diff --git a/api/layer/container.go b/api/layer/container.go index 64cafb9f6..e726c2e79 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -28,7 +28,7 @@ type ( const ( attributeLocationConstraint = ".s3-location-constraint" - defaultLocationConstraint = "default" + DefaultLocationConstraint = "default" AttributeLockEnabled = "LockEnabled" ) @@ -125,7 +125,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da var err error ownerID := n.Owner(ctx) if p.LocationConstraint == "" { - p.LocationConstraint = defaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location + p.LocationConstraint = DefaultLocationConstraint // s3tests_boto3.functional.test_s3:test_bucket_get_location } bktInfo := &data.BucketInfo{ Name: p.Name, diff --git a/cmd/authmate/main.go b/cmd/authmate/main.go index 8eab65fd1..22a168db9 100644 --- a/cmd/authmate/main.go +++ b/cmd/authmate/main.go @@ -12,6 +12,7 @@ import ( "time" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/internal/neofs" "github.com/nspcc-dev/neofs-s3-gw/internal/version" @@ -322,6 +323,9 @@ func parsePolicies(val string) (authmate.ContainerPolicies, error) { if err = json.Unmarshal(data, &policies); err != nil { return nil, err } + if _, ok := policies[layer.DefaultLocationConstraint]; ok { + return nil, fmt.Errorf("config overrides %s location constraint", layer.DefaultLocationConstraint) + } return policies, nil }