Blacklisting characters in swift names

From Thierry Carrez:

@Jason: thanks for the precisions. I'd agree that some minimal filtering (including control characters) would be a good default. We could have three settings: "all" (CloudFiles current deployment), "safe" (all but a few problematic characters) and "paranoid" (base64 or something), with default to "safe".

That doesn't really address the migration issue -- though a conservatively-crafted "safe" mode should be mostly compatible with "all". It might be better to not have a "paranoid" mode, in order to encourage data portability.

From John Dickinson:

2) We are also looking in to ways to address the XML response. There are a few options. We'd like to return a 1.0 version but with the 1.1 encoding of characters (like S3, at least the last time we tested it). However, any number of solutions can be provided with middleware on a particular deployment. I do not want to encourage a fracturing of functionality in the codebase that prevents different deployments from working together (eg filtering would prevent HP and Rackspace deployments from using container sync between the clusters). If a particular deployer needs to have specific restrictions, those things should be managed in their own middleware and not included in the swift codebase.

@John: any progress on that ? Would it be something you'd consider fixing in your next release ?

@John @Thierry:

We'd be very happy to pitch in here and do the work. Just let us know.

Just one update for the moment: we intend to implement the character blacklist as a separate filter, as John suggested earlier. The filter will default to off, again as John has requested.

@Eamonn: dounds very good to me. Ideally we would have this ready for inclusion in 1.4.7 (mid-March) so that it's part of the Essex common release.

I'm putting the finishing touches to the filter and unit tests, and should submit the change tomorrow. The filter is really simple. It checks for a defined list of forbidden characters in the name. It also checks that the name is not greater than a defined length. And a user can just leave it out of the pipeline if they want to.

@Thierry: I'm at the stage where I'm issuing a "git review" to submit my changes. I get the following message:

Via web-proxy.europe.hp.com:8080 -> review.openstack.org:29418

fatal: A Contributor Agreement must be completed before uploading:

  http://wiki.openstack.org/HowToContribute

fatal: The remote end hung up unexpectedly

So there isn't a record of my having signed the Contributor Agreement. I've done this, once a few months ago and twice today to no avail. Which means that I might have messed up along the way. Who should I contact about this?

I should be able to sort that one out.
Following http://wiki.openstack.org/HowToContribute, you should:

* Sign the CLA (I suspect you've done this)
* Add yourself to the contributors wiki (not done yet, looking at http://wiki.openstack.org/Contributors)
* Request membership at: https://launchpad.net/~openstack-cla/+join

If you do the last two steps, I should be able to clear your application to openstack-cla group, which is what the script tests.

Thanks Thierry. I've done the last two steps.

I checked and your application to ~openstack-cla has been reviewed and accepted. You should be all set.

Fix proposed to branch: master
Review: https://review.openstack.org/4918

Fix proposed to branch: master
Review: https://review.openstack.org/4919

Thanks Thierry. For reference, this is the response that I got:

remote: New Changes:
remote: https://review.openstack.org/4918
remote: https://review.openstack.org/4919
remote: https://review.openstack.org/4920

And I just remembered that I forgot to include the bug number in the last of these. I'm really sorry about that. I don't know if I can fix it from my end.

The last change (4920) is really minor, I just added a couple of characters (< and >) to the default list of forbidden characters.

Now that code is publicly proposed and references the bug, I think it's better to open this bug publicly. Does everyone agree ?

@ttx: Agreed on opening this up.

@eamonn-otoole: You can update the reviews to include the bug number. Just update your commit message using "git commit --amend" and then run "git review" again. As long as the "Change-Id" in the commit message stays the same, it will update the existing review and not open a new one.

@russellb: Thanks, & done.

Fix proposed to branch: master
Review: https://review.openstack.org/4925

Fix proposed to branch: master
Review: https://review.openstack.org/4962

Reviewed: https://review.openstack.org/4918
Committed: http://github.com/openstack/swift/commit/cf1aa3c309a6fcb57755da6732226b494f0bf69b
Submitter: Jenkins
Branch: master

commit cf1aa3c309a6fcb57755da6732226b494f0bf69b
Author: Eamonn O'Toole <email address hidden>
Date: Fri Mar 2 11:23:17 2012 +0000

    Adds name_check filter

    Bug 926048.

    Filter checks path for user-defined forbidden characters, and for
    user-defined maximum length.

    Includes changes to reflect gholt's latest comments to Patch Set 4
    Also includes a change to a unit-test, renames another unit-test,
    and removes one superfluous unit-test.

    Added section to the example proxy config

    Fixed-up unit test pep8 warnings

    Changed error response code to 400 (Bad Request)

    Change-Id: Iace719d6a3d00fb3dda1b9d0bc185b8c4cbc00ca