From 6849341d21c090e90b3f4603f854fdbe1a66a939 Mon Sep 17 00:00:00 2001 From: Airat Arifullin Date: Mon, 16 Dec 2024 14:10:18 +0300 Subject: [PATCH] [#XX] object: Wrap only `ChainRouterError` erros with `ObjectAccessDenied` * Such wrapping helps to differentiate logical check errors and server internal errors. Signed-off-by: Airat Arifullin --- pkg/services/object/ape/errors.go | 9 ++++++- pkg/services/object/ape/service.go | 38 +++++++++++++++--------------- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/pkg/services/object/ape/errors.go b/pkg/services/object/ape/errors.go index 1b2024ed5..a44c1e91a 100644 --- a/pkg/services/object/ape/errors.go +++ b/pkg/services/object/ape/errors.go @@ -1,10 +1,17 @@ package ape import ( + "errors" + + checkercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/common/ape" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" ) -func toStatusErr(err error) error { +func processAPECheckErr(err error) error { + var chRouterErr *checkercore.ChainRouterError + if !errors.As(err, &chRouterErr) { + return err + } errAccessDenied := &apistatus.ObjectAccessDenied{} errAccessDenied.WriteReason("ape denied request: " + err.Error()) return errAccessDenied diff --git a/pkg/services/object/ape/service.go b/pkg/services/object/ape/service.go index c6d152e0f..c8eb618d8 100644 --- a/pkg/services/object/ape/service.go +++ b/pkg/services/object/ape/service.go @@ -91,7 +91,7 @@ func (g *getStreamBasicChecker) Send(resp *objectV2.GetResponse) error { if partInit, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok { cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } prm := Prm{ @@ -108,7 +108,7 @@ func (g *getStreamBasicChecker) Send(resp *objectV2.GetResponse) error { } if err := g.apeChecker.CheckAPE(g.Context(), prm); err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } } return g.GetObjectStream.Send(resp) @@ -129,7 +129,7 @@ func requestContext(ctx context.Context) (*objectSvc.RequestContext, error) { func (c *Service) Get(request *objectV2.GetRequest, stream objectSvc.GetObjectStream) error { reqCtx, err := requestContext(stream.Context()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } return c.next.Get(request, &getStreamBasicChecker{ @@ -153,12 +153,12 @@ func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutR if partInit, ok := request.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok { reqCtx, err := requestContext(ctx) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } prm := Prm{ @@ -175,7 +175,7 @@ func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutR } if err := p.apeChecker.CheckAPE(ctx, prm); err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } } @@ -209,12 +209,12 @@ func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.Pa reqCtx, err := requestContext(ctx) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } prm := Prm{ @@ -230,7 +230,7 @@ func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.Pa } if err := p.apeChecker.CheckAPE(ctx, prm); err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } } @@ -298,7 +298,7 @@ func (c *Service) Head(ctx context.Context, request *objectV2.HeadRequest) (*obj XHeaders: request.GetMetaHeader().GetXHeaders(), }) if err != nil { - return nil, toStatusErr(err) + return nil, processAPECheckErr(err) } return resp, nil } @@ -307,13 +307,13 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc var cnrID cid.ID if cnrV2 := request.GetBody().GetContainerID(); cnrV2 != nil { if err := cnrID.ReadFromV2(*cnrV2); err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } } reqCtx, err := requestContext(stream.Context()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } err = c.apeChecker.CheckAPE(stream.Context(), Prm{ @@ -327,7 +327,7 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc XHeaders: request.GetMetaHeader().GetXHeaders(), }) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } return c.next.Search(request, stream) @@ -356,7 +356,7 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) ( XHeaders: request.GetMetaHeader().GetXHeaders(), }) if err != nil { - return nil, toStatusErr(err) + return nil, processAPECheckErr(err) } resp, err := c.next.Delete(ctx, request) @@ -370,12 +370,12 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) ( func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.GetObjectRangeStream) error { cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } reqCtx, err := requestContext(stream.Context()) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } err = c.apeChecker.CheckAPE(stream.Context(), Prm{ @@ -390,7 +390,7 @@ func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.G XHeaders: request.GetMetaHeader().GetXHeaders(), }) if err != nil { - return toStatusErr(err) + return processAPECheckErr(err) } return c.next.GetRange(request, stream) @@ -425,7 +425,7 @@ func (c *Service) GetRangeHash(ctx context.Context, request *objectV2.GetRangeHa } if err = c.apeChecker.CheckAPE(ctx, prm); err != nil { - return nil, toStatusErr(err) + return nil, processAPECheckErr(err) } return resp, nil } @@ -455,7 +455,7 @@ func (c *Service) PutSingle(ctx context.Context, request *objectV2.PutSingleRequ } if err = c.apeChecker.CheckAPE(ctx, prm); err != nil { - return nil, toStatusErr(err) + return nil, processAPECheckErr(err) } return c.next.PutSingle(ctx, request)