forked from TrueCloudLab/frostfs-s3-gw
[#492] layer: Don't parameterize basic ACL of created containers
`CreateBucket` handler always creates containers with extended public ACL, so there is no need to configure it in `NeoFS.CreateContainer`. Make internal `NeoFS` implementation to create containers with `eacl-public-read-write` basic ACL if corresponding parameter is unset. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich
Alex Vanin
parent
0e27fea8f2
commit
880ffe7108
6 changed files with 12 additions and 9 deletions
|
|
@ -22,7 +22,6 @@ type (
|
||||||
CID cid.ID
|
CID cid.ID
|
||||||
Owner user.ID
|
Owner user.ID
|
||||||
Created time.Time
|
Created time.Time
|
||||||
BasicACL uint32
|
|
||||||
LocationConstraint string
|
LocationConstraint string
|
||||||
ObjectLockEnabled bool
|
ObjectLockEnabled bool
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -163,8 +163,6 @@ const (
|
||||||
basicACLReadOnly = "public-read"
|
basicACLReadOnly = "public-read"
|
||||||
basicACLPublic = "public-read-write"
|
basicACLPublic = "public-read-write"
|
||||||
cannedACLAuthRead = "authenticated-read"
|
cannedACLAuthRead = "authenticated-read"
|
||||||
|
|
||||||
publicBasicRule = 0x0FFFFFFF
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type createBucketParams struct {
|
type createBucketParams struct {
|
||||||
|
|
@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string {
|
||||||
func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
|
func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
var (
|
var (
|
||||||
reqInfo = api.GetReqInfo(r.Context())
|
reqInfo = api.GetReqInfo(r.Context())
|
||||||
p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule}
|
p = layer.CreateBucketParams{
|
||||||
|
Name: reqInfo.BucketName,
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
if err := checkBucketName(reqInfo.BucketName); err != nil {
|
if err := checkBucketName(reqInfo.BucketName); err != nil {
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
|
@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
|
||||||
}
|
}
|
||||||
|
|
||||||
info.Owner = *res.OwnerID()
|
info.Owner = *res.OwnerID()
|
||||||
info.BasicACL = res.BasicACL()
|
|
||||||
|
|
||||||
for _, attr := range res.Attributes() {
|
for _, attr := range res.Attributes() {
|
||||||
switch key, val := attr.Key(), attr.Value(); key {
|
switch key, val := attr.Key(), attr.Value(); key {
|
||||||
|
|
@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
|
||||||
Name: p.Name,
|
Name: p.Name,
|
||||||
Owner: ownerID,
|
Owner: ownerID,
|
||||||
Created: time.Now(), // this can be a little incorrect since the real time is set later
|
Created: time.Now(), // this can be a little incorrect since the real time is set later
|
||||||
BasicACL: p.ACL,
|
|
||||||
LocationConstraint: p.LocationConstraint,
|
LocationConstraint: p.LocationConstraint,
|
||||||
ObjectLockEnabled: p.ObjectLockEnabled,
|
ObjectLockEnabled: p.ObjectLockEnabled,
|
||||||
}
|
}
|
||||||
|
|
@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
|
||||||
Policy: *p.Policy,
|
Policy: *p.Policy,
|
||||||
Name: p.Name,
|
Name: p.Name,
|
||||||
SessionToken: p.SessionToken,
|
SessionToken: p.SessionToken,
|
||||||
BasicACL: acl.BasicACL(p.ACL),
|
|
||||||
AdditionalAttributes: attributes,
|
AdditionalAttributes: attributes,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -136,7 +136,6 @@ type (
|
||||||
// CreateBucketParams stores bucket create request parameters.
|
// CreateBucketParams stores bucket create request parameters.
|
||||||
CreateBucketParams struct {
|
CreateBucketParams struct {
|
||||||
Name string
|
Name string
|
||||||
ACL uint32
|
|
||||||
Policy *netmap.PlacementPolicy
|
Policy *netmap.PlacementPolicy
|
||||||
EACL *eacl.Table
|
EACL *eacl.Table
|
||||||
SessionToken *session.Container
|
SessionToken *session.Container
|
||||||
|
|
|
||||||
|
|
@ -144,6 +144,8 @@ type NeoFS interface {
|
||||||
// It sets 'Timestamp' attribute to the current time.
|
// It sets 'Timestamp' attribute to the current time.
|
||||||
// It returns the ID of the saved container.
|
// It returns the ID of the saved container.
|
||||||
//
|
//
|
||||||
|
// Created container is public with enabled ACL extension.
|
||||||
|
//
|
||||||
// It returns exactly one non-nil value. It returns any error encountered which
|
// It returns exactly one non-nil value. It returns any error encountered which
|
||||||
// prevented the container from being created.
|
// prevented the container from being created.
|
||||||
CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error)
|
CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error)
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
|
"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
|
@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateContainer implements neofs.NeoFS interface method.
|
// CreateContainer implements neofs.NeoFS interface method.
|
||||||
|
//
|
||||||
|
// If prm.BasicACL is zero, 'eacl-public-read-write' is used.
|
||||||
func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) {
|
func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) {
|
||||||
|
if prm.BasicACL == 0 {
|
||||||
|
prm.BasicACL = acl.EACLPublicBasicRule
|
||||||
|
}
|
||||||
|
|
||||||
// fill container structure
|
// fill container structure
|
||||||
cnrOptions := []container.Option{
|
cnrOptions := []container.Option{
|
||||||
container.WithPolicy(&prm.Policy),
|
container.WithPolicy(&prm.Policy),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue