mbiryukova/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Pull requests Activity

[#195] Add handling lock headers for PUT and COPY

Browse source 
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-02-28 13:22:07 +03:00 committed by Angira Kekteeva
parent fe9eb9cedc
commit 8553158b81
8 changed files with 106 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
api/data/locking.go
View file

@ -1,5 +1,7 @@
package data package data
import "time"
type ( type (
ObjectLockConfiguration struct { ObjectLockConfiguration struct {
ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"` ObjectLockEnabled string `xml:"ObjectLockEnabled" json:"ObjectLockEnabled"`
@ -15,4 +17,10 @@ type (
Mode string `xml:"Mode" json:"Mode"` Mode string `xml:"Mode" json:"Mode"`
Years int64 `xml:"Years" json:"Years"` Years int64 `xml:"Years" json:"Years"`
} }
ObjectLock struct {
Until time.Time
LegalHold bool
IsCompliance bool
}
) )

17
api/handler/copy.go
View file

@ -107,6 +107,23 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
Header: metadata, Header: metadata,
} }
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
if err != nil {
h.logAndSendError(w, "could not get bucket", reqInfo, err)
return
}
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
if err != nil {
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
return
}
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
h.logAndSendError(w, "could not form object lock", reqInfo, err)
return
}
additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)} additional := []zap.Field{zap.String("src_bucket_name", srcBucket), zap.String("src_object_name", srcObject)}
if info, err = h.obj.CopyObject(r.Context(), params); err != nil { if info, err = h.obj.CopyObject(r.Context(), params); err != nil {
h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...) h.logAndSendError(w, "couldn't copy object", reqInfo, err, additional...)

61
api/handler/locking.go
View file

@ -4,6 +4,7 @@ import (
"encoding/xml" "encoding/xml"
"fmt" "fmt"
"net/http" "net/http"
"time"
"github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/data"
@ -11,6 +12,16 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/api/layer"
) )
const (
dayDuration = 24 * time.Hour
yearDuration = 365 * dayDuration
enabledValue = "Enabled"
governanceMode = "GOVERNANCE"
complianceMode = "COMPLIANCE"
legalHoldOn = "ON"
)
func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) { func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context()) reqInfo := api.GetReqInfo(r.Context())
@ -107,7 +118,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
} }
retention := conf.Rule.DefaultRetention retention := conf.Rule.DefaultRetention
if retention.Mode != "GOVERNANCE" && retention.Mode != "COMPLIANCE" { if retention.Mode != governanceMode && retention.Mode != complianceMode {
return fmt.Errorf("invalid Mode value: %s", retention.Mode) return fmt.Errorf("invalid Mode value: %s", retention.Mode)
} }
@ -121,3 +132,51 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
return nil return nil
} }
func formObjectLock(objectLock *data.ObjectLock, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) error {
if !bktInfo.ObjectLockEnabled {
if existLockHeaders(header) {
return apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound)
}
return nil
}
if defaultConfig == nil {
defaultConfig = &data.ObjectLockConfiguration{}
}
if defaultConfig.Rule != nil && defaultConfig.Rule.DefaultRetention != nil {
defaultRetention := defaultConfig.Rule.DefaultRetention
objectLock.IsCompliance = defaultRetention.Mode == complianceMode
now := time.Now()
if defaultRetention.Days != 0 {
objectLock.Until = now.Add(time.Duration(defaultRetention.Days) * dayDuration)
} else {
objectLock.Until = now.Add(time.Duration(defaultRetention.Years) * yearDuration)
}
}
objectLock.LegalHold = header.Get(api.AmzObjectLockLegalHold) == legalHoldOn
mode := header.Get(api.AmzObjectLockMode)
if mode != "" {
objectLock.IsCompliance = mode == complianceMode
}
until := header.Get(api.AmzObjectLockRetainUntilDate)
if until != "" {
retentionDate, err := time.Parse(time.RFC3339, until)
if err != nil {
return fmt.Errorf("invalid header %s: '%s'", api.AmzObjectLockRetainUntilDate, until)
}
objectLock.Until = retentionDate
}
return nil
}
func existLockHeaders(header http.Header) bool {
return header.Get(api.AmzObjectLockMode) != "" ||
header.Get(api.AmzObjectLockLegalHold) != "" ||
header.Get(api.AmzObjectLockRetainUntilDate) != ""
}

13
api/handler/put.go
View file

@ -182,7 +182,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName) bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
if err != nil { if err != nil {
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err) h.logAndSendError(w, "could not get bucket", reqInfo, err)
return return
} }
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil { if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
@ -209,6 +209,17 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
Header: metadata, Header: metadata,
} }
settings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
if err != nil {
h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
return
}
if err = formObjectLock(params.Lock, bktInfo, settings.LockConfiguration, r.Header); err != nil {
h.logAndSendError(w, "could not form object lock", reqInfo, err)
return
}
info, err := h.obj.PutObject(r.Context(), params) info, err := h.obj.PutObject(r.Context(), params)
if err != nil { if err != nil {
h.logAndSendError(w, "could not upload object", reqInfo, err) h.logAndSendError(w, "could not upload object", reqInfo, err)

4
api/handler/response.go
View file

@ -188,10 +188,6 @@ type Tag struct {
Value string Value string
} }
const (
enabledValue = "Enabled"
)
// MarshalXML - StringMap marshals into XML. // MarshalXML - StringMap marshals into XML.
func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error { func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
tokens := []xml.Token{start} tokens := []xml.Token{start}

3
api/headers.go
View file

@ -47,6 +47,9 @@ const (
AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner" AmzExpectedBucketOwner = "X-Amz-Expected-Bucket-Owner"
AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner" AmzSourceExpectedBucketOwner = "X-Amz-Source-Expected-Bucket-Owner"
AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled" AmzBucketObjectLockEnabled = "X-Amz-Bucket-Object-Lock-Enabled"
AmzObjectLockLegalHold = "X-Amz-Object-Lock-Legal-Hold"
AmzObjectLockMode = "X-Amz-Object-Lock-Mode"
AmzObjectLockRetainUntilDate = "X-Amz-Object-Lock-Retain-Until-Date"
ContainerID = "X-Container-Id" ContainerID = "X-Container-Id"

2
api/layer/layer.go
View file

@ -300,6 +300,7 @@ type (
Size int64 Size int64
Reader io.Reader Reader io.Reader
Header map[string]string Header map[string]string
Lock *data.ObjectLock
} }
// PutSettingsParams stores object copy request parameters. // PutSettingsParams stores object copy request parameters.
@ -322,6 +323,7 @@ type (
SrcSize int64 SrcSize int64
Header map[string]string Header map[string]string
Range *RangeParams Range *RangeParams
Lock *data.ObjectLock
} }
// CreateBucketParams stores bucket create request parameters. // CreateBucketParams stores bucket create request parameters.
CreateBucketParams struct { CreateBucketParams struct {

4
api/layer/object.go
View file

@ -200,6 +200,10 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec
return nil, n.transformNeofsError(ctx, err) return nil, n.transformNeofsError(ctx, err)
} }
if p.Lock != nil {
// todo form lock system object
}
meta, err := n.objectHead(ctx, bkt.CID, id) meta, err := n.objectHead(ctx, bkt.CID, id)
if err != nil { if err != nil {
return nil, err return nil, err