forked from TrueCloudLab/frostfs-s3-gw
e11b1b76ba
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
228 lines
5.3 KiB
Go
228 lines
5.3 KiB
Go
package layer
|
|
|
|
import (
|
|
"context"
|
|
"crypto/ecdsa"
|
|
"fmt"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
|
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
|
"github.com/nspcc-dev/neofs-s3-gw/api"
|
|
"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
|
|
"github.com/nspcc-dev/neofs-sdk-go/pkg/pool"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type (
|
|
// BucketInfo stores basic bucket data.
|
|
BucketInfo struct {
|
|
Name string
|
|
CID *cid.ID
|
|
Owner *owner.ID
|
|
Created time.Time
|
|
}
|
|
|
|
// ListObjectsParams represents object listing request parameters.
|
|
ListObjectsParams struct {
|
|
Bucket string
|
|
Prefix string
|
|
Token string
|
|
Delimiter string
|
|
MaxKeys int
|
|
Marker string
|
|
Version int
|
|
}
|
|
)
|
|
|
|
func (n *layer) containerInfo(ctx context.Context, cid *cid.ID) (*BucketInfo, error) {
|
|
var (
|
|
err error
|
|
res *container.Container
|
|
rid = api.GetRequestID(ctx)
|
|
bearerOpt = n.BearerOpt(ctx)
|
|
|
|
info = &BucketInfo{
|
|
CID: cid,
|
|
Name: cid.String(),
|
|
}
|
|
)
|
|
res, err = n.pool.GetContainer(ctx, cid, bearerOpt)
|
|
if err != nil {
|
|
n.log.Error("could not fetch container",
|
|
zap.Stringer("cid", cid),
|
|
zap.String("request_id", rid),
|
|
zap.Error(err))
|
|
|
|
return nil, err
|
|
}
|
|
|
|
info.Owner = res.OwnerID()
|
|
|
|
for _, attr := range res.Attributes() {
|
|
switch key, val := attr.Key(), attr.Value(); key {
|
|
case container.AttributeName:
|
|
info.Name = val
|
|
case container.AttributeTimestamp:
|
|
unix, err := strconv.ParseInt(attr.Value(), 10, 64)
|
|
if err != nil {
|
|
n.log.Error("could not parse container creation time",
|
|
zap.Stringer("cid", cid),
|
|
zap.String("request_id", rid),
|
|
zap.String("created_at", val),
|
|
zap.Error(err))
|
|
|
|
continue
|
|
}
|
|
|
|
info.Created = time.Unix(unix, 0)
|
|
}
|
|
}
|
|
|
|
return info, nil
|
|
}
|
|
|
|
func (n *layer) containerList(ctx context.Context) ([]*BucketInfo, error) {
|
|
var (
|
|
err error
|
|
own = n.Owner(ctx)
|
|
bearerOpt = n.BearerOpt(ctx)
|
|
res []*cid.ID
|
|
rid = api.GetRequestID(ctx)
|
|
)
|
|
res, err = n.pool.ListContainers(ctx, own, bearerOpt)
|
|
if err != nil {
|
|
n.log.Error("could not fetch container",
|
|
zap.String("request_id", rid),
|
|
zap.Error(err))
|
|
return nil, err
|
|
}
|
|
|
|
list := make([]*BucketInfo, 0, len(res))
|
|
for _, cid := range res {
|
|
info, err := n.containerInfo(ctx, cid)
|
|
if err != nil {
|
|
n.log.Error("could not fetch container info",
|
|
zap.String("request_id", rid),
|
|
zap.Error(err))
|
|
continue
|
|
}
|
|
|
|
list = append(list, info)
|
|
}
|
|
|
|
return list, nil
|
|
}
|
|
|
|
func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*cid.ID, error) {
|
|
cnr := container.New(
|
|
container.WithPolicy(p.Policy),
|
|
container.WithCustomBasicACL(p.ACL),
|
|
container.WithAttribute(container.AttributeName, p.Name),
|
|
container.WithAttribute(container.AttributeTimestamp, strconv.FormatInt(time.Now().Unix(), 10)))
|
|
|
|
var gateData *accessbox.GateData
|
|
if data, ok := ctx.Value(api.GateData).(*accessbox.GateData); ok && data != nil {
|
|
gateData = data
|
|
} else {
|
|
return nil, fmt.Errorf("couldn't get gate data from context")
|
|
}
|
|
|
|
cnr.SetSessionToken(gateData.SessionToken)
|
|
cnr.SetOwnerID(n.Owner(ctx))
|
|
|
|
cid, err := n.pool.PutContainer(ctx, cnr)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create a bucket: %w", err)
|
|
}
|
|
|
|
if err = n.pool.WaitForContainerPresence(ctx, cid, pool.DefaultPollingParams()); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := n.setContainerEACL(ctx, cid, gateData.GateKey); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return cid, nil
|
|
}
|
|
|
|
func (n *layer) setContainerEACL(ctx context.Context, cid *cid.ID, gateKey *keys.PublicKey) error {
|
|
if gateKey == nil {
|
|
return fmt.Errorf("gate key must not be nil")
|
|
}
|
|
|
|
table := formDefaultTable(cid, *(*ecdsa.PublicKey)(gateKey))
|
|
if err := n.pool.SetEACL(ctx, table, n.SessionOpt(ctx)); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := n.waitEACLPresence(ctx, cid, defaultWaitParams()); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func formDefaultTable(cid *cid.ID, gateKey ecdsa.PublicKey) *eacl.Table {
|
|
table := eacl.NewTable()
|
|
table.SetCID(cid)
|
|
|
|
for op := eacl.OperationGet; op <= eacl.OperationRangeHash; op++ {
|
|
record := eacl.NewRecord()
|
|
record.SetOperation(op)
|
|
record.SetAction(eacl.ActionAllow)
|
|
eacl.AddFormedTarget(record, eacl.RoleUser, gateKey)
|
|
table.AddRecord(record)
|
|
|
|
record2 := eacl.NewRecord()
|
|
record2.SetOperation(op)
|
|
record2.SetAction(eacl.ActionDeny)
|
|
eacl.AddFormedTarget(record2, eacl.RoleOthers)
|
|
table.AddRecord(record2)
|
|
}
|
|
|
|
return table
|
|
}
|
|
|
|
type waitParams struct {
|
|
WaitTimeout time.Duration
|
|
PollInterval time.Duration
|
|
}
|
|
|
|
func defaultWaitParams() *waitParams {
|
|
return &waitParams{
|
|
WaitTimeout: 60 * time.Second,
|
|
PollInterval: 3 * time.Second,
|
|
}
|
|
}
|
|
|
|
func (n *layer) waitEACLPresence(ctx context.Context, cid *cid.ID, params *waitParams) error {
|
|
wctx, cancel := context.WithTimeout(ctx, params.WaitTimeout)
|
|
defer cancel()
|
|
ticker := time.NewTimer(params.PollInterval)
|
|
defer ticker.Stop()
|
|
wdone := wctx.Done()
|
|
done := ctx.Done()
|
|
for {
|
|
select {
|
|
case <-done:
|
|
return ctx.Err()
|
|
case <-wdone:
|
|
return wctx.Err()
|
|
case <-ticker.C:
|
|
if _, err := n.pool.GetEACL(ctx, cid); err == nil {
|
|
return nil
|
|
}
|
|
ticker.Reset(params.PollInterval)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (n *layer) deleteContainer(ctx context.Context, cid *cid.ID) error {
|
|
return n.pool.DeleteContainer(ctx, cid, n.SessionOpt(ctx))
|
|
}
|