TrueCloudLab/frostfs-s3-gw
17
3
Fork 20
Code Issues 18 Pull requests 6 Projects Releases 36 Packages 1 Activity Actions

[#604] Add MFADelete tests with reworked mfa.Storage implementation
All checks were successful
/ DCO (pull_request) Successful in 36s
Details
/ Builds (pull_request) Successful in 1m38s
Details
/ Vulncheck (pull_request) Successful in 1m37s
Details
/ OCI image (pull_request) Successful in 2m16s
Details
/ Lint (pull_request) Successful in 2m40s
Details
/ Tests (pull_request) Successful in 1m26s
Details
/ Vulncheck (push) Successful in 1m18s
Details
/ Builds (push) Successful in 1m14s
Details
/ OCI image (push) Successful in 2m0s
Details
/ Lint (push) Successful in 2m14s
Details
/ Tests (push) Successful in 1m35s
Details

Browse source 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
This commit is contained in:
Alexey Vanin 2025-03-19 15:50:49 +03:00 committed by Pavel Pogodaev
parent 0fc56cbfce
commit 7d6e20fdad
17 changed files with 440 additions and 233 deletions
Download patch file Download diff file Expand all files Collapse all files

22
api/handler/versioning.go
View file

@ -24,6 +24,12 @@ func (h *handler) PutBucketVersioningHandler(w http.ResponseWriter, r *http.Requ
h.logAndSendError(ctx, w, "couldn't decode versioning configuration", reqInfo, errors.GetAPIError(errors.ErrIllegalVersioningConfigurationException))
return
}
newMfa := len(configuration.MfaDelete) > 0
newStatus := len(configuration.Status) > 0
if !newStatus {
h.logAndSendError(ctx, w, "failed to put versioning", reqInfo, errors.GetAPIError(errors.ErrVersioningNotSpecified))
}
bktInfo, err := h.getBucketAndCheckOwner(r, reqInfo.BucketName)
if err != nil {
@ -37,12 +43,21 @@ func (h *handler) PutBucketVersioningHandler(w http.ResponseWriter, r *http.Requ
return
}
newMfa := len(configuration.MfaDelete) > 0
lifecycleCfg, err := h.obj.GetBucketLifecycleConfiguration(ctx, bktInfo)
if err != nil && !errors.IsS3Error(err, errors.ErrNoSuchLifecycleConfiguration) {
h.logAndSendError(ctx, w, "couldn't get lifecycle config", reqInfo, err)
return
}
if lifecycleCfg != nil && newMfa {
h.logAndSendError(ctx, w, "couldn't put versioning", reqInfo, errors.GetAPIError(errors.ErrMFAAuthIsNotSupported))
return
}
if settings.MFADeleteEnabled() || newMfa {
serialNumber, token, err = h.getMFAHeader(r)
if err != nil {
h.logAndSendError(ctx, w, "invalid x-amz-mfa header", reqInfo, errors.GetAPIError(errors.ErrBadRequest))
h.logAndSendError(ctx, w, "invalid x-amz-mfa header", reqInfo, errors.GetAPIError(errors.ErrInvalidMFAHeader))
return
}
device, err := h.mfa.GetMFADevice(ctx, reqInfo.Namespace, nameFromArn(serialNumber))
@ -68,6 +83,7 @@ func (h *handler) PutBucketVersioningHandler(w http.ResponseWriter, r *http.Requ
newSettings.Versioning.MFASerialNumber = serialNumber
case data.MFADeleteDisabled:
newSettings.Versioning.MFADeleteStatus = data.MFADeleteDisabled
newSettings.Versioning.MFASerialNumber = ""
default:
h.logAndSendError(ctx, w, "failed to get mfa configuration", reqInfo, nil)
return
@ -127,6 +143,8 @@ func formVersioningConfiguration(settings *data.BucketSettings) *VersioningConfi
}
if settings.MFADeleteEnabled() {
res.MfaDelete = data.MFADeleteEnabled
} else if settings.MFADeleteDisabled() {
res.MfaDelete = data.MFADeleteDisabled
}
return res