From 9c012d0a66572718a9f7219d2be93b333cf30a2a Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Tue, 9 Apr 2024 17:16:12 +0300 Subject: [PATCH] [#355] Remove policies when delete bucket Signed-off-by: Denis Kirillov --- api/handler/acl_test.go | 29 +++++++++++++++++++++++++++++ api/handler/delete.go | 13 +++++++++++++ 2 files changed, 42 insertions(+) diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go index ba330182..59f7fd5d 100644 --- a/api/handler/acl_test.go +++ b/api/handler/acl_test.go @@ -1505,6 +1505,35 @@ func TestBucketPolicyStatus(t *testing.T) { require.True(t, PolicyStatusIsPublicFalse == bktPolicyStatus.IsPublic) } +func TestDeleteBucketWithPolicy(t *testing.T) { + hc := prepareHandlerContext(t) + + bktName := "bucket-for-policy" + createTestBucket(hc, bktName) + + newPolicy := engineiam.Policy{ + Version: "2012-10-17", + Statement: []engineiam.Statement{{ + Principal: map[engineiam.PrincipalType][]string{engineiam.Wildcard: {}}, + Effect: engineiam.AllowEffect, + Action: engineiam.Action{"s3:PutObject"}, + Resource: engineiam.Resource{"arn:aws:s3:::bucket-for-policy/*"}, + }}, + } + + putBucketPolicy(hc, bktName, newPolicy) + + require.Len(t, hc.h.ape.(*apeMock).policyMap, 1) + require.Len(t, hc.h.ape.(*apeMock).chainMap[engine.NamespaceTarget("")], 4) + + deleteBucket(t, hc, bktName, http.StatusNoContent) + + require.Empty(t, hc.h.ape.(*apeMock).policyMap) + chains, err := hc.h.ape.(*apeMock).ListChains(engine.NamespaceTarget("")) + require.NoError(t, err) + require.Empty(t, chains) +} + func TestBucketPolicyUnmarshal(t *testing.T) { for _, tc := range []struct { name string diff --git a/api/handler/delete.go b/api/handler/delete.go index 8b51e78b..dd02c24a 100644 --- a/api/handler/delete.go +++ b/api/handler/delete.go @@ -15,6 +15,7 @@ import ( apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" + "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "go.uber.org/zap" ) @@ -277,5 +278,17 @@ func (h *handler) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) { }); err != nil { h.logAndSendError(w, "couldn't delete bucket", reqInfo, err) } + + chainIDs := []chain.ID{ + getBucketChainID(chain.S3, bktInfo), + getBucketChainID(chain.Ingress, bktInfo), + getBucketCannedChainID(chain.S3, bktInfo.CID), + getBucketCannedChainID(chain.Ingress, bktInfo.CID), + } + if err = h.ape.DeleteBucketPolicy(reqInfo.Namespace, bktInfo.CID, chainIDs); err != nil { + h.logAndSendError(w, "failed to delete policy from storage", reqInfo, err) + return + } + w.WriteHeader(http.StatusNoContent) }