[#357] Add check of request and resource tags #357
Labels
No Label
P0
P1
P2
P3
good first issue
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
No Milestone
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: TrueCloudLab/frostfs-s3-gw#357
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "mbiryukova/frostfs-s3-gw:feature/tags_to_policy_check"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
Signed-off-by: Marina Biryukova m.biryukova@yadro.com
84e123a0fb
to1c84cf5ae2
[#xxx] Add check of request and resource tagsto [#357] Add check of request and resource tags1c84cf5ae2
to0fe50f000d
0fe50f000d
to780c329cab
780c329cab
to0c47fd4228
Looks good
@ -30,0 +40,4 @@
CompleteMultipartUploadOperation,
UploadPartOperation,
UploadPartCopyOperation,
ListPartsOperation,
Can aws restrict uploadPart/listingParts by resource attribute (that was added during create multipart upload)?
It seems not
@ -39,0 +59,4 @@
}
type ResourceTagging interface {
GetBucketInfo(ctx context.Context, name string) (*data.BucketInfo, error)
This duplicates
PolicyConfig.BucketResolver
.@ -54,6 +84,7 @@ func PolicyCheck(cfg PolicyConfig) Func {
ctx := r.Context()
if err := policyCheck(r, cfg); err != nil {
reqLogOrDefault(ctx, cfg.Log).Error(logs.PolicyValidationFailed, zap.Error(err))
err = frostfsErrors.UnwrapErr(err)
Why do we need this?
Without this we will return
InternalError
if requesting tags of non-existent bucket or object, instead ofNoSuchBucket
orNoSuchKey
Can we add test for such case then? For now If I remove this line tests still pass
@ -68,3 +99,3 @@
func policyCheck(r *http.Request, cfg PolicyConfig) error {
reqType, bktName, objName := getBucketObject(r, cfg.Domains)
req, err := getPolicyRequest(r, cfg.FrostfsID, reqType, bktName, objName, cfg.Log)
req, err := getPolicyRequest(r, cfg.FrostfsID, cfg.Decoder, cfg.Tagging, reqType, bktName, objName, cfg.Log)
It seems we can pass whole
cfg
param0c47fd4228
to3b76446d72