From 962d136e736697341d12db1b1de118fa6d738d59 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Fri, 21 Jan 2022 15:06:39 +0300 Subject: [PATCH] [#308] Correct access denied status code Signed-off-by: Denis Kirillov --- api/layer/layer.go | 3 ++- api/layer/object.go | 34 +++++++++++++++++++++++++++------- api/layer/system_object.go | 2 +- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/api/layer/layer.go b/api/layer/layer.go index 1aadd740b..ffc64db9d 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -313,7 +313,8 @@ func (n *layer) SessionOpt(ctx context.Context) pool.CallOption { // Get NeoFS Object by refs.Address (should be used by auth.Center). func (n *layer) Get(ctx context.Context, address *object.Address) (*object.Object, error) { ops := new(client.GetObjectParams).WithAddress(address) - return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + return obj, n.transformNeofsError(ctx, err) } // GetBucketInfo returns bucket info by name. diff --git a/api/layer/object.go b/api/layer/object.go index 790307e1d..e2ad9a83b 100644 --- a/api/layer/object.go +++ b/api/layer/object.go @@ -101,7 +101,9 @@ func (n *layer) objectSearch(ctx context.Context, p *findParams) ([]*object.ID, opts.AddFilter(object.AttributeFileName, prefix, object.MatchCommonPrefix) } searchParams := new(client.SearchObjectParams).WithContainerID(p.cid).WithSearchFilters(opts) - return n.pool.SearchObject(ctx, searchParams, n.CallOptions(ctx)...) + + ids, err := n.pool.SearchObject(ctx, searchParams, n.CallOptions(ctx)...) + return ids, n.transformNeofsError(ctx, err) } func newAddress(cid *cid.ID, oid *object.ID) *object.Address { @@ -114,7 +116,8 @@ func newAddress(cid *cid.ID, oid *object.ID) *object.Address { // objectHead returns all object's headers. func (n *layer) objectHead(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) { ops := new(client.ObjectHeaderParams).WithAddress(newAddress(cid, oid)).WithAllFields() - return n.pool.GetObjectHeader(ctx, ops, n.CallOptions(ctx)...) + obj, err := n.pool.GetObjectHeader(ctx, ops, n.CallOptions(ctx)...) + return obj, n.transformNeofsError(ctx, err) } // objectGetWithPayloadWriter and write it into provided io.Reader. @@ -122,20 +125,23 @@ func (n *layer) objectGetWithPayloadWriter(ctx context.Context, p *getParams) (* // prepare length/offset writer w := newWriter(p.Writer, p.offset, p.length) ops := new(client.GetObjectParams).WithAddress(newAddress(p.cid, p.oid)).WithPayloadWriter(w) - return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + return obj, n.transformNeofsError(ctx, err) } // objectGet returns an object with payload in the object. func (n *layer) objectGet(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) { ops := new(client.GetObjectParams).WithAddress(newAddress(cid, oid)) - return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) + return obj, n.transformNeofsError(ctx, err) } // objectRange gets object range and writes it into provided io.Writer. func (n *layer) objectRange(ctx context.Context, p *getParams) ([]byte, error) { w := newWriter(p.Writer, p.offset, p.length) ops := new(client.RangeDataParams).WithAddress(newAddress(p.cid, p.oid)).WithDataWriter(w).WithRange(p.Range) - return n.pool.ObjectPayloadRangeData(ctx, ops, n.CallOptions(ctx)...) + payload, err := n.pool.ObjectPayloadRangeData(ctx, ops, n.CallOptions(ctx)...) + return payload, n.transformNeofsError(ctx, err) } // objectPut into NeoFS, took payload from io.Reader. @@ -168,7 +174,7 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec ops := new(client.PutObjectParams).WithObject(rawObject.Object()).WithPayloadReader(r) oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...) if err != nil { - return nil, err + return nil, n.transformNeofsError(ctx, err) } if p.Header[VersionsDeleteMarkAttr] == DelMarkFullObject { @@ -395,7 +401,8 @@ func (n *layer) objectDelete(ctx context.Context, cid *cid.ID, oid *object.ID) e dop := new(client.DeleteObjectParams) dop.WithAddress(address) n.objCache.Delete(address) - return n.pool.DeleteObject(ctx, dop, n.CallOptions(ctx)...) + err := n.pool.DeleteObject(ctx, dop, n.CallOptions(ctx)...) + return n.transformNeofsError(ctx, err) } // ListObjectsV1 returns objects in a bucket for requests of Version 1. @@ -639,3 +646,16 @@ func (n *layer) objectFromObjectsCacheOrNeoFS(ctx context.Context, cid *cid.ID, return meta } + +func (n *layer) transformNeofsError(ctx context.Context, err error) error { + if err == nil { + return nil + } + + if strings.Contains(err.Error(), "access to operation") && strings.Contains(err.Error(), "is denied by") { + n.log.Debug("error was transformed", zap.String("request_id", api.GetRequestID(ctx)), zap.Error(err)) + return apiErrors.GetAPIError(apiErrors.ErrAccessDenied) + } + + return err +} diff --git a/api/layer/system_object.go b/api/layer/system_object.go index d5b891e98..7bf2020bf 100644 --- a/api/layer/system_object.go +++ b/api/layer/system_object.go @@ -107,7 +107,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject ops := new(client.PutObjectParams).WithObject(raw.Object()).WithPayloadReader(p.Reader) oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...) if err != nil { - return nil, err + return nil, n.transformNeofsError(ctx, err) } meta, err := n.objectHead(ctx, p.BktInfo.CID, oid)