[#308] Correct access denied status code

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-01-21 15:06:39 +03:00 committed by Angira Kekteeva
parent 9078296d7d
commit 962d136e73
3 changed files with 30 additions and 9 deletions

View file

@ -313,7 +313,8 @@ func (n *layer) SessionOpt(ctx context.Context) pool.CallOption {
// Get NeoFS Object by refs.Address (should be used by auth.Center). // Get NeoFS Object by refs.Address (should be used by auth.Center).
func (n *layer) Get(ctx context.Context, address *object.Address) (*object.Object, error) { func (n *layer) Get(ctx context.Context, address *object.Address) (*object.Object, error) {
ops := new(client.GetObjectParams).WithAddress(address) ops := new(client.GetObjectParams).WithAddress(address)
return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...)
return obj, n.transformNeofsError(ctx, err)
} }
// GetBucketInfo returns bucket info by name. // GetBucketInfo returns bucket info by name.

View file

@ -101,7 +101,9 @@ func (n *layer) objectSearch(ctx context.Context, p *findParams) ([]*object.ID,
opts.AddFilter(object.AttributeFileName, prefix, object.MatchCommonPrefix) opts.AddFilter(object.AttributeFileName, prefix, object.MatchCommonPrefix)
} }
searchParams := new(client.SearchObjectParams).WithContainerID(p.cid).WithSearchFilters(opts) searchParams := new(client.SearchObjectParams).WithContainerID(p.cid).WithSearchFilters(opts)
return n.pool.SearchObject(ctx, searchParams, n.CallOptions(ctx)...)
ids, err := n.pool.SearchObject(ctx, searchParams, n.CallOptions(ctx)...)
return ids, n.transformNeofsError(ctx, err)
} }
func newAddress(cid *cid.ID, oid *object.ID) *object.Address { func newAddress(cid *cid.ID, oid *object.ID) *object.Address {
@ -114,7 +116,8 @@ func newAddress(cid *cid.ID, oid *object.ID) *object.Address {
// objectHead returns all object's headers. // objectHead returns all object's headers.
func (n *layer) objectHead(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) { func (n *layer) objectHead(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) {
ops := new(client.ObjectHeaderParams).WithAddress(newAddress(cid, oid)).WithAllFields() ops := new(client.ObjectHeaderParams).WithAddress(newAddress(cid, oid)).WithAllFields()
return n.pool.GetObjectHeader(ctx, ops, n.CallOptions(ctx)...) obj, err := n.pool.GetObjectHeader(ctx, ops, n.CallOptions(ctx)...)
return obj, n.transformNeofsError(ctx, err)
} }
// objectGetWithPayloadWriter and write it into provided io.Reader. // objectGetWithPayloadWriter and write it into provided io.Reader.
@ -122,20 +125,23 @@ func (n *layer) objectGetWithPayloadWriter(ctx context.Context, p *getParams) (*
// prepare length/offset writer // prepare length/offset writer
w := newWriter(p.Writer, p.offset, p.length) w := newWriter(p.Writer, p.offset, p.length)
ops := new(client.GetObjectParams).WithAddress(newAddress(p.cid, p.oid)).WithPayloadWriter(w) ops := new(client.GetObjectParams).WithAddress(newAddress(p.cid, p.oid)).WithPayloadWriter(w)
return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...)
return obj, n.transformNeofsError(ctx, err)
} }
// objectGet returns an object with payload in the object. // objectGet returns an object with payload in the object.
func (n *layer) objectGet(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) { func (n *layer) objectGet(ctx context.Context, cid *cid.ID, oid *object.ID) (*object.Object, error) {
ops := new(client.GetObjectParams).WithAddress(newAddress(cid, oid)) ops := new(client.GetObjectParams).WithAddress(newAddress(cid, oid))
return n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...) obj, err := n.pool.GetObject(ctx, ops, n.CallOptions(ctx)...)
return obj, n.transformNeofsError(ctx, err)
} }
// objectRange gets object range and writes it into provided io.Writer. // objectRange gets object range and writes it into provided io.Writer.
func (n *layer) objectRange(ctx context.Context, p *getParams) ([]byte, error) { func (n *layer) objectRange(ctx context.Context, p *getParams) ([]byte, error) {
w := newWriter(p.Writer, p.offset, p.length) w := newWriter(p.Writer, p.offset, p.length)
ops := new(client.RangeDataParams).WithAddress(newAddress(p.cid, p.oid)).WithDataWriter(w).WithRange(p.Range) ops := new(client.RangeDataParams).WithAddress(newAddress(p.cid, p.oid)).WithDataWriter(w).WithRange(p.Range)
return n.pool.ObjectPayloadRangeData(ctx, ops, n.CallOptions(ctx)...) payload, err := n.pool.ObjectPayloadRangeData(ctx, ops, n.CallOptions(ctx)...)
return payload, n.transformNeofsError(ctx, err)
} }
// objectPut into NeoFS, took payload from io.Reader. // objectPut into NeoFS, took payload from io.Reader.
@ -168,7 +174,7 @@ func (n *layer) objectPut(ctx context.Context, bkt *data.BucketInfo, p *PutObjec
ops := new(client.PutObjectParams).WithObject(rawObject.Object()).WithPayloadReader(r) ops := new(client.PutObjectParams).WithObject(rawObject.Object()).WithPayloadReader(r)
oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...) oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...)
if err != nil { if err != nil {
return nil, err return nil, n.transformNeofsError(ctx, err)
} }
if p.Header[VersionsDeleteMarkAttr] == DelMarkFullObject { if p.Header[VersionsDeleteMarkAttr] == DelMarkFullObject {
@ -395,7 +401,8 @@ func (n *layer) objectDelete(ctx context.Context, cid *cid.ID, oid *object.ID) e
dop := new(client.DeleteObjectParams) dop := new(client.DeleteObjectParams)
dop.WithAddress(address) dop.WithAddress(address)
n.objCache.Delete(address) n.objCache.Delete(address)
return n.pool.DeleteObject(ctx, dop, n.CallOptions(ctx)...) err := n.pool.DeleteObject(ctx, dop, n.CallOptions(ctx)...)
return n.transformNeofsError(ctx, err)
} }
// ListObjectsV1 returns objects in a bucket for requests of Version 1. // ListObjectsV1 returns objects in a bucket for requests of Version 1.
@ -639,3 +646,16 @@ func (n *layer) objectFromObjectsCacheOrNeoFS(ctx context.Context, cid *cid.ID,
return meta return meta
} }
func (n *layer) transformNeofsError(ctx context.Context, err error) error {
if err == nil {
return nil
}
if strings.Contains(err.Error(), "access to operation") && strings.Contains(err.Error(), "is denied by") {
n.log.Debug("error was transformed", zap.String("request_id", api.GetRequestID(ctx)), zap.Error(err))
return apiErrors.GetAPIError(apiErrors.ErrAccessDenied)
}
return err
}

View file

@ -107,7 +107,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject
ops := new(client.PutObjectParams).WithObject(raw.Object()).WithPayloadReader(p.Reader) ops := new(client.PutObjectParams).WithObject(raw.Object()).WithPayloadReader(p.Reader)
oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...) oid, err := n.pool.PutObject(ctx, ops, n.CallOptions(ctx)...)
if err != nil { if err != nil {
return nil, err return nil, n.transformNeofsError(ctx, err)
} }
meta, err := n.objectHead(ctx, p.BktInfo.CID, oid) meta, err := n.objectHead(ctx, p.BktInfo.CID, oid)