forked from TrueCloudLab/frostfs-s3-gw
[#195] Add handling lock headers for PUT and COPY
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Angira Kekteeva
parent
fe9eb9cedc
commit
8553158b81
8 changed files with 106 additions and 6 deletions
|
|
@ -1,5 +1,7 @@
|
||||||
package data
|
package data
|
||||||
|
|
||||||
|
import "time"
|
||||||
|
|
||||||
type (
|
type (
|
||||||
ObjectLockConfiguration struct {
|
ObjectLockConfiguration struct {
|
||||||
ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"`
|
ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"`
|
||||||
|
|
@ -15,4 +17,10 @@ type (
|
||||||
Mode string `xml:"Mode" json:"Mode"`
|
Mode string `xml:"Mode" json:"Mode"`
|
||||||
Years int64 `xml:"Years" json:"Years"`
|
Years int64 `xml:"Years" json:"Years"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ObjectLock struct {
|
||||||
|
Until time.Time
|
||||||
|
LegalHold bool
|
||||||
|
IsCompliance bool
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,23 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
Header: metadata,
|
Header: metadata,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
||||||
|
if err != nil {
|
||||||
|
h.logAndSendError(w, "could not get bucket", reqInfo, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
|
||||||
|
if err != nil {
|
||||||
|
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
|
||||||
|
h.logAndSendError(w, "could not form object lock", reqInfo, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)}
|
additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)}
|
||||||
if info, err = h.obj.CopyObject(r.Context(), params); err != nil {
|
if info, err = h.obj.CopyObject(r.Context(), params); err != nil {
|
||||||
h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...)
|
h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...)
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"encoding/xml"
|
"encoding/xml"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||||
|
|
@ -11,6 +12,16 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
dayDuration = 24 * time.Hour
|
||||||
|
yearDuration = 365 * dayDuration
|
||||||
|
|
||||||
|
enabledValue = "Enabled"
|
||||||
|
governanceMode = "GOVERNANCE"
|
||||||
|
complianceMode = "COMPLIANCE"
|
||||||
|
legalHoldOn = "ON"
|
||||||
|
)
|
||||||
|
|
||||||
func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) {
|
func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
reqInfo := api.GetReqInfo(r.Context())
|
reqInfo := api.GetReqInfo(r.Context())
|
||||||
|
|
||||||
|
|
@ -107,7 +118,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
retention := conf.Rule.DefaultRetention
|
retention := conf.Rule.DefaultRetention
|
||||||
if retention.Mode != "GOVERNANCE" && retention.Mode != "COMPLIANCE" {
|
if retention.Mode != governanceMode && retention.Mode != complianceMode {
|
||||||
return fmt.Errorf("invalid Mode value: %s", retention.Mode)
|
return fmt.Errorf("invalid Mode value: %s", retention.Mode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -121,3 +132,51 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func formObjectLock(objectLock *data.ObjectLock, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) error {
|
||||||
|
if !bktInfo.ObjectLockEnabled {
|
||||||
|
if existLockHeaders(header) {
|
||||||
|
return apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if defaultConfig == nil {
|
||||||
|
defaultConfig = &data.ObjectLockConfiguration{}
|
||||||
|
}
|
||||||
|
|
||||||
|
if defaultConfig.Rule != nil && defaultConfig.Rule.DefaultRetention != nil {
|
||||||
|
defaultRetention := defaultConfig.Rule.DefaultRetention
|
||||||
|
objectLock.IsCompliance = defaultRetention.Mode == complianceMode
|
||||||
|
now := time.Now()
|
||||||
|
if defaultRetention.Days != 0 {
|
||||||
|
objectLock.Until = now.Add(time.Duration(defaultRetention.Days) * dayDuration)
|
||||||
|
} else {
|
||||||
|
objectLock.Until = now.Add(time.Duration(defaultRetention.Years) * yearDuration)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
objectLock.LegalHold = header.Get(api.AmzObjectLockLegalHold) == legalHoldOn
|
||||||
|
|
||||||
|
mode := header.Get(api.AmzObjectLockMode)
|
||||||
|
if mode != "" {
|
||||||
|
objectLock.IsCompliance = mode == complianceMode
|
||||||
|
}
|
||||||
|
|
||||||
|
until := header.Get(api.AmzObjectLockRetainUntilDate)
|
||||||
|
if until != "" {
|
||||||
|
retentionDate, err := time.Parse(time.RFC3339, until)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid header %s: '%s'", api.AmzObjectLockRetainUntilDate, until)
|
||||||
|
}
|
||||||
|
objectLock.Until = retentionDate
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func existLockHeaders(header http.Header) bool {
|
||||||
|
return header.Get(api.AmzObjectLockMode) != "" ||
|
||||||
|
header.Get(api.AmzObjectLockLegalHold) != "" ||
|
||||||
|
header.Get(api.AmzObjectLockRetainUntilDate) != ""
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -182,7 +182,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err)
|
h.logAndSendError(w, "could not get bucket", reqInfo, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
|
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
|
||||||
|
|
@ -209,6 +209,17 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
Header: metadata,
|
Header: metadata,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
|
||||||
|
if err != nil {
|
||||||
|
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
|
||||||
|
h.logAndSendError(w, "could not form object lock", reqInfo, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
info, err := h.obj.PutObject(r.Context(), params)
|
info, err := h.obj.PutObject(r.Context(), params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logAndSendError(w, "could not upload object", reqInfo, err)
|
h.logAndSendError(w, "could not upload object", reqInfo, err)
|
||||||
|
|
|
||||||
|
|
@ -188,10 +188,6 @@ type Tag struct {
|
||||||
Value string
|
Value string
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
|
||||||
enabledValue = "Enabled"
|
|
||||||
)
|
|
||||||
|
|
||||||
// MarshalXML - StringMap marshals into XML.
|
// MarshalXML - StringMap marshals into XML.
|
||||||
func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
|
func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
|
||||||
tokens := []xml.Token{start}
|
tokens := []xml.Token{start}
|
||||||
|
|
|
||||||
|
|
@ -47,6 +47,9 @@ const (
|
||||||
AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner"
|
AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner"
|
||||||
AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner"
|
AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner"
|
||||||
AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled"
|
AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled"
|
||||||
|
AmzObjectLockLegalHold = "X-Amz-Object-Lock-Legal-Hold"
|
||||||
|
AmzObjectLockMode = "X-Amz-Object-Lock-Mode"
|
||||||
|
AmzObjectLockRetainUntilDate = "X-Amz-Object-Lock-Retain-Until-Date"
|
||||||
|
|
||||||
ContainerID = "X-Container-Id"
|
ContainerID = "X-Container-Id"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -300,6 +300,7 @@ type (
|
||||||
Size int64
|
Size int64
|
||||||
Reader io.Reader
|
Reader io.Reader
|
||||||
Header map[string]string
|
Header map[string]string
|
||||||
|
Lock *data.ObjectLock
|
||||||
}
|
}
|
||||||
|
|
||||||
// PutSettingsParams stores object copy request parameters.
|
// PutSettingsParams stores object copy request parameters.
|
||||||
|
|
@ -322,6 +323,7 @@ type (
|
||||||
SrcSize int64
|
SrcSize int64
|
||||||
Header map[string]string
|
Header map[string]string
|
||||||
Range *RangeParams
|
Range *RangeParams
|
||||||
|
Lock *data.ObjectLock
|
||||||
}
|
}
|
||||||
// CreateBucketParams stores bucket create request parameters.
|
// CreateBucketParams stores bucket create request parameters.
|
||||||
CreateBucketParams struct {
|
CreateBucketParams struct {
|
||||||
|
|
|
||||||
|
|
@ -200,6 +200,10 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec
|
||||||
return nil, n.transformNeofsError(ctx, err)
|
return nil, n.transformNeofsError(ctx, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if p.Lock != nil {
|
||||||
|
// todo form lock system object
|
||||||
|
}
|
||||||
|
|
||||||
meta, err := n.objectHead(ctx, bkt.CID, id)
|
meta, err := n.objectHead(ctx, bkt.CID, id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue