forked from TrueCloudLab/frostfs-s3-gw
[#195] Add handling lock headers for PUT and COPY
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Angira Kekteeva
parent
fe9eb9cedc
commit
8553158b81
8 changed files with 106 additions and 6 deletions
|
|
@ -1,5 +1,7 @@
|
|||
package data
|
||||
|
||||
import "time"
|
||||
|
||||
type (
|
||||
ObjectLockConfiguration struct {
|
||||
ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"`
|
||||
|
|
@ -15,4 +17,10 @@ type (
|
|||
Mode string `xml:"Mode" json:"Mode"`
|
||||
Years int64 `xml:"Years" json:"Years"`
|
||||
}
|
||||
|
||||
ObjectLock struct {
|
||||
Until time.Time
|
||||
LegalHold bool
|
||||
IsCompliance bool
|
||||
}
|
||||
)
|
||||
|
|
|
|||
|
|
@ -107,6 +107,23 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
|
|||
Header: metadata,
|
||||
}
|
||||
|
||||
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
||||
if err != nil {
|
||||
h.logAndSendError(w, "could not get bucket", reqInfo, err)
|
||||
return
|
||||
}
|
||||
|
||||
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
|
||||
if err != nil {
|
||||
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
|
||||
return
|
||||
}
|
||||
|
||||
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
|
||||
h.logAndSendError(w, "could not form object lock", reqInfo, err)
|
||||
return
|
||||
}
|
||||
|
||||
additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)}
|
||||
if info, err = h.obj.CopyObject(r.Context(), params); err != nil {
|
||||
h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/xml"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
|
|
@ -11,6 +12,16 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||
)
|
||||
|
||||
const (
|
||||
dayDuration = 24 * time.Hour
|
||||
yearDuration = 365 * dayDuration
|
||||
|
||||
enabledValue = "Enabled"
|
||||
governanceMode = "GOVERNANCE"
|
||||
complianceMode = "COMPLIANCE"
|
||||
legalHoldOn = "ON"
|
||||
)
|
||||
|
||||
func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) {
|
||||
reqInfo := api.GetReqInfo(r.Context())
|
||||
|
||||
|
|
@ -107,7 +118,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
|
|||
}
|
||||
|
||||
retention := conf.Rule.DefaultRetention
|
||||
if retention.Mode != "GOVERNANCE" && retention.Mode != "COMPLIANCE" {
|
||||
if retention.Mode != governanceMode && retention.Mode != complianceMode {
|
||||
return fmt.Errorf("invalid Mode value: %s", retention.Mode)
|
||||
}
|
||||
|
||||
|
|
@ -121,3 +132,51 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func formObjectLock(objectLock *data.ObjectLock, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) error {
|
||||
if !bktInfo.ObjectLockEnabled {
|
||||
if existLockHeaders(header) {
|
||||
return apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
if defaultConfig == nil {
|
||||
defaultConfig = &data.ObjectLockConfiguration{}
|
||||
}
|
||||
|
||||
if defaultConfig.Rule != nil && defaultConfig.Rule.DefaultRetention != nil {
|
||||
defaultRetention := defaultConfig.Rule.DefaultRetention
|
||||
objectLock.IsCompliance = defaultRetention.Mode == complianceMode
|
||||
now := time.Now()
|
||||
if defaultRetention.Days != 0 {
|
||||
objectLock.Until = now.Add(time.Duration(defaultRetention.Days) * dayDuration)
|
||||
} else {
|
||||
objectLock.Until = now.Add(time.Duration(defaultRetention.Years) * yearDuration)
|
||||
}
|
||||
}
|
||||
|
||||
objectLock.LegalHold = header.Get(api.AmzObjectLockLegalHold) == legalHoldOn
|
||||
|
||||
mode := header.Get(api.AmzObjectLockMode)
|
||||
if mode != "" {
|
||||
objectLock.IsCompliance = mode == complianceMode
|
||||
}
|
||||
|
||||
until := header.Get(api.AmzObjectLockRetainUntilDate)
|
||||
if until != "" {
|
||||
retentionDate, err := time.Parse(time.RFC3339, until)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid header %s: '%s'", api.AmzObjectLockRetainUntilDate, until)
|
||||
}
|
||||
objectLock.Until = retentionDate
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func existLockHeaders(header http.Header) bool {
|
||||
return header.Get(api.AmzObjectLockMode) != "" ||
|
||||
header.Get(api.AmzObjectLockLegalHold) != "" ||
|
||||
header.Get(api.AmzObjectLockRetainUntilDate) != ""
|
||||
}
|
||||
|
|
|
|||
|
|
@ -182,7 +182,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
||||
if err != nil {
|
||||
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err)
|
||||
h.logAndSendError(w, "could not get bucket", reqInfo, err)
|
||||
return
|
||||
}
|
||||
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
|
||||
|
|
@ -209,6 +209,17 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
|
|||
Header: metadata,
|
||||
}
|
||||
|
||||
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
|
||||
if err != nil {
|
||||
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
|
||||
return
|
||||
}
|
||||
|
||||
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
|
||||
h.logAndSendError(w, "could not form object lock", reqInfo, err)
|
||||
return
|
||||
}
|
||||
|
||||
info, err := h.obj.PutObject(r.Context(), params)
|
||||
if err != nil {
|
||||
h.logAndSendError(w, "could not upload object", reqInfo, err)
|
||||
|
|
|
|||
|
|
@ -188,10 +188,6 @@ type Tag struct {
|
|||
Value string
|
||||
}
|
||||
|
||||
const (
|
||||
enabledValue = "Enabled"
|
||||
)
|
||||
|
||||
// MarshalXML - StringMap marshals into XML.
|
||||
func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
|
||||
tokens := []xml.Token{start}
|
||||
|
|
|
|||
|
|
@ -47,6 +47,9 @@ const (
|
|||
AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner"
|
||||
AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner"
|
||||
AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled"
|
||||
AmzObjectLockLegalHold = "X-Amz-Object-Lock-Legal-Hold"
|
||||
AmzObjectLockMode = "X-Amz-Object-Lock-Mode"
|
||||
AmzObjectLockRetainUntilDate = "X-Amz-Object-Lock-Retain-Until-Date"
|
||||
|
||||
ContainerID = "X-Container-Id"
|
||||
|
||||
|
|
|
|||
|
|
@ -300,6 +300,7 @@ type (
|
|||
Size int64
|
||||
Reader io.Reader
|
||||
Header map[string]string
|
||||
Lock *data.ObjectLock
|
||||
}
|
||||
|
||||
// PutSettingsParams stores object copy request parameters.
|
||||
|
|
@ -322,6 +323,7 @@ type (
|
|||
SrcSize int64
|
||||
Header map[string]string
|
||||
Range *RangeParams
|
||||
Lock *data.ObjectLock
|
||||
}
|
||||
// CreateBucketParams stores bucket create request parameters.
|
||||
CreateBucketParams struct {
|
||||
|
|
|
|||
|
|
@ -200,6 +200,10 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec
|
|||
return nil, n.transformNeofsError(ctx, err)
|
||||
}
|
||||
|
||||
if p.Lock != nil {
|
||||
// todo form lock system object
|
||||
}
|
||||
|
||||
meta, err := n.objectHead(ctx, bkt.CID, id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
|||
Loading…
Reference in a new issue