From 766f4dc2ae268dd248d02de00d8aa83eff5266aa Mon Sep 17 00:00:00 2001
From: Alistair Coles <alistair.coles@hpe.com>
Date: Thu, 2 Jun 2016 09:25:59 +0100
Subject: [PATCH] crypto - add tests for override headers

adds a test for other middlewares setting override headers,
verifying that container listing is correctly updated.

Drive-by fix to a doc string, and adding etag to test PUT requests.

Change-Id: Id096bd5bece339e2bcd32f4c545fb3aa7aa2b659
---
 swift/common/middleware/decrypter.py          |  5 +-
 test/unit/common/middleware/test_encrypter.py |  6 ++-
 .../middleware/test_encrypter_decrypter.py    | 54 +++++++++++++++++++
 3 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/swift/common/middleware/decrypter.py b/swift/common/middleware/decrypter.py
index 8a32de9856..c0c1df6c48 100644
--- a/swift/common/middleware/decrypter.py
+++ b/swift/common/middleware/decrypter.py
@@ -145,8 +145,9 @@ class DecrypterObjContext(BaseDecrypterContext):
                          header cannot be decrypted due to missing crypto meta.
         :return: a decrypted header value or None if the header value was not
                  decrypted and was not required to be decrypted.
-        :raises HTTPInternalServerError: if the header value was required to be
-                                         decrypted but crypto meta was not
+        :raises HTTPInternalServerError: if an error occurred during decryption
+                                         or if the header value was required to
+                                         be decrypted but crypto meta was not
                                          found.
         """
         try:
diff --git a/test/unit/common/middleware/test_encrypter.py b/test/unit/common/middleware/test_encrypter.py
index 078e70cbdb..e0a273282a 100644
--- a/test/unit/common/middleware/test_encrypter.py
+++ b/test/unit/common/middleware/test_encrypter.py
@@ -51,7 +51,8 @@ class TestEncrypter(unittest.TestCase):
 
         env = {'REQUEST_METHOD': 'PUT',
                CRYPTO_KEY_CALLBACK: fetch_crypto_keys}
-        hdrs = {'content-type': 'text/plain',
+        hdrs = {'etag': plaintext_etag,
+                'content-type': 'text/plain',
                 'content-length': str(len(plaintext)),
                 'x-object-meta-etag': 'not to be confused with the Etag!',
                 'x-object-meta-test': 'encrypt me',
@@ -156,7 +157,8 @@ class TestEncrypter(unittest.TestCase):
 
         env = {'REQUEST_METHOD': 'PUT',
                CRYPTO_KEY_CALLBACK: fetch_crypto_keys}
-        hdrs = {'content-type': 'text/plain',
+        hdrs = {'etag': EMPTY_ETAG,
+                'content-type': 'text/plain',
                 'content-length': '0',
                 'x-object-meta-etag': 'not to be confused with the Etag!',
                 'x-object-meta-test': 'encrypt me',
diff --git a/test/unit/common/middleware/test_encrypter_decrypter.py b/test/unit/common/middleware/test_encrypter_decrypter.py
index 52bdafadb7..0f2906144b 100644
--- a/test/unit/common/middleware/test_encrypter_decrypter.py
+++ b/test/unit/common/middleware/test_encrypter_decrypter.py
@@ -175,6 +175,60 @@ class TestCryptoPipelineChanges(unittest.TestCase):
         else:
             self.assertEqual(self.plaintext_etag, listing[0]['hash'])
 
+    def test_write_with_crypto_and_override_headers(self):
+        self._create_container(self.proxy_app, policy_name='one')
+
+        def verify_overrides():
+            # verify object sysmeta
+            req = Request.blank(
+                self.object_path, method='GET')
+            resp = req.get_response(self.crypto_app)
+            for k, v in overrides.items():
+                self.assertIn(k, resp.headers)
+                self.assertEqual(overrides[k], resp.headers[k])
+
+            # check container listing
+            req = Request.blank(
+                self.container_path, method='GET', query_string='format=json')
+            resp = req.get_response(self.crypto_app)
+            self.assertEqual('200 OK', resp.status)
+            listing = json.loads(resp.body)
+            self.assertEqual(1, len(listing))
+            self.assertEqual('o', listing[0]['name'])
+            self.assertEqual(
+                overrides['x-object-sysmeta-container-update-override-size'],
+                str(listing[0]['bytes']))
+            self.assertEqual(
+                overrides['x-object-sysmeta-container-update-override-etag'],
+                listing[0]['hash'])
+
+        # include overrides in headers
+        overrides = {'x-object-sysmeta-container-update-override-etag': 'foo',
+                     'x-object-sysmeta-container-update-override-size':
+                         str(len(self.plaintext) + 1)}
+        req = Request.blank(self.object_path, method='PUT',
+                            body=self.plaintext, headers=overrides.copy())
+        resp = req.get_response(self.crypto_app)
+        self.assertEqual('201 Created', resp.status)
+        self.assertEqual(self.plaintext_etag, resp.headers['Etag'])
+        verify_overrides()
+
+        # include overrides in footers
+        overrides = {'x-object-sysmeta-container-update-override-etag': 'bar',
+                     'x-object-sysmeta-container-update-override-size':
+                         str(len(self.plaintext) + 2)}
+
+        def callback(footers):
+            footers.update(overrides)
+
+        req = Request.blank(
+            self.object_path, method='PUT', body=self.plaintext)
+        req.environ['swift.callback.update_footers'] = callback
+        resp = req.get_response(self.crypto_app)
+        self.assertEqual('201 Created', resp.status)
+        self.assertEqual(self.plaintext_etag, resp.headers['Etag'])
+        verify_overrides()
+
     def test_write_with_crypto_read_with_crypto(self):
         self._create_container(self.proxy_app, policy_name='one')
         self._put_object(self.crypto_app, self.plaintext)