[#195] Add handling lock headers for PUT and COPY

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-02-28 13:22:07 +03:00 committed by Angira Kekteeva
parent fe9eb9cedc
commit 8553158b81
8 changed files with 106 additions and 6 deletions

View file

@ -1,5 +1,7 @@
package data
import "time"
type (
ObjectLockConfiguration struct {
ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"`
@ -15,4 +17,10 @@ type (
Mode string `xml:"Mode" json:"Mode"`
Years int64 `xml:"Years" json:"Years"`
}
ObjectLock struct {
Until time.Time
LegalHold bool
IsCompliance bool
}
)

View file

@ -107,6 +107,23 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
Header: metadata,
}
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
if err != nil {
h.logAndSendError(w, "could not get bucket", reqInfo, err)
return
}
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
if err != nil {
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
return
}
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
h.logAndSendError(w, "could not form object lock", reqInfo, err)
return
}
additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)}
if info, err = h.obj.CopyObject(r.Context(), params); err != nil {
h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...)

View file

@ -4,6 +4,7 @@ import (
"encoding/xml"
"fmt"
"net/http"
"time"
"github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data"
@ -11,6 +12,16 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
)
const (
dayDuration = 24 * time.Hour
yearDuration = 365 * dayDuration
enabledValue = "Enabled"
governanceMode = "GOVERNANCE"
complianceMode = "COMPLIANCE"
legalHoldOn = "ON"
)
func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context())
@ -107,7 +118,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
}
retention := conf.Rule.DefaultRetention
if retention.Mode != "GOVERNANCE" && retention.Mode != "COMPLIANCE" {
if retention.Mode != governanceMode && retention.Mode != complianceMode {
return fmt.Errorf("invalid Mode value: %s", retention.Mode)
}
@ -121,3 +132,51 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
return nil
}
func formObjectLock(objectLock *data.ObjectLock, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) error {
if !bktInfo.ObjectLockEnabled {
if existLockHeaders(header) {
return apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound)
}
return nil
}
if defaultConfig == nil {
defaultConfig = &data.ObjectLockConfiguration{}
}
if defaultConfig.Rule != nil && defaultConfig.Rule.DefaultRetention != nil {
defaultRetention := defaultConfig.Rule.DefaultRetention
objectLock.IsCompliance = defaultRetention.Mode == complianceMode
now := time.Now()
if defaultRetention.Days != 0 {
objectLock.Until = now.Add(time.Duration(defaultRetention.Days) * dayDuration)
} else {
objectLock.Until = now.Add(time.Duration(defaultRetention.Years) * yearDuration)
}
}
objectLock.LegalHold = header.Get(api.AmzObjectLockLegalHold) == legalHoldOn
mode := header.Get(api.AmzObjectLockMode)
if mode != "" {
objectLock.IsCompliance = mode == complianceMode
}
until := header.Get(api.AmzObjectLockRetainUntilDate)
if until != "" {
retentionDate, err := time.Parse(time.RFC3339, until)
if err != nil {
return fmt.Errorf("invalid header %s: '%s'", api.AmzObjectLockRetainUntilDate, until)
}
objectLock.Until = retentionDate
}
return nil
}
func existLockHeaders(header http.Header) bool {
return header.Get(api.AmzObjectLockMode) != "" ||
header.Get(api.AmzObjectLockLegalHold) != "" ||
header.Get(api.AmzObjectLockRetainUntilDate) != ""
}

View file

@ -182,7 +182,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
if err != nil {
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err)
h.logAndSendError(w, "could not get bucket", reqInfo, err)
return
}
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
@ -209,6 +209,17 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
Header: metadata,
}
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
if err != nil {
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
return
}
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
h.logAndSendError(w, "could not form object lock", reqInfo, err)
return
}
info, err := h.obj.PutObject(r.Context(), params)
if err != nil {
h.logAndSendError(w, "could not upload object", reqInfo, err)

View file

@ -188,10 +188,6 @@ type Tag struct {
Value string
}
const (
enabledValue = "Enabled"
)
// MarshalXML - StringMap marshals into XML.
func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
tokens := []xml.Token{start}

View file

@ -47,6 +47,9 @@ const (
AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner"
AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner"
AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled"
AmzObjectLockLegalHold = "X-Amz-Object-Lock-Legal-Hold"
AmzObjectLockMode = "X-Amz-Object-Lock-Mode"
AmzObjectLockRetainUntilDate = "X-Amz-Object-Lock-Retain-Until-Date"
ContainerID = "X-Container-Id"

View file

@ -300,6 +300,7 @@ type (
Size int64
Reader io.Reader
Header map[string]string
Lock *data.ObjectLock
}
// PutSettingsParams stores object copy request parameters.
@ -322,6 +323,7 @@ type (
SrcSize int64
Header map[string]string
Range *RangeParams
Lock *data.ObjectLock
}
// CreateBucketParams stores bucket create request parameters.
CreateBucketParams struct {

View file

@ -200,6 +200,10 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec
return nil, n.transformNeofsError(ctx, err)
}
if p.Lock != nil {
// todo form lock system object
}
meta, err := n.objectHead(ctx, bkt.CID, id)
if err != nil {
return nil, err