[#492] layer: Don't parameterize basic ACL of created containers

`CreateBucket` handler always creates containers with extended public ACL, so there is no need to configure it in `NeoFS.CreateContainer`. Make internal `NeoFS` implementation to create containers with `eacl-public-read-write` basic ACL if corresponding parameter is unset. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-10 04:59:17 +03:00 · 2022-06-10 04:59:17 +03:00 · 880ffe7108
parent 0e27fea8f2
commit 880ffe7108
6 changed files with 12 additions and 9 deletions
--- a/api/data/info.go
+++ b/api/data/info.go
@ -22,7 +22,6 @@ type (
 		CID                cid.ID
 		Owner              user.ID
 		Created            time.Time
-		BasicACL           uint32
 		LocationConstraint string
 		ObjectLockEnabled  bool
 	}
--- a/api/handler/put.go
+++ b/api/handler/put.go
@ -163,8 +163,6 @@ const (
 	basicACLReadOnly  = "public-read"
 	basicACLPublic    = "public-read-write"
 	cannedACLAuthRead = "authenticated-read"
-
-	publicBasicRule = 0x0FFFFFFF
 )

 type createBucketParams struct {
@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string {
 func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
 	var (
 		reqInfo = api.GetReqInfo(r.Context())
-		p       = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule}
+		p       = layer.CreateBucketParams{
+			Name: reqInfo.BucketName,
+		}
 	)

 	if err := checkBucketName(reqInfo.BucketName); err != nil {
--- a/api/layer/container.go
+++ b/api/layer/container.go
@ -8,7 +8,6 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api"
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-s3-gw/api/errors"
-	"github.com/nspcc-dev/neofs-sdk-go/acl"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
 	}

 	info.Owner = *res.OwnerID()
-	info.BasicACL = res.BasicACL()

 	for _, attr := range res.Attributes() {
 		switch key, val := attr.Key(), attr.Value(); key {
@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		Name:               p.Name,
 		Owner:              ownerID,
 		Created:            time.Now(), // this can be a little incorrect since the real time is set later
-		BasicACL:           p.ACL,
 		LocationConstraint: p.LocationConstraint,
 		ObjectLockEnabled:  p.ObjectLockEnabled,
 	}
@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		Policy:               *p.Policy,
 		Name:                 p.Name,
 		SessionToken:         p.SessionToken,
-		BasicACL:             acl.BasicACL(p.ACL),
 		AdditionalAttributes: attributes,
 	})
 	if err != nil {
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@ -136,7 +136,6 @@ type (
 	// CreateBucketParams stores bucket create request parameters.
 	CreateBucketParams struct {
 		Name               string
-		ACL                uint32
 		Policy             *netmap.PlacementPolicy
 		EACL               *eacl.Table
 		SessionToken       *session.Container
--- a/api/layer/neofs.go
+++ b/api/layer/neofs.go
@ -144,6 +144,8 @@ type NeoFS interface {
 	// It sets 'Timestamp' attribute to the current time.
 	// It returns the ID of the saved container.
 	//
+	// Created container is public with enabled ACL extension.
+	//
 	// It returns exactly one non-nil value. It returns any error encountered which
 	// prevented the container from being created.
 	CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error)
--- a/internal/neofs/neofs.go
+++ b/internal/neofs/neofs.go
@ -16,6 +16,7 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/layer"
 	"github.com/nspcc-dev/neofs-s3-gw/authmate"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
+	"github.com/nspcc-dev/neofs-sdk-go/acl"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain
 }

 // CreateContainer implements neofs.NeoFS interface method.
+//
+// If prm.BasicACL is zero, 'eacl-public-read-write' is used.
 func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) {
+	if prm.BasicACL == 0 {
+		prm.BasicACL = acl.EACLPublicBasicRule
+	}
+
 	// fill container structure
 	cnrOptions := []container.Option{
 		container.WithPolicy(&prm.Policy),