[#492] layer: Don't parameterize basic ACL of created containers
`CreateBucket` handler always creates containers with extended public ACL, so there is no need to configure it in `NeoFS.CreateContainer`. Make internal `NeoFS` implementation to create containers with `eacl-public-read-write` basic ACL if corresponding parameter is unset. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
0e27fea8f2
commit
880ffe7108
6 changed files with 12 additions and 9 deletions
|
@ -22,7 +22,6 @@ type (
|
|||
CID cid.ID
|
||||
Owner user.ID
|
||||
Created time.Time
|
||||
BasicACL uint32
|
||||
LocationConstraint string
|
||||
ObjectLockEnabled bool
|
||||
}
|
||||
|
|
|
@ -163,8 +163,6 @@ const (
|
|||
basicACLReadOnly = "public-read"
|
||||
basicACLPublic = "public-read-write"
|
||||
cannedACLAuthRead = "authenticated-read"
|
||||
|
||||
publicBasicRule = 0x0FFFFFFF
|
||||
)
|
||||
|
||||
type createBucketParams struct {
|
||||
|
@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string {
|
|||
func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
|
||||
var (
|
||||
reqInfo = api.GetReqInfo(r.Context())
|
||||
p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule}
|
||||
p = layer.CreateBucketParams{
|
||||
Name: reqInfo.BucketName,
|
||||
}
|
||||
)
|
||||
|
||||
if err := checkBucketName(reqInfo.BucketName); err != nil {
|
||||
|
|
|
@ -8,7 +8,6 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
|
|||
}
|
||||
|
||||
info.Owner = *res.OwnerID()
|
||||
info.BasicACL = res.BasicACL()
|
||||
|
||||
for _, attr := range res.Attributes() {
|
||||
switch key, val := attr.Key(), attr.Value(); key {
|
||||
|
@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
|
|||
Name: p.Name,
|
||||
Owner: ownerID,
|
||||
Created: time.Now(), // this can be a little incorrect since the real time is set later
|
||||
BasicACL: p.ACL,
|
||||
LocationConstraint: p.LocationConstraint,
|
||||
ObjectLockEnabled: p.ObjectLockEnabled,
|
||||
}
|
||||
|
@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
|
|||
Policy: *p.Policy,
|
||||
Name: p.Name,
|
||||
SessionToken: p.SessionToken,
|
||||
BasicACL: acl.BasicACL(p.ACL),
|
||||
AdditionalAttributes: attributes,
|
||||
})
|
||||
if err != nil {
|
||||
|
|
|
@ -136,7 +136,6 @@ type (
|
|||
// CreateBucketParams stores bucket create request parameters.
|
||||
CreateBucketParams struct {
|
||||
Name string
|
||||
ACL uint32
|
||||
Policy *netmap.PlacementPolicy
|
||||
EACL *eacl.Table
|
||||
SessionToken *session.Container
|
||||
|
|
|
@ -144,6 +144,8 @@ type NeoFS interface {
|
|||
// It sets 'Timestamp' attribute to the current time.
|
||||
// It returns the ID of the saved container.
|
||||
//
|
||||
// Created container is public with enabled ACL extension.
|
||||
//
|
||||
// It returns exactly one non-nil value. It returns any error encountered which
|
||||
// prevented the container from being created.
|
||||
CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error)
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain
|
|||
}
|
||||
|
||||
// CreateContainer implements neofs.NeoFS interface method.
|
||||
//
|
||||
// If prm.BasicACL is zero, 'eacl-public-read-write' is used.
|
||||
func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) {
|
||||
if prm.BasicACL == 0 {
|
||||
prm.BasicACL = acl.EACLPublicBasicRule
|
||||
}
|
||||
|
||||
// fill container structure
|
||||
cnrOptions := []container.Option{
|
||||
container.WithPolicy(&prm.Policy),
|
||||
|
|
Loading…
Reference in a new issue