Use 'c' prefix for bucket policies instead of 'n' #360

Merged
alexvanin merged 1 commit from alexvanin/frostfs-s3-gw:fix/8574 into support/v0.29 2024-09-04 19:51:13 +00:00

View file

@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
} }
reqInfo := GetReqInfo(r.Context()) reqInfo := GetReqInfo(r.Context())
targets := []engine.RequestTarget{ target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
}
if bktInfo != nil { if bktInfo != nil {
targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString())) cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
target.Container = &cnrTarget
} }
st := chain.NoRuleFound st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)

Why don't we use just one RequestTarget?

if bktInfo !=nil {
	cnrTarget:=engine.ContainerTarget(bktInfo.CID.EncodeToString())
	target.Container = &cnrTarget
}
Why don't we use just one `RequestTarget`? ```golang if bktInfo !=nil { cnrTarget:=engine.ContainerTarget(bktInfo.CID.EncodeToString()) target.Container = &cnrTarget } ```

Missed that, thanks!

Missed that, thanks!
for _, target := range targets {
status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
if err != nil { if err != nil {
return err return err
} }
if found {
st = status if !found {
if status != chain.Allow { st = chain.NoRuleFound
break
}
}
} }
switch { switch {