[#492] layer: Don't parameterize basic ACL of created containers

`CreateBucket` handler always creates containers with extended public
ACL, so there is no need to configure it in `NeoFS.CreateContainer`.

Make internal `NeoFS` implementation to create containers with
`eacl-public-read-write` basic ACL if corresponding parameter is unset.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-10 04:59:17 +03:00 committed by Alex Vanin
parent 0e27fea8f2
commit 880ffe7108
6 changed files with 12 additions and 9 deletions

View file

@ -22,7 +22,6 @@ type (
CID cid.ID CID cid.ID
Owner user.ID Owner user.ID
Created time.Time Created time.Time
BasicACL uint32
LocationConstraint string LocationConstraint string
ObjectLockEnabled bool ObjectLockEnabled bool
} }

View file

@ -163,8 +163,6 @@ const (
basicACLReadOnly = "public-read" basicACLReadOnly = "public-read"
basicACLPublic = "public-read-write" basicACLPublic = "public-read-write"
cannedACLAuthRead = "authenticated-read" cannedACLAuthRead = "authenticated-read"
publicBasicRule = 0x0FFFFFFF
) )
type createBucketParams struct { type createBucketParams struct {
@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string {
func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) { func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
var ( var (
reqInfo = api.GetReqInfo(r.Context()) reqInfo = api.GetReqInfo(r.Context())
p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule} p = layer.CreateBucketParams{
Name: reqInfo.BucketName,
}
) )
if err := checkBucketName(reqInfo.BucketName); err != nil { if err := checkBucketName(reqInfo.BucketName); err != nil {

View file

@ -8,7 +8,6 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/data"
"github.com/nspcc-dev/neofs-s3-gw/api/errors" "github.com/nspcc-dev/neofs-s3-gw/api/errors"
"github.com/nspcc-dev/neofs-sdk-go/acl"
"github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/client"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
} }
info.Owner = *res.OwnerID() info.Owner = *res.OwnerID()
info.BasicACL = res.BasicACL()
for _, attr := range res.Attributes() { for _, attr := range res.Attributes() {
switch key, val := attr.Key(), attr.Value(); key { switch key, val := attr.Key(), attr.Value(); key {
@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
Name: p.Name, Name: p.Name,
Owner: ownerID, Owner: ownerID,
Created: time.Now(), // this can be a little incorrect since the real time is set later Created: time.Now(), // this can be a little incorrect since the real time is set later
BasicACL: p.ACL,
LocationConstraint: p.LocationConstraint, LocationConstraint: p.LocationConstraint,
ObjectLockEnabled: p.ObjectLockEnabled, ObjectLockEnabled: p.ObjectLockEnabled,
} }
@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
Policy: *p.Policy, Policy: *p.Policy,
Name: p.Name, Name: p.Name,
SessionToken: p.SessionToken, SessionToken: p.SessionToken,
BasicACL: acl.BasicACL(p.ACL),
AdditionalAttributes: attributes, AdditionalAttributes: attributes,
}) })
if err != nil { if err != nil {

View file

@ -136,7 +136,6 @@ type (
// CreateBucketParams stores bucket create request parameters. // CreateBucketParams stores bucket create request parameters.
CreateBucketParams struct { CreateBucketParams struct {
Name string Name string
ACL uint32
Policy *netmap.PlacementPolicy Policy *netmap.PlacementPolicy
EACL *eacl.Table EACL *eacl.Table
SessionToken *session.Container SessionToken *session.Container

View file

@ -144,6 +144,8 @@ type NeoFS interface {
// It sets 'Timestamp' attribute to the current time. // It sets 'Timestamp' attribute to the current time.
// It returns the ID of the saved container. // It returns the ID of the saved container.
// //
// Created container is public with enabled ACL extension.
//
// It returns exactly one non-nil value. It returns any error encountered which // It returns exactly one non-nil value. It returns any error encountered which
// prevented the container from being created. // prevented the container from being created.
CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error) CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error)

View file

@ -16,6 +16,7 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/api/layer"
"github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/authmate"
"github.com/nspcc-dev/neofs-s3-gw/creds/tokens" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
"github.com/nspcc-dev/neofs-sdk-go/acl"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain
} }
// CreateContainer implements neofs.NeoFS interface method. // CreateContainer implements neofs.NeoFS interface method.
//
// If prm.BasicACL is zero, 'eacl-public-read-write' is used.
func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) { func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) {
if prm.BasicACL == 0 {
prm.BasicACL = acl.EACLPublicBasicRule
}
// fill container structure // fill container structure
cnrOptions := []container.Option{ cnrOptions := []container.Option{
container.WithPolicy(&prm.Policy), container.WithPolicy(&prm.Policy),