From 880ffe7108724d55aff29338a67f1ec03e7d7ca9 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Fri, 10 Jun 2022 04:59:17 +0300 Subject: [PATCH] [#492] layer: Don't parameterize basic ACL of created containers `CreateBucket` handler always creates containers with extended public ACL, so there is no need to configure it in `NeoFS.CreateContainer`. Make internal `NeoFS` implementation to create containers with `eacl-public-read-write` basic ACL if corresponding parameter is unset. Signed-off-by: Leonard Lyubich --- api/data/info.go | 1 - api/handler/put.go | 6 +++--- api/layer/container.go | 4 ---- api/layer/layer.go | 1 - api/layer/neofs.go | 2 ++ internal/neofs/neofs.go | 7 +++++++ 6 files changed, 12 insertions(+), 9 deletions(-) diff --git a/api/data/info.go b/api/data/info.go index b8e48fc..9ca034c 100644 --- a/api/data/info.go +++ b/api/data/info.go @@ -22,7 +22,6 @@ type ( CID cid.ID Owner user.ID Created time.Time - BasicACL uint32 LocationConstraint string ObjectLockEnabled bool } diff --git a/api/handler/put.go b/api/handler/put.go index a8efebe..cb585a5 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -163,8 +163,6 @@ const ( basicACLReadOnly = "public-read" basicACLPublic = "public-read-write" cannedACLAuthRead = "authenticated-read" - - publicBasicRule = 0x0FFFFFFF ) type createBucketParams struct { @@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string { func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) { var ( reqInfo = api.GetReqInfo(r.Context()) - p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule} + p = layer.CreateBucketParams{ + Name: reqInfo.BucketName, + } ) if err := checkBucketName(reqInfo.BucketName); err != nil { diff --git a/api/layer/container.go b/api/layer/container.go index 003ffef..33d4d74 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -8,7 +8,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/errors" - "github.com/nspcc-dev/neofs-sdk-go/acl" "github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn } info.Owner = *res.OwnerID() - info.BasicACL = res.BasicACL() for _, attr := range res.Attributes() { switch key, val := attr.Key(), attr.Value(); key { @@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da Name: p.Name, Owner: ownerID, Created: time.Now(), // this can be a little incorrect since the real time is set later - BasicACL: p.ACL, LocationConstraint: p.LocationConstraint, ObjectLockEnabled: p.ObjectLockEnabled, } @@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da Policy: *p.Policy, Name: p.Name, SessionToken: p.SessionToken, - BasicACL: acl.BasicACL(p.ACL), AdditionalAttributes: attributes, }) if err != nil { diff --git a/api/layer/layer.go b/api/layer/layer.go index d49b230..bed9bda 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -136,7 +136,6 @@ type ( // CreateBucketParams stores bucket create request parameters. CreateBucketParams struct { Name string - ACL uint32 Policy *netmap.PlacementPolicy EACL *eacl.Table SessionToken *session.Container diff --git a/api/layer/neofs.go b/api/layer/neofs.go index de73f3d..9ffbe78 100644 --- a/api/layer/neofs.go +++ b/api/layer/neofs.go @@ -144,6 +144,8 @@ type NeoFS interface { // It sets 'Timestamp' attribute to the current time. // It returns the ID of the saved container. // + // Created container is public with enabled ACL extension. + // // It returns exactly one non-nil value. It returns any error encountered which // prevented the container from being created. CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error) diff --git a/internal/neofs/neofs.go b/internal/neofs/neofs.go index b3b5e73..d12828c 100644 --- a/internal/neofs/neofs.go +++ b/internal/neofs/neofs.go @@ -16,6 +16,7 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens" + "github.com/nspcc-dev/neofs-sdk-go/acl" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain } // CreateContainer implements neofs.NeoFS interface method. +// +// If prm.BasicACL is zero, 'eacl-public-read-write' is used. func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) { + if prm.BasicACL == 0 { + prm.BasicACL = acl.EACLPublicBasicRule + } + // fill container structure cnrOptions := []container.Option{ container.WithPolicy(&prm.Policy),