diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go index ba33018..59f7fd5 100644 --- a/api/handler/acl_test.go +++ b/api/handler/acl_test.go @@ -1505,6 +1505,35 @@ func TestBucketPolicyStatus(t *testing.T) { require.True(t, PolicyStatusIsPublicFalse == bktPolicyStatus.IsPublic) } +func TestDeleteBucketWithPolicy(t *testing.T) { + hc := prepareHandlerContext(t) + + bktName := "bucket-for-policy" + createTestBucket(hc, bktName) + + newPolicy := engineiam.Policy{ + Version: "2012-10-17", + Statement: []engineiam.Statement{{ + Principal: map[engineiam.PrincipalType][]string{engineiam.Wildcard: {}}, + Effect: engineiam.AllowEffect, + Action: engineiam.Action{"s3:PutObject"}, + Resource: engineiam.Resource{"arn:aws:s3:::bucket-for-policy/*"}, + }}, + } + + putBucketPolicy(hc, bktName, newPolicy) + + require.Len(t, hc.h.ape.(*apeMock).policyMap, 1) + require.Len(t, hc.h.ape.(*apeMock).chainMap[engine.NamespaceTarget("")], 4) + + deleteBucket(t, hc, bktName, http.StatusNoContent) + + require.Empty(t, hc.h.ape.(*apeMock).policyMap) + chains, err := hc.h.ape.(*apeMock).ListChains(engine.NamespaceTarget("")) + require.NoError(t, err) + require.Empty(t, chains) +} + func TestBucketPolicyUnmarshal(t *testing.T) { for _, tc := range []struct { name string diff --git a/api/handler/delete.go b/api/handler/delete.go index 8b51e78..dd02c24 100644 --- a/api/handler/delete.go +++ b/api/handler/delete.go @@ -15,6 +15,7 @@ import ( apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" + "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "go.uber.org/zap" ) @@ -277,5 +278,17 @@ func (h *handler) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) { }); err != nil { h.logAndSendError(w, "couldn't delete bucket", reqInfo, err) } + + chainIDs := []chain.ID{ + getBucketChainID(chain.S3, bktInfo), + getBucketChainID(chain.Ingress, bktInfo), + getBucketCannedChainID(chain.S3, bktInfo.CID), + getBucketCannedChainID(chain.Ingress, bktInfo.CID), + } + if err = h.ape.DeleteBucketPolicy(reqInfo.Namespace, bktInfo.CID, chainIDs); err != nil { + h.logAndSendError(w, "failed to delete policy from storage", reqInfo, err) + return + } + w.WriteHeader(http.StatusNoContent) } diff --git a/go.mod b/go.mod index 6a2b864..a2e3c92 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module git.frostfs.info/TrueCloudLab/frostfs-s3-gw go 1.20 require ( - git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240215114728-2a124b95bc02 - git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.0 + git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240306101814-c1c7b344b9c0 + git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240409115729-6eb492025bdd git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6 git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240301150205-6fe4e2541d0b git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240402080942-42497ad2424c diff --git a/go.sum b/go.sum index 7466a65..77a6189 100644 --- a/go.sum +++ b/go.sum @@ -36,10 +36,10 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240215114728-2a124b95bc02 h1:SAoUNpK1KBcY9NwP3ZZwDMXB5bvGCQiHxpXCw6wdpAI= -git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240215114728-2a124b95bc02/go.mod h1:uY0AYmCznjZdghDnAk7THFIe1Vlg531IxUcus7ZfUJI= -git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.0 h1:FzurjElUwC7InY9v5rzXReKbfBL5yRJKSWJPq6BKhH0= -git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.0/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc= +git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240306101814-c1c7b344b9c0 h1:4iyAj9k7W29YpyzUTwMuMBbL3G3M96kMbX62OwGNGfE= +git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240306101814-c1c7b344b9c0/go.mod h1:OBDSr+DqV1z4VDouoX3YMleNc4DPBVBWTG3WDT2PK1o= +git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240409115729-6eb492025bdd h1:fujTUMMn0wnpEKNDWLejFL916EPuaYD1MdZpk1ZokU8= +git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240409115729-6eb492025bdd/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc= git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk= git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU= git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6 h1:aGQ6QaAnTerQ5Dq5b2/f9DUQtSqPkZZ/bkMx/HKuLCo=