diff --git a/api/data/info.go b/api/data/info.go index b8e48fca0..9ca034cee 100644 --- a/api/data/info.go +++ b/api/data/info.go @@ -22,7 +22,6 @@ type ( CID cid.ID Owner user.ID Created time.Time - BasicACL uint32 LocationConstraint string ObjectLockEnabled bool } diff --git a/api/handler/put.go b/api/handler/put.go index a8efebe00..cb585a5e3 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -163,8 +163,6 @@ const ( basicACLReadOnly = "public-read" basicACLPublic = "public-read-write" cannedACLAuthRead = "authenticated-read" - - publicBasicRule = 0x0FFFFFFF ) type createBucketParams struct { @@ -572,7 +570,9 @@ func parseMetadata(r *http.Request) map[string]string { func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) { var ( reqInfo = api.GetReqInfo(r.Context()) - p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule} + p = layer.CreateBucketParams{ + Name: reqInfo.BucketName, + } ) if err := checkBucketName(reqInfo.BucketName); err != nil { diff --git a/api/layer/container.go b/api/layer/container.go index 003ffef4a..33d4d74e0 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -8,7 +8,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/errors" - "github.com/nspcc-dev/neofs-sdk-go/acl" "github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -53,7 +52,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn } info.Owner = *res.OwnerID() - info.BasicACL = res.BasicACL() for _, attr := range res.Attributes() { switch key, val := attr.Key(), attr.Value(); key { @@ -129,7 +127,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da Name: p.Name, Owner: ownerID, Created: time.Now(), // this can be a little incorrect since the real time is set later - BasicACL: p.ACL, LocationConstraint: p.LocationConstraint, ObjectLockEnabled: p.ObjectLockEnabled, } @@ -151,7 +148,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da Policy: *p.Policy, Name: p.Name, SessionToken: p.SessionToken, - BasicACL: acl.BasicACL(p.ACL), AdditionalAttributes: attributes, }) if err != nil { diff --git a/api/layer/layer.go b/api/layer/layer.go index d49b230a2..bed9bda87 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -136,7 +136,6 @@ type ( // CreateBucketParams stores bucket create request parameters. CreateBucketParams struct { Name string - ACL uint32 Policy *netmap.PlacementPolicy EACL *eacl.Table SessionToken *session.Container diff --git a/api/layer/neofs.go b/api/layer/neofs.go index de73f3d38..9ffbe7831 100644 --- a/api/layer/neofs.go +++ b/api/layer/neofs.go @@ -144,6 +144,8 @@ type NeoFS interface { // It sets 'Timestamp' attribute to the current time. // It returns the ID of the saved container. // + // Created container is public with enabled ACL extension. + // // It returns exactly one non-nil value. It returns any error encountered which // prevented the container from being created. CreateContainer(context.Context, PrmContainerCreate) (*cid.ID, error) diff --git a/internal/neofs/neofs.go b/internal/neofs/neofs.go index b3b5e7312..d12828c8e 100644 --- a/internal/neofs/neofs.go +++ b/internal/neofs/neofs.go @@ -16,6 +16,7 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens" + "github.com/nspcc-dev/neofs-sdk-go/acl" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -119,7 +120,13 @@ func (x *NeoFS) Container(ctx context.Context, idCnr cid.ID) (*container.Contain } // CreateContainer implements neofs.NeoFS interface method. +// +// If prm.BasicACL is zero, 'eacl-public-read-write' is used. func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*cid.ID, error) { + if prm.BasicACL == 0 { + prm.BasicACL = acl.EACLPublicBasicRule + } + // fill container structure cnrOptions := []container.Option{ container.WithPolicy(&prm.Policy),