forked from TrueCloudLab/frostfs-s3-gw
[#463] Restrict overriding default location constraint in authmate
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
89ff89a32b
commit
80d4d071d8
2 changed files with 6 additions and 2 deletions
|
@ -28,7 +28,7 @@ type (
|
|||
|
||||
const (
|
||||
attributeLocationConstraint = ".s3-location-constraint"
|
||||
defaultLocationConstraint = "default"
|
||||
DefaultLocationConstraint = "default"
|
||||
AttributeLockEnabled = "LockEnabled"
|
||||
)
|
||||
|
||||
|
@ -125,7 +125,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
|
|||
var err error
|
||||
ownerID := n.Owner(ctx)
|
||||
if p.LocationConstraint == "" {
|
||||
p.LocationConstraint = defaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location
|
||||
p.LocationConstraint = DefaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location
|
||||
}
|
||||
bktInfo := &data.BucketInfo{
|
||||
Name: p.Name,
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/neofs"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/version"
|
||||
|
@ -322,6 +323,9 @@ func parsePolicies(val string) (authmate.ContainerPolicies, error) {
|
|||
if err = json.Unmarshal(data, &policies); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, ok := policies[layer.DefaultLocationConstraint]; ok {
|
||||
return nil, fmt.Errorf("config overrides %s location constraint", layer.DefaultLocationConstraint)
|
||||
}
|
||||
|
||||
return policies, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue