From af6ccc6e48f0b2f84251d216a7070e89d1d93c4e Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Wed, 8 Feb 2023 12:56:42 +0300
Subject: [PATCH] [TrueCloudLab#23] Return error on unknown LocationConstraint

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 CHANGELOG.md         |  1 +
 api/errors/errors.go |  7 +++++++
 api/handler/put.go   | 25 +++++++++++++++----------
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db45a24..6ce60c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ This document outlines major changes between releases.
 - Update viper to v1.15.0 (#14)
 - Using multiple servers require only one healthy (TrueCloudLab#12)
 - Update go version to go1.18 (TrueCloudLab#16)
+- Return error on invalid LocationConstraint (TrueCloudLab#23)
 
 ## [0.26.0] - 2022-12-28
 
diff --git a/api/errors/errors.go b/api/errors/errors.go
index 0ab7bae..78f0026 100644
--- a/api/errors/errors.go
+++ b/api/errors/errors.go
@@ -90,6 +90,7 @@ const (
 	ErrMissingFields
 	ErrMissingCredTag
 	ErrCredMalformed
+	ErrInvalidLocationConstraint
 	ErrInvalidRegion
 	ErrInvalidServiceS3
 	ErrInvalidServiceSTS
@@ -680,6 +681,12 @@ var errorCodes = errorCodeMap{
 		Description:    "Error parsing the X-Amz-Credential parameter; the region is wrong;",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrInvalidLocationConstraint: {
+		ErrCode:        ErrInvalidLocationConstraint,
+		Code:           "InvalidLocationConstraint",
+		Description:    "The specified location (Region) constraint is not valid.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrInvalidRegion: {
 		ErrCode:        ErrInvalidRegion,
 		Code:           "InvalidRegion",
diff --git a/api/handler/put.go b/api/handler/put.go
index 1b82800..c7ae3d9 100644
--- a/api/handler/put.go
+++ b/api/handler/put.go
@@ -720,7 +720,10 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.setPolicy(p, createParams.LocationConstraint, policies)
+	if err = h.setPolicy(p, createParams.LocationConstraint, policies); err != nil {
+		h.logAndSendError(w, "couldn't set placement policy", reqInfo, err)
+		return
+	}
 
 	p.ObjectLockEnabled = isLockEnabled(r.Header)
 
@@ -748,25 +751,27 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
 	api.WriteSuccessResponseHeadersOnly(w)
 }
 
-func (h handler) setPolicy(prm *layer.CreateBucketParams, locationConstraint string, userPolicies []*accessbox.ContainerPolicy) {
+func (h handler) setPolicy(prm *layer.CreateBucketParams, locationConstraint string, userPolicies []*accessbox.ContainerPolicy) error {
 	prm.Policy = h.cfg.Policy.Default()
+	prm.LocationConstraint = locationConstraint
 
 	if locationConstraint == "" {
-		return
-	}
-
-	if policy, ok := h.cfg.Policy.Get(locationConstraint); ok {
-		prm.Policy = policy
-		prm.LocationConstraint = locationConstraint
+		return nil
 	}
 
 	for _, placementPolicy := range userPolicies {
 		if placementPolicy.LocationConstraint == locationConstraint {
 			prm.Policy = placementPolicy.Policy
-			prm.LocationConstraint = locationConstraint
-			return
+			return nil
 		}
 	}
+
+	if policy, ok := h.cfg.Policy.Get(locationConstraint); ok {
+		prm.Policy = policy
+		return nil
+	}
+
+	return errors.GetAPIError(errors.ErrInvalidLocationConstraint)
 }
 
 func isLockEnabled(header http.Header) bool {
-- 
2.45.2