forked from TrueCloudLab/frostfs-node
[#1339] getSvc: Fix access denied error handling
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
parent
01e18eda43
commit
43d6fbf73b
3 changed files with 29 additions and 12 deletions
|
@ -2,9 +2,11 @@ package getsvc
|
|||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util"
|
||||
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
@ -120,6 +122,12 @@ func (exec *request) analyzeStatus(ctx context.Context, execCnr bool) {
|
|||
exec.log.Debug(logs.OperationFinishedWithError,
|
||||
zap.Error(exec.err),
|
||||
)
|
||||
var errAccessDenied *apistatus.ObjectAccessDenied
|
||||
if execCnr && errors.As(exec.err, &errAccessDenied) {
|
||||
// Local get can't return access denied error, so this error was returned by
|
||||
// write to the output stream. So there is no need to try to find object on other nodes.
|
||||
return
|
||||
}
|
||||
|
||||
if execCnr {
|
||||
exec.executeOnContainer(ctx)
|
||||
|
|
|
@ -31,6 +31,7 @@ func (r *request) processNode(ctx context.Context, info client.NodeInfo) bool {
|
|||
var errECInfo *objectSDK.ECInfoError
|
||||
var errRemoved *apistatus.ObjectAlreadyRemoved
|
||||
var errOutOfRange *apistatus.ObjectOutOfRange
|
||||
var errAccessDenied *apistatus.ObjectAccessDenied
|
||||
|
||||
switch {
|
||||
default:
|
||||
|
@ -38,7 +39,11 @@ func (r *request) processNode(ctx context.Context, info client.NodeInfo) bool {
|
|||
if r.status != statusEC {
|
||||
// for raw requests, continue to collect other parts
|
||||
r.status = statusUndefined
|
||||
r.err = new(apistatus.ObjectNotFound)
|
||||
if errors.As(err, &errAccessDenied) {
|
||||
r.err = err
|
||||
} else {
|
||||
r.err = new(apistatus.ObjectNotFound)
|
||||
}
|
||||
}
|
||||
return false
|
||||
case err == nil:
|
||||
|
|
|
@ -23,12 +23,14 @@ import (
|
|||
)
|
||||
|
||||
type getRequestForwarder struct {
|
||||
OnceResign sync.Once
|
||||
OnceHeaderSending sync.Once
|
||||
GlobalProgress int
|
||||
Key *ecdsa.PrivateKey
|
||||
Request *objectV2.GetRequest
|
||||
Stream *streamObjectWriter
|
||||
OnceResign sync.Once
|
||||
GlobalProgress int
|
||||
Key *ecdsa.PrivateKey
|
||||
Request *objectV2.GetRequest
|
||||
Stream *streamObjectWriter
|
||||
|
||||
headerSent bool
|
||||
headerSentGuard sync.Mutex
|
||||
}
|
||||
|
||||
func (f *getRequestForwarder) forwardRequestToNode(ctx context.Context, addr network.Address, c client.MultiAddressClient, pubkey []byte) (*objectSDK.Object, error) {
|
||||
|
@ -83,13 +85,15 @@ func (f *getRequestForwarder) writeHeader(ctx context.Context, v *objectV2.GetOb
|
|||
obj.SetSignature(v.GetSignature())
|
||||
obj.SetHeader(v.GetHeader())
|
||||
|
||||
var err error
|
||||
f.OnceHeaderSending.Do(func() {
|
||||
err = f.Stream.WriteHeader(ctx, objectSDK.NewFromV2(obj))
|
||||
})
|
||||
if err != nil {
|
||||
f.headerSentGuard.Lock()
|
||||
defer f.headerSentGuard.Unlock()
|
||||
if f.headerSent {
|
||||
return nil
|
||||
}
|
||||
if err := f.Stream.WriteHeader(ctx, objectSDK.NewFromV2(obj)); err != nil {
|
||||
return errCouldNotWriteObjHeader(err)
|
||||
}
|
||||
f.headerSent = true
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue