From bac1b3fb2d6040f16b7867fc5e8909b794a310b4 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Wed, 14 Feb 2024 15:55:12 +0300 Subject: [PATCH] [#306] Use zero basic acl to mark APE containers Signed-off-by: Denis Kirillov --- api/handler/acl_test.go | 1 - api/handler/put.go | 5 +++-- api/layer/container.go | 23 +++++++++-------------- api/layer/frostfs.go | 2 -- api/layer/layer.go | 1 + internal/frostfs/frostfs.go | 9 --------- 6 files changed, 13 insertions(+), 28 deletions(-) diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go index b0e2f1dc..6ba32d30 100644 --- a/api/handler/acl_test.go +++ b/api/handler/acl_test.go @@ -1608,7 +1608,6 @@ func createBucketOldACL(hc *handlerContext, bktName string, box *accessbox.Box) cnr, err := hc.tp.Container(hc.Context(), cnrID) require.NoError(hc.t, err) cnr.SetBasicACL(acl.PublicRWExtended) - cnr.SetAttribute(layer.AttributeAPEEnabled, "false") hc.tp.SetContainer(cnrID, cnr) table := eacl.NewTable() table.SetCID(cnrID) diff --git a/api/handler/put.go b/api/handler/put.go index a3c06f1a..93debea8 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -768,8 +768,9 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() reqInfo := middleware.GetReqInfo(ctx) p := &layer.CreateBucketParams{ - Name: reqInfo.BucketName, - Namespace: reqInfo.Namespace, + Name: reqInfo.BucketName, + Namespace: reqInfo.Namespace, + APEEnabled: true, } if err := checkBucketName(reqInfo.BucketName); err != nil { diff --git a/api/layer/container.go b/api/layer/container.go index 1105fc16..d683cd6d 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -12,6 +12,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container" + "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" @@ -28,7 +29,6 @@ type ( const ( attributeLocationConstraint = ".s3-location-constraint" - AttributeAPEEnabled = ".s3-APE-enabled" AttributeLockEnabled = "LockEnabled" ) @@ -63,6 +63,7 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn info.Created = container.CreatedAt(cnr) info.LocationConstraint = cnr.Attribute(attributeLocationConstraint) info.HomomorphicHashDisabled = container.IsHomomorphicHashingDisabled(cnr) + info.APEEnabled = cnr.BasicACL().Bits() == 0 attrLockEnabled := cnr.Attribute(AttributeLockEnabled) if len(attrLockEnabled) > 0 { @@ -75,17 +76,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn } } - APEEnabled := cnr.Attribute(AttributeAPEEnabled) - if len(APEEnabled) > 0 { - info.APEEnabled, err = strconv.ParseBool(APEEnabled) - if err != nil { - log.Error(logs.CouldNotParseContainerAPEEnabledAttribute, - zap.String("ape_enabled", APEEnabled), - zap.Error(err), - ) - } - } - zone, _ := n.features.FormContainerZone(reqInfo.Namespace) if zone != info.Zone { return nil, fmt.Errorf("ns '%s' and zone '%s' are mismatched for container '%s'", zone, info.Zone, idCnr) @@ -131,12 +121,11 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da Created: TimeNow(ctx), LocationConstraint: p.LocationConstraint, ObjectLockEnabled: p.ObjectLockEnabled, - APEEnabled: true, + APEEnabled: p.APEEnabled, } attributes := [][2]string{ {attributeLocationConstraint, p.LocationConstraint}, - {AttributeAPEEnabled, "true"}, } if p.ObjectLockEnabled { @@ -145,6 +134,11 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da }) } + basicACL := acl.PublicRWExtended + if p.APEEnabled { + basicACL = 0 + } + res, err := n.frostFS.CreateContainer(ctx, PrmContainerCreate{ Creator: bktInfo.Owner, Policy: p.Policy, @@ -153,6 +147,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da SessionToken: p.SessionContainerCreation, CreationTime: bktInfo.Created, AdditionalAttributes: attributes, + BasicACL: basicACL, }) if err != nil { return nil, fmt.Errorf("create container: %w", err) diff --git a/api/layer/frostfs.go b/api/layer/frostfs.go index b1120dc9..9be762a0 100644 --- a/api/layer/frostfs.go +++ b/api/layer/frostfs.go @@ -173,8 +173,6 @@ type FrostFS interface { // It sets 'Timestamp' attribute to the current time. // It returns the ID of the saved container. // - // Created container is public with enabled ACL extension. - // // It returns exactly one non-zero value. It returns any error encountered which // prevented the container from being created. CreateContainer(context.Context, PrmContainerCreate) (*ContainerCreateResult, error) diff --git a/api/layer/layer.go b/api/layer/layer.go index 1049817d..205ff8ee 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -178,6 +178,7 @@ type ( SessionContainerCreation *session.Container LocationConstraint string ObjectLockEnabled bool + APEEnabled bool } // PutBucketACLParams stores put bucket acl request parameters. PutBucketACLParams struct { diff --git a/internal/frostfs/frostfs.go b/internal/frostfs/frostfs.go index 95630aca..7f85c8c2 100644 --- a/internal/frostfs/frostfs.go +++ b/internal/frostfs/frostfs.go @@ -14,7 +14,6 @@ import ( errorsFrost "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container" - "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object" @@ -101,16 +100,8 @@ func (x *FrostFS) Container(ctx context.Context, idCnr cid.ID) (*container.Conta return &res, nil } -var basicACLZero acl.Basic - // CreateContainer implements frostfs.FrostFS interface method. -// -// If prm.BasicACL is zero, 'eacl-public-read-write' is used. func (x *FrostFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*layer.ContainerCreateResult, error) { - if prm.BasicACL == basicACLZero { - prm.BasicACL = acl.PublicRWExtended - } - var cnr container.Container cnr.Init() cnr.SetPlacementPolicy(prm.Policy)