[#XX] object: Wrap only ChainRouterError
erros with ObjectAccessDenied
* Such wrapping helps to differentiate logical check errors and server internal errors. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
3d789d1f16
commit
6849341d21
2 changed files with 27 additions and 20 deletions
|
@ -1,10 +1,17 @@
|
||||||
package ape
|
package ape
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
|
|
||||||
|
checkercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/common/ape"
|
||||||
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||||
)
|
)
|
||||||
|
|
||||||
func toStatusErr(err error) error {
|
func processAPECheckErr(err error) error {
|
||||||
|
var chRouterErr *checkercore.ChainRouterError
|
||||||
|
if !errors.As(err, &chRouterErr) {
|
||||||
|
return err
|
||||||
|
}
|
||||||
errAccessDenied := &apistatus.ObjectAccessDenied{}
|
errAccessDenied := &apistatus.ObjectAccessDenied{}
|
||||||
errAccessDenied.WriteReason("ape denied request: " + err.Error())
|
errAccessDenied.WriteReason("ape denied request: " + err.Error())
|
||||||
return errAccessDenied
|
return errAccessDenied
|
||||||
|
|
|
@ -91,7 +91,7 @@ func (g *getStreamBasicChecker) Send(resp *objectV2.GetResponse) error {
|
||||||
if partInit, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
|
if partInit, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
|
||||||
cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID())
|
cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
prm := Prm{
|
prm := Prm{
|
||||||
|
@ -108,7 +108,7 @@ func (g *getStreamBasicChecker) Send(resp *objectV2.GetResponse) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := g.apeChecker.CheckAPE(g.Context(), prm); err != nil {
|
if err := g.apeChecker.CheckAPE(g.Context(), prm); err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return g.GetObjectStream.Send(resp)
|
return g.GetObjectStream.Send(resp)
|
||||||
|
@ -129,7 +129,7 @@ func requestContext(ctx context.Context) (*objectSvc.RequestContext, error) {
|
||||||
func (c *Service) Get(request *objectV2.GetRequest, stream objectSvc.GetObjectStream) error {
|
func (c *Service) Get(request *objectV2.GetRequest, stream objectSvc.GetObjectStream) error {
|
||||||
reqCtx, err := requestContext(stream.Context())
|
reqCtx, err := requestContext(stream.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.next.Get(request, &getStreamBasicChecker{
|
return c.next.Get(request, &getStreamBasicChecker{
|
||||||
|
@ -153,12 +153,12 @@ func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutR
|
||||||
if partInit, ok := request.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
|
if partInit, ok := request.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
|
||||||
reqCtx, err := requestContext(ctx)
|
reqCtx, err := requestContext(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID())
|
cnrID, objID, err := getAddressParamsSDK(partInit.GetHeader().GetContainerID(), partInit.GetObjectID())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
prm := Prm{
|
prm := Prm{
|
||||||
|
@ -175,7 +175,7 @@ func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutR
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
|
if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -209,12 +209,12 @@ func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.Pa
|
||||||
|
|
||||||
reqCtx, err := requestContext(ctx)
|
reqCtx, err := requestContext(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
|
cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
prm := Prm{
|
prm := Prm{
|
||||||
|
@ -230,7 +230,7 @@ func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.Pa
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
|
if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -298,7 +298,7 @@ func (c *Service) Head(ctx context.Context, request *objectV2.HeadRequest) (*obj
|
||||||
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, toStatusErr(err)
|
return nil, processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
@ -307,13 +307,13 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc
|
||||||
var cnrID cid.ID
|
var cnrID cid.ID
|
||||||
if cnrV2 := request.GetBody().GetContainerID(); cnrV2 != nil {
|
if cnrV2 := request.GetBody().GetContainerID(); cnrV2 != nil {
|
||||||
if err := cnrID.ReadFromV2(*cnrV2); err != nil {
|
if err := cnrID.ReadFromV2(*cnrV2); err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
reqCtx, err := requestContext(stream.Context())
|
reqCtx, err := requestContext(stream.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = c.apeChecker.CheckAPE(stream.Context(), Prm{
|
err = c.apeChecker.CheckAPE(stream.Context(), Prm{
|
||||||
|
@ -327,7 +327,7 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc
|
||||||
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.next.Search(request, stream)
|
return c.next.Search(request, stream)
|
||||||
|
@ -356,7 +356,7 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) (
|
||||||
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, toStatusErr(err)
|
return nil, processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := c.next.Delete(ctx, request)
|
resp, err := c.next.Delete(ctx, request)
|
||||||
|
@ -370,12 +370,12 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) (
|
||||||
func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.GetObjectRangeStream) error {
|
func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.GetObjectRangeStream) error {
|
||||||
cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
|
cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
reqCtx, err := requestContext(stream.Context())
|
reqCtx, err := requestContext(stream.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = c.apeChecker.CheckAPE(stream.Context(), Prm{
|
err = c.apeChecker.CheckAPE(stream.Context(), Prm{
|
||||||
|
@ -390,7 +390,7 @@ func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.G
|
||||||
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
XHeaders: request.GetMetaHeader().GetXHeaders(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toStatusErr(err)
|
return processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.next.GetRange(request, stream)
|
return c.next.GetRange(request, stream)
|
||||||
|
@ -425,7 +425,7 @@ func (c *Service) GetRangeHash(ctx context.Context, request *objectV2.GetRangeHa
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = c.apeChecker.CheckAPE(ctx, prm); err != nil {
|
if err = c.apeChecker.CheckAPE(ctx, prm); err != nil {
|
||||||
return nil, toStatusErr(err)
|
return nil, processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
@ -455,7 +455,7 @@ func (c *Service) PutSingle(ctx context.Context, request *objectV2.PutSingleRequ
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = c.apeChecker.CheckAPE(ctx, prm); err != nil {
|
if err = c.apeChecker.CheckAPE(ctx, prm); err != nil {
|
||||||
return nil, toStatusErr(err)
|
return nil, processAPECheckErr(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.next.PutSingle(ctx, request)
|
return c.next.PutSingle(ctx, request)
|
||||||
|
|
Loading…
Reference in a new issue