TrueCloudLab
/
frostfs-s3-gw
16
2
Fork 14
Code Issues 19 Pull Requests 6 Actions Packages Releases 7 Activity

[#463] Restrict overriding default location constraint in authmate 

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
remotes/KirillovDenis/bugfix/681-fix_acl_parsing
Alex Vanin 2022-05-30 13:36:42 +03:00 committed by Kirillov Denis
parent 89ff89a32b
commit 80d4d071d8
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/layer/container.go
View File

@ -28,7 +28,7 @@ type (
const (
attributeLocationConstraint = ".s3-location-constraint"
defaultLocationConstraint = "default"
DefaultLocationConstraint = "default"
AttributeLockEnabled = "LockEnabled"
)
@ -125,7 +125,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
var err error
ownerID := n.Owner(ctx)
if p.LocationConstraint == "" {
p.LocationConstraint = defaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location
p.LocationConstraint = DefaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location
}
bktInfo := &data.BucketInfo{
Name: p.Name,

4
cmd/authmate/main.go
View File

@ -12,6 +12,7 @@ import (
"time"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
"github.com/nspcc-dev/neofs-s3-gw/authmate"
"github.com/nspcc-dev/neofs-s3-gw/internal/neofs"
"github.com/nspcc-dev/neofs-s3-gw/internal/version"
@ -322,6 +323,9 @@ func parsePolicies(val string) (authmate.ContainerPolicies, error) {
if err = json.Unmarshal(data, &policies); err != nil {
return nil, err
}
if _, ok := policies[layer.DefaultLocationConstraint]; ok {
return nil, fmt.Errorf("config overrides %s location constraint", layer.DefaultLocationConstraint)
}
return policies, nil
}