py::TestAccountController::test_POST_autocreate - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_mem_server.py::TestAccountController::test_POST_autocreate_with_sysmeta - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_server.py::TestContainerController::test_PUT - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_server.py::TestContainerController::test_PUT_autocreate_account_with_sysmeta - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_server.py::TestAccountController::test_POST_autocreate - NameError: name \u0027asdf\u0027 is not defined\n\tFAILED swift/test/unit/proxy/test_server.py::TestAccountController::test_POST_autocreate_with_sysmeta - NameError: name \u0027asdf\u0027 is not defined","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"20e9b040fef187b7a02aa9c203d5fc97d5ba0103","unresolved":true,"context_lines":[{"line_number":2167,"context_line":"        headers.update((k, v)"},{"line_number":2168,"context_line":"                       for k, v in req.headers.items()"},{"line_number":2169,"context_line":"                       if is_sys_meta(\u0027account\u0027, k))"},{"line_number":2170,"context_line":"        resp \u003d self.make_requests(Request.blank(str_to_wsgi(\u0027/v1\u0027 + path)),"},{"line_number":2171,"context_line":"                                  self.app.account_ring, partition, \u0027PUT\u0027,"},{"line_number":2172,"context_line":"                                  path, [headers] * len(nodes))"},{"line_number":2173,"context_line":"        if is_success(resp.status_int):"}],"source_content_type":"text/x-python","patch_set":1,"id":"68279ab8_97c7e478","line":2170,"in_reply_to":"7b8c3dee_aef73740","updated":"2023-04-03 18:24:46.000000000","message":"\u003e do we want to move str_to_wsgi into the request.blank or something so we get it by default?\n\nI\u0027d worry about 3rd party middlewares -- I think keeping close to PEP-3333 is likely to be the least-surprising thing we can do.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"8844a80908c0b7532a76a5fd7ee97edba31dc706","unresolved":true,"context_lines":[{"line_number":2167,"context_line":"        headers.update((k, v)"},{"line_number":2168,"context_line":"                       for k, v in req.headers.items()"},{"line_number":2169,"context_line":"                       if is_sys_meta(\u0027account\u0027, k))"},{"line_number":2170,"context_line":"        resp \u003d self.make_requests(Request.blank(str_to_wsgi(\u0027/v1\u0027 + path)),"},{"line_number":2171,"context_line":"                                  self.app.account_ring, partition, \u0027PUT\u0027,"},{"line_number":2172,"context_line":"                                  path, [headers] * len(nodes))"},{"line_number":2173,"context_line":"        if is_success(resp.status_int):"}],"source_content_type":"text/x-python","patch_set":1,"id":"7b8c3dee_aef73740","line":2170,"in_reply_to":"ea35ac7f_d93d9e1e","updated":"2023-03-15 06:04:24.000000000","message":"Well really he\u0027s just making sure the account in the path is dealt with, but good question, the request.blank already does a latin1 decode, do we want to move str_to_wsgi into the request.blank or something so we get it by deafult? Not sure what kind of churn that might make though? Just thinking out loud","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"}],"swift/proxy/controllers/container.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"97deb5f7b75767caa2aa98bcad6e206cddbd1dcc","unresolved":true,"context_lines":[{"line_number":382,"context_line":"            set_info_cache(self.app, req.environ, self.account_name,"},{"line_number":383,"context_line":"                           self.container_name, resp)"},{"line_number":384,"context_line":"        if \u0027swift.authorize\u0027 in req.environ:"},{"line_number":385,"context_line":"            req.acl \u003d wsgi_to_str(resp.headers.get(\u0027x-container-read\u0027))"},{"line_number":386,"context_line":"            aresp \u003d req.environ[\u0027swift.authorize\u0027](req)"},{"line_number":387,"context_line":"            if aresp:"},{"line_number":388,"context_line":"                # Don\u0027t cache this. It doesn\u0027t reflect the state of the"}],"source_content_type":"text/x-python","patch_set":1,"id":"6d41105e_1ae46a2d","line":385,"updated":"2023-03-14 19:41:45.000000000","message":"Everywhere else we set `req.acl`, it\u0027s coming out of container_info, which only receives native strings. See `_prep_headers_to_info` for the `wsgi_to_str` calls.","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a062d5cac544e1faecae1b11e72818c65d404004","unresolved":true,"context_lines":[{"line_number":382,"context_line":"            set_info_cache(self.app, req.environ, self.account_name,"},{"line_number":383,"context_line":"                           self.container_name, resp)"},{"line_number":384,"context_line":"        if \u0027swift.authorize\u0027 in req.environ:"},{"line_number":385,"context_line":"            req.acl \u003d wsgi_to_str(resp.headers.get(\u0027x-container-read\u0027))"},{"line_number":386,"context_line":"            aresp \u003d req.environ[\u0027swift.authorize\u0027](req)"},{"line_number":387,"context_line":"            if aresp:"},{"line_number":388,"context_line":"                # Don\u0027t cache this. It doesn\u0027t reflect the state of the"}],"source_content_type":"text/x-python","patch_set":1,"id":"608e5cf6_6e544184","line":385,"in_reply_to":"6d41105e_1ae46a2d","updated":"2023-06-13 22:33:18.000000000","message":"I couldn\u0027t for the life of me find anywhere that checks that `req.acl` gets set before we call `swift.authorize`. When I tried to spike from `test_calls_authorize_allow`, I could only capture `None`s :-/","commit_id":"870615cb81875598b7b9f8af05533606ccfa1f50"}]}