From ef556bd8acc3d74b723931b41abe85050d283fbd Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Wed, 22 Mar 2023 11:02:39 +0300 Subject: [PATCH] [#60] Use session token to set eACL during Complete Multipart Upload Signed-off-by: Alex Vanin --- api/handler/multipart_upload.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/api/handler/multipart_upload.go b/api/handler/multipart_upload.go index e5b9022..480f376 100644 --- a/api/handler/multipart_upload.go +++ b/api/handler/multipart_upload.go @@ -13,7 +13,6 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer" - "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" "github.com/google/uuid" "go.uber.org/zap" ) @@ -374,8 +373,6 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http. } var ( - sessionTokenSetEACL *session.Container - uploadID = r.URL.Query().Get(uploadIDHeaderName) uploadInfo = &layer.UploadInfoParams{ UploadID: uploadID, @@ -408,7 +405,7 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http. // Start complete multipart upload which may take some time to fetch object // and re-upload it part by part. - objInfo, err := h.completeMultipartUpload(r, c, bktInfo, reqInfo, sessionTokenSetEACL) + objInfo, err := h.completeMultipartUpload(r, c, bktInfo, reqInfo) // Stop periodic writer as complete multipart upload is finished // successfully or not. @@ -442,7 +439,7 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http. } } -func (h *handler) completeMultipartUpload(r *http.Request, c *layer.CompleteMultipartParams, bktInfo *data.BucketInfo, reqInfo *api.ReqInfo, stoken *session.Container) (*data.ObjectInfo, error) { +func (h *handler) completeMultipartUpload(r *http.Request, c *layer.CompleteMultipartParams, bktInfo *data.BucketInfo, reqInfo *api.ReqInfo) (*data.ObjectInfo, error) { uploadData, extendedObjInfo, err := h.obj.CompleteMultipartUpload(r.Context(), c) if err != nil { return nil, fmt.Errorf("could not complete multipart upload: %w", err) @@ -465,6 +462,10 @@ func (h *handler) completeMultipartUpload(r *http.Request, c *layer.CompleteMult } if len(uploadData.ACLHeaders) != 0 { + sessionTokenSetEACL, err := getSessionTokenSetEACL(r.Context()) + if err != nil { + return nil, fmt.Errorf("couldn't get eacl token: %w", err) + } key, err := h.bearerTokenIssuerKey(r.Context()) if err != nil { return nil, fmt.Errorf("couldn't get gate key: %w", err) @@ -482,7 +483,7 @@ func (h *handler) completeMultipartUpload(r *http.Request, c *layer.CompleteMult if err != nil { return nil, fmt.Errorf("could not translate acl of completed multipart upload to ast: %w", err) } - if _, err = h.updateBucketACL(r, astObject, bktInfo, stoken); err != nil { + if _, err = h.updateBucketACL(r, astObject, bktInfo, sessionTokenSetEACL); err != nil { return nil, fmt.Errorf("could not update bucket acl while completing multipart upload: %w", err) } }