TrueCloudLab/frostfs-s3-gw
18
3
Fork 20
Code Issues 29 Pull requests 8 Projects Releases 23 Packages Activity Actions

[#507] Add routing for public access block operations
All checks were successful
/ DCO (pull_request) Successful in 1m12s
Details
/ Vulncheck (pull_request) Successful in 1m32s
Details
/ Builds (pull_request) Successful in 1m21s
Details
/ Lint (pull_request) Successful in 1m56s
Details
/ Tests (pull_request) Successful in 1m27s
Details

Browse source 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
This commit is contained in:
Marina Biryukova 2024-10-01 11:21:22 +03:00
parent 582e6ac642
commit dbd0bc2252
6 changed files with 92 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
api/handler/not_support.go
View file

@ -10,3 +10,15 @@ import (
func (h *handler) DeleteBucketEncryptionHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "not supported", middleware.GetReqInfo(r.Context()), errors.GetAPIError(errors.ErrNotSupported))
}
func (h *handler) DeletePublicAccessBlockHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "not supported", middleware.GetReqInfo(r.Context()), errors.GetAPIError(errors.ErrNotSupported))
}
func (h *handler) GetPublicAccessBlockHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "not supported", middleware.GetReqInfo(r.Context()), errors.GetAPIError(errors.ErrNotSupported))
}
func (h *handler) PutPublicAccessBlockHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "not supported", middleware.GetReqInfo(r.Context()), errors.GetAPIError(errors.ErrNotSupported))
}

4
api/middleware/constants.go
View file

@ -48,6 +48,9 @@ const (
DeleteBucketLifecycleOperation = "DeleteBucketLifecycle"
DeleteBucketEncryptionOperation = "DeleteBucketEncryption"
DeleteBucketOperation = "DeleteBucket"
DeletePublicAccessBlockOperation = "DeletePublicAccessBlock"
GetPublicAccessBlockOperation = "GetPublicAccessBlock"
PutPublicAccessBlockOperation = "PutPublicAccessBlock"
// object operations.
@ -106,6 +109,7 @@ const (
AttributesQuery = "attributes"
PartNumberQuery = "partNumber"
LegalHoldQuery = "legal-hold"
PublicAccessBlockQuery = "publicAccessBlock"
)
const (

6
api/middleware/policy.go
View file

@ -269,6 +269,8 @@ func determineBucketOperation(r *http.Request) string {
return ListObjectsV2MOperation
case query.Get(ListTypeQuery) == "2":
return ListObjectsV2Operation
case query.Has(PublicAccessBlockQuery):
return GetPublicAccessBlockOperation
default:
return ListObjectsV1Operation
}
@ -292,6 +294,8 @@ func determineBucketOperation(r *http.Request) string {
return PutBucketVersioningOperation
case query.Has(NotificationQuery):
return PutBucketNotificationOperation
case query.Has(PublicAccessBlockQuery):
return PutPublicAccessBlockOperation
default:
return CreateBucketOperation
}
@ -316,6 +320,8 @@ func determineBucketOperation(r *http.Request) string {
return DeleteBucketLifecycleOperation
case query.Has(EncryptionQuery):
return DeleteBucketEncryptionOperation
case query.Has(PublicAccessBlockQuery):
return DeletePublicAccessBlockOperation
default:
return DeleteBucketOperation
}

18
api/middleware/policy_test.go
View file

@ -263,6 +263,24 @@ func TestDetermineBucketOperation(t *testing.T) {
method: http.MethodDelete,
expected: DeleteBucketOperation,
},
{
name: "GetPublicAccessBlockOperation",
method: http.MethodGet,
queryParam: map[string]string{PublicAccessBlockQuery: defaultValue},
expected: GetPublicAccessBlockOperation,
},
{
name: "PutPublicAccessBlockOperation",
method: http.MethodPut,
queryParam: map[string]string{PublicAccessBlockQuery: defaultValue},
expected: PutPublicAccessBlockOperation,
},
{
name: "DeletePublicAccessBlockOperation",
method: http.MethodDelete,
queryParam: map[string]string{PublicAccessBlockQuery: defaultValue},
expected: DeletePublicAccessBlockOperation,
},
{
name: "UnmatchedBucketOperation",
method: "invalid-method",

12
api/router.go
View file

@ -88,6 +88,9 @@ type (
ListPartsHandler(w http.ResponseWriter, r *http.Request)
ListMultipartUploadsHandler(http.ResponseWriter, *http.Request)
PatchObjectHandler(http.ResponseWriter, *http.Request)
DeletePublicAccessBlockHandler(http.ResponseWriter, *http.Request)
GetPublicAccessBlockHandler(http.ResponseWriter, *http.Request)
PutPublicAccessBlockHandler(http.ResponseWriter, *http.Request)
ResolveBucket(ctx context.Context, bucket string) (*data.BucketInfo, error)
ResolveCID(ctx context.Context, bucket string) (cid.ID, error)
@ -313,6 +316,9 @@ func bucketRouter(h Handler) chi.Router {
Add(NewFilter().
Queries(s3middleware.VersionsQuery).
Handler(named(s3middleware.ListBucketObjectVersionsOperation, h.ListBucketObjectVersionsHandler))).
Add(NewFilter().
Queries(s3middleware.PublicAccessBlockQuery).
Handler(named(s3middleware.GetPublicAccessBlockOperation, h.GetPublicAccessBlockHandler))).
DefaultHandler(listWrapper(h)))
})
@ -346,6 +352,9 @@ func bucketRouter(h Handler) chi.Router {
Add(NewFilter().
Queries(s3middleware.NotificationQuery).
Handler(named(s3middleware.PutBucketNotificationOperation, h.PutBucketNotificationHandler))).
Add(NewFilter().
Queries(s3middleware.PublicAccessBlockQuery).
Handler(named(s3middleware.PutPublicAccessBlockOperation, h.PutPublicAccessBlockHandler))).
DefaultHandler(named(s3middleware.CreateBucketOperation, h.CreateBucketHandler)))
})
@ -380,6 +389,9 @@ func bucketRouter(h Handler) chi.Router {
Add(NewFilter().
Queries(s3middleware.EncryptionQuery).
Handler(named(s3middleware.DeleteBucketEncryptionOperation, h.DeleteBucketEncryptionHandler))).
Add(NewFilter().
Queries(s3middleware.PublicAccessBlockQuery).
Handler(named(s3middleware.DeletePublicAccessBlockOperation, h.DeletePublicAccessBlockHandler))).
DefaultHandler(named(s3middleware.DeleteBucketOperation, h.DeleteBucketHandler)))
})

12
api/router_mock_test.go
View file

@ -569,6 +569,18 @@ func (h *handlerMock) PatchObjectHandler(http.ResponseWriter, *http.Request) {
panic("implement me")
}
func (h *handlerMock) DeletePublicAccessBlockHandler(http.ResponseWriter, *http.Request) {
panic("implement me")
}
func (h *handlerMock) GetPublicAccessBlockHandler(http.ResponseWriter, *http.Request) {
panic("implement me")
}
func (h *handlerMock) PutPublicAccessBlockHandler(http.ResponseWriter, *http.Request) {
panic("implement me")
}
func (h *handlerMock) ResolveBucket(ctx context.Context, name string) (*data.BucketInfo, error) {
reqInfo := middleware.GetReqInfo(ctx)
bktInfo, ok := h.buckets[reqInfo.Namespace+name]