Description: Add [filter:tempurl]/path_prefix configuration option
 If swiftproxy endpoint is something like /object, with URL rewriting
 by haproxy, then the hmac calculation is wrong.
 .
 This patch adds a new path_prefix directive which is stripped away
 in the URLs before calculating the tempurl hmac.
Author: Kevin Allioli <kevin@linit.io>
Date: Thu, 18 Nov 2021 15:01:45 +0100
Change-Id: I9359feedd93cec482dcd575800e28850c0fc02f3
Forwarded: https://review.opendev.org/c/openstack/swift/+/818388
Last-Update: 2021-11-18

Index: swift/etc/proxy-server.conf-sample
===================================================================
--- swift.orig/etc/proxy-server.conf-sample
+++ swift/etc/proxy-server.conf-sample
@@ -961,6 +961,10 @@ use = egg:swift#tempurl
 # whitespace-delimited.
 # allowed_digests = sha1 sha256 sha512
 
+# Allow to have swiftproxy endpoint not bound to the root with haproxy
+# on-the-fly URL rewriting.
+# path_prefix = /object
+
 # Note: Put formpost just before your auth filter(s) in the pipeline
 [filter:formpost]
 use = egg:swift#formpost
Index: swift/swift/common/middleware/tempurl.py
===================================================================
--- swift.orig/swift/common/middleware/tempurl.py
+++ swift/swift/common/middleware/tempurl.py
@@ -771,6 +771,10 @@ class TempURL(object):
                          to be accessed
         :returns: a list of (hmac, scope) 2-tuples
         """
+
+        if 'path_prefix' in self.conf:
+            path = "/" + self.conf['path_prefix'].strip("/") + path
+
         if not request_method:
             request_method = env['REQUEST_METHOD']