[TrueCloudLab#34] Fix resolve_bucket format in docs

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
[TrueCloudLab#36] Update CHANGELOG.md
2023-02-20 19:23:11 +03:00 · 2023-02-20 19:22:48 +03:00 · 2023-02-20 19:22:48 +03:00
6 changed files with 91 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,9 @@ This document outlines major changes between releases.

 ## [Unreleased]

+### Fixed
+- Get empty bucket CORS from frostfs (TrueCloudLab#36)
+
 ### Added
 - Return container name in `head-bucket` response (TrueCloudLab#18)
 - Billing metrics (TrueCloudLab#5)
--- a/api/handler/cors_test.go
+++ b/api/handler/cors_test.go
@ -0,0 +1,41 @@
+package handler
+
+import (
+	"context"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/TrueCloudLab/frostfs-s3-gw/api"
+)
+
+func TestCORSOriginWildcard(t *testing.T) {
+	body := `
+<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+	<CORSRule>
+		<AllowedMethod>GET</AllowedMethod>
+		<AllowedOrigin>*</AllowedOrigin>
+	</CORSRule>
+</CORSConfiguration>
+`
+	hc := prepareHandlerContext(t)
+
+	bktName := "bucket-for-cors"
+	box, _ := createAccessBox(t)
+	w, r := prepareTestRequest(hc, bktName, "", nil)
+	ctx := context.WithValue(r.Context(), api.BoxData, box)
+	r = r.WithContext(ctx)
+	r.Header.Add(api.AmzACL, "public-read")
+	hc.Handler().CreateBucketHandler(w, r)
+	assertStatus(t, w, http.StatusOK)
+
+	w, r = prepareTestPayloadRequest(hc, bktName, "", strings.NewReader(body))
+	ctx = context.WithValue(r.Context(), api.BoxData, box)
+	r = r.WithContext(ctx)
+	hc.Handler().PutBucketCorsHandler(w, r)
+	assertStatus(t, w, http.StatusOK)
+
+	w, r = prepareTestPayloadRequest(hc, bktName, "", nil)
+	hc.Handler().GetBucketCorsHandler(w, r)
+	assertStatus(t, w, http.StatusOK)
+}
--- a/api/layer/cors.go
+++ b/api/layer/cors.go
@ -39,7 +39,7 @@ func (n *layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
 	prm := PrmObjectCreate{
 		Container:    p.BktInfo.CID,
 		Creator:      p.BktInfo.Owner,
-		Payload:      p.Reader,
+		Payload:      &buf,
 		Filepath:     p.BktInfo.CORSObjectName(),
 		CreationTime: TimeNow(ctx),
 		CopiesNumber: p.CopiesNumber,
--- a/api/layer/neofs_mock.go
+++ b/api/layer/neofs_mock.go
@ -144,7 +144,7 @@ func (t *TestFrostFS) ReadObject(ctx context.Context, prm PrmObjectRead) (*Objec

 	if obj, ok := t.objects[sAddr]; ok {
 		owner := getOwner(ctx)
-		if !obj.OwnerID().Equals(owner) {
+		if !obj.OwnerID().Equals(owner) && !t.isPublicRead(prm.Container) {
 			return nil, ErrAccessDenied
 		}

@ -282,6 +282,25 @@ func (t *TestFrostFS) ContainerEACL(_ context.Context, cnrID cid.ID) (*eacl.Tabl
 	return table, nil
 }

+func (t *TestFrostFS) isPublicRead(cnrID cid.ID) bool {
+	table, ok := t.eaclTables[cnrID.EncodeToString()]
+	if !ok {
+		return false
+	}
+
+	for _, rec := range table.Records() {
+		if rec.Operation() == eacl.OperationGet && len(rec.Filters()) == 0 {
+			for _, trgt := range rec.Targets() {
+				if trgt.Role() == eacl.RoleOthers {
+					return rec.Action() == eacl.ActionAllow
+				}
+			}
+		}
+	}
+
+	return false
+}
+
 func getOwner(ctx context.Context) user.ID {
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
 		return bearer.ResolveIssuer(*bd.Gate.BearerToken)
--- a/api/layer/tree_mock.go
+++ b/api/layer/tree_mock.go
@ -109,11 +109,32 @@ func (t *TreeServiceMock) PutNotificationConfigurationNode(ctx context.Context,
 }

 func (t *TreeServiceMock) GetBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid.ID, error) {
-	panic("implement me")
+	systemMap, ok := t.system[bktInfo.CID.EncodeToString()]
+	if !ok {
+		return oid.ID{}, nil
+	}
+
+	node, ok := systemMap["cors"]
+	if !ok {
+		return oid.ID{}, nil
+	}
+
+	return node.OID, nil
 }

 func (t *TreeServiceMock) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) (oid.ID, error) {
-	panic("implement me")
+	systemMap, ok := t.system[bktInfo.CID.EncodeToString()]
+	if !ok {
+		systemMap = make(map[string]*data.BaseNodeVersion)
+	}
+
+	systemMap["cors"] = &data.BaseNodeVersion{
+		OID: objID,
+	}
+
+	t.system[bktInfo.CID.EncodeToString()] = systemMap
+
+	return oid.ID{}, ErrNoNodeToRemove
 }

 func (t *TreeServiceMock) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid.ID, error) {
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -486,9 +486,9 @@ Bucket name resolving parameters from and to container ID with `HEAD` request.

 ```yaml
 resolve_bucket:
-allow:
-  - container
-deny:
+  allow:
+    - container
+  deny:
 ```

 | Parameter | Type       | Default value | Description                                                                                                              |
Author	SHA1	Message	Date
Denis Kirillov	6eb7966800	[TrueCloudLab#34] Fix `resolve_bucket` format in docs Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-02-20 19:23:11 +03:00
Denis Kirillov	2dcb3c283d	[TrueCloudLab#36] Update CHANGELOG.md Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-02-20 19:22:48 +03:00
Denis Kirillov	740acadd37	[TrueCloudLab#36] Fix cors object payload Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-02-20 19:22:48 +03:00