From 8553158b8137783b0c4b77b7f833992eb8c8f226 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Mon, 28 Feb 2022 13:22:07 +0300 Subject: [PATCH] [#195] Add handling lock headers for PUT and COPY Signed-off-by: Denis Kirillov --- api/data/locking.go | 8 ++++++ api/handler/copy.go | 17 ++++++++++++ api/handler/locking.go | 61 ++++++++++++++++++++++++++++++++++++++++- api/handler/put.go | 13 ++++++++- api/handler/response.go | 4 --- api/headers.go | 3 ++ api/layer/layer.go | 2 ++ api/layer/object.go | 4 +++ 8 files changed, 106 insertions(+), 6 deletions(-) diff --git a/api/data/locking.go b/api/data/locking.go index 039eebe5..40686399 100644 --- a/api/data/locking.go +++ b/api/data/locking.go @@ -1,5 +1,7 @@ package data +import "time" + type ( ObjectLockConfiguration struct { ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"` @@ -15,4 +17,10 @@ type ( Mode string `xml:"Mode" json:"Mode"` Years int64 `xml:"Years" json:"Years"` } + + ObjectLock struct { + Until time.Time + LegalHold bool + IsCompliance bool + } ) diff --git a/api/handler/copy.go b/api/handler/copy.go index 0d08a071..28375399 100644 --- a/api/handler/copy.go +++ b/api/handler/copy.go @@ -107,6 +107,23 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) { Header: metadata, } + bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName) + if err != nil { + h.logAndSendError(w, "could not get bucket", reqInfo, err) + return + } + + settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo) + if err != nil { + h.logAndSendError(w, "could not get bucket settings", reqInfo, err) + return + } + + if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil { + h.logAndSendError(w, "could not form object lock", reqInfo, err) + return + } + additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)} if info, err = h.obj.CopyObject(r.Context(), params); err != nil { h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...) diff --git a/api/handler/locking.go b/api/handler/locking.go index 4fdde2ed..d1bcd299 100644 --- a/api/handler/locking.go +++ b/api/handler/locking.go @@ -4,6 +4,7 @@ import ( "encoding/xml" "fmt" "net/http" + "time" "github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api/data" @@ -11,6 +12,16 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer" ) +const ( + dayDuration = 24 * time.Hour + yearDuration = 365 * dayDuration + + enabledValue = "Enabled" + governanceMode = "GOVERNANCE" + complianceMode = "COMPLIANCE" + legalHoldOn = "ON" +) + func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) { reqInfo := api.GetReqInfo(r.Context()) @@ -107,7 +118,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error { } retention := conf.Rule.DefaultRetention - if retention.Mode != "GOVERNANCE" && retention.Mode != "COMPLIANCE" { + if retention.Mode != governanceMode && retention.Mode != complianceMode { return fmt.Errorf("invalid Mode value: %s", retention.Mode) } @@ -121,3 +132,51 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error { return nil } + +func formObjectLock(objectLock *data.ObjectLock, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) error { + if !bktInfo.ObjectLockEnabled { + if existLockHeaders(header) { + return apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound) + } + return nil + } + + if defaultConfig == nil { + defaultConfig = &data.ObjectLockConfiguration{} + } + + if defaultConfig.Rule != nil && defaultConfig.Rule.DefaultRetention != nil { + defaultRetention := defaultConfig.Rule.DefaultRetention + objectLock.IsCompliance = defaultRetention.Mode == complianceMode + now := time.Now() + if defaultRetention.Days != 0 { + objectLock.Until = now.Add(time.Duration(defaultRetention.Days) * dayDuration) + } else { + objectLock.Until = now.Add(time.Duration(defaultRetention.Years) * yearDuration) + } + } + + objectLock.LegalHold = header.Get(api.AmzObjectLockLegalHold) == legalHoldOn + + mode := header.Get(api.AmzObjectLockMode) + if mode != "" { + objectLock.IsCompliance = mode == complianceMode + } + + until := header.Get(api.AmzObjectLockRetainUntilDate) + if until != "" { + retentionDate, err := time.Parse(time.RFC3339, until) + if err != nil { + return fmt.Errorf("invalid header %s: '%s'", api.AmzObjectLockRetainUntilDate, until) + } + objectLock.Until = retentionDate + } + + return nil +} + +func existLockHeaders(header http.Header) bool { + return header.Get(api.AmzObjectLockMode) != "" || + header.Get(api.AmzObjectLockLegalHold) != "" || + header.Get(api.AmzObjectLockRetainUntilDate) != "" +} diff --git a/api/handler/put.go b/api/handler/put.go index f7d27685..82f0e1f8 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -182,7 +182,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) { bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName) if err != nil { - h.logAndSendError(w, "could not get bucket eacl", reqInfo, err) + h.logAndSendError(w, "could not get bucket", reqInfo, err) return } if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil { @@ -209,6 +209,17 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) { Header: metadata, } + settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo) + if err != nil { + h.logAndSendError(w, "could not get bucket settings", reqInfo, err) + return + } + + if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil { + h.logAndSendError(w, "could not form object lock", reqInfo, err) + return + } + info, err := h.obj.PutObject(r.Context(), params) if err != nil { h.logAndSendError(w, "could not upload object", reqInfo, err) diff --git a/api/handler/response.go b/api/handler/response.go index 1fce9c32..d50a8ec2 100644 --- a/api/handler/response.go +++ b/api/handler/response.go @@ -188,10 +188,6 @@ type Tag struct { Value string } -const ( - enabledValue = "Enabled" -) - // MarshalXML - StringMap marshals into XML. func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error { tokens := []xml.Token{start} diff --git a/api/headers.go b/api/headers.go index f9d39c90..e946e5ac 100644 --- a/api/headers.go +++ b/api/headers.go @@ -47,6 +47,9 @@ const ( AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner" AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner" AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled" + AmzObjectLockLegalHold = "X-Amz-Object-Lock-Legal-Hold" + AmzObjectLockMode = "X-Amz-Object-Lock-Mode" + AmzObjectLockRetainUntilDate = "X-Amz-Object-Lock-Retain-Until-Date" ContainerID = "X-Container-Id" diff --git a/api/layer/layer.go b/api/layer/layer.go index 2ad50360..ea589578 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -300,6 +300,7 @@ type ( Size int64 Reader io.Reader Header map[string]string + Lock *data.ObjectLock } // PutSettingsParams stores object copy request parameters. @@ -322,6 +323,7 @@ type ( SrcSize int64 Header map[string]string Range *RangeParams + Lock *data.ObjectLock } // CreateBucketParams stores bucket create request parameters. CreateBucketParams struct { diff --git a/api/layer/object.go b/api/layer/object.go index e953b391..120350e9 100644 --- a/api/layer/object.go +++ b/api/layer/object.go @@ -200,6 +200,10 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec return nil, n.transformNeofsError(ctx, err) } + if p.Lock != nil { + // todo form lock system object + } + meta, err := n.objectHead(ctx, bkt.CID, id) if err != nil { return nil, err