[#306] Use zero basic acl to mark APE containers

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-14 15:55:12 +03:00 · 2024-02-14 15:55:12 +03:00 · bac1b3fb2d
commit bac1b3fb2d
parent c452d58ce2
6 changed files with 13 additions and 28 deletions
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@ -1608,7 +1608,6 @@ func createBucketOldACL(hc *handlerContext, bktName string, box *accessbox.Box)
 	cnr, err := hc.tp.Container(hc.Context(), cnrID)
 	require.NoError(hc.t, err)
 	cnr.SetBasicACL(acl.PublicRWExtended)
-	cnr.SetAttribute(layer.AttributeAPEEnabled, "false")
 	hc.tp.SetContainer(cnrID, cnr)
 	table := eacl.NewTable()
 	table.SetCID(cnrID)
--- a/api/handler/put.go
+++ b/api/handler/put.go
@ -770,6 +770,7 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
 	p := &layer.CreateBucketParams{
 		Name:       reqInfo.BucketName,
 		Namespace:  reqInfo.Namespace,
+		APEEnabled: true,
 	}

 	if err := checkBucketName(reqInfo.BucketName); err != nil {
--- a/api/layer/container.go
+++ b/api/layer/container.go
@ -12,6 +12,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
@ -28,7 +29,6 @@ type (

 const (
 	attributeLocationConstraint = ".s3-location-constraint"
-	AttributeAPEEnabled         = ".s3-APE-enabled"
 	AttributeLockEnabled        = "LockEnabled"
 )

@ -63,6 +63,7 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
 	info.Created = container.CreatedAt(cnr)
 	info.LocationConstraint = cnr.Attribute(attributeLocationConstraint)
 	info.HomomorphicHashDisabled = container.IsHomomorphicHashingDisabled(cnr)
+	info.APEEnabled = cnr.BasicACL().Bits() == 0

 	attrLockEnabled := cnr.Attribute(AttributeLockEnabled)
 	if len(attrLockEnabled) > 0 {
@ -75,17 +76,6 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
 		}
 	}

-	APEEnabled := cnr.Attribute(AttributeAPEEnabled)
-	if len(APEEnabled) > 0 {
-		info.APEEnabled, err = strconv.ParseBool(APEEnabled)
-		if err != nil {
-			log.Error(logs.CouldNotParseContainerAPEEnabledAttribute,
-				zap.String("ape_enabled", APEEnabled),
-				zap.Error(err),
-			)
-		}
-	}
-
 	zone, _ := n.features.FormContainerZone(reqInfo.Namespace)
 	if zone != info.Zone {
 		return nil, fmt.Errorf("ns '%s' and zone '%s' are mismatched for container '%s'", zone, info.Zone, idCnr)
@ -131,12 +121,11 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		Created:            TimeNow(ctx),
 		LocationConstraint: p.LocationConstraint,
 		ObjectLockEnabled:  p.ObjectLockEnabled,
-		APEEnabled:         true,
+		APEEnabled:         p.APEEnabled,
 	}

 	attributes := [][2]string{
 		{attributeLocationConstraint, p.LocationConstraint},
-		{AttributeAPEEnabled, "true"},
 	}

 	if p.ObjectLockEnabled {
@ -145,6 +134,11 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		})
 	}

+	basicACL := acl.PublicRWExtended
+	if p.APEEnabled {
+		basicACL = 0
+	}
+
 	res, err := n.frostFS.CreateContainer(ctx, PrmContainerCreate{
 		Creator:              bktInfo.Owner,
 		Policy:               p.Policy,
@ -153,6 +147,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		SessionToken:         p.SessionContainerCreation,
 		CreationTime:         bktInfo.Created,
 		AdditionalAttributes: attributes,
+		BasicACL:             basicACL,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("create container: %w", err)
--- a/api/layer/frostfs.go
+++ b/api/layer/frostfs.go
@ -173,8 +173,6 @@ type FrostFS interface {
 	// It sets 'Timestamp' attribute to the current time.
 	// It returns the ID of the saved container.
 	//
-	// Created container is public with enabled ACL extension.
-	//
 	// It returns exactly one non-zero value. It returns any error encountered which
 	// prevented the container from being created.
 	CreateContainer(context.Context, PrmContainerCreate) (*ContainerCreateResult, error)
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@ -178,6 +178,7 @@ type (
 		SessionContainerCreation *session.Container
 		LocationConstraint       string
 		ObjectLockEnabled        bool
+		APEEnabled               bool
 	}
 	// PutBucketACLParams stores put bucket acl request parameters.
 	PutBucketACLParams struct {
--- a/internal/frostfs/frostfs.go
+++ b/internal/frostfs/frostfs.go
@ -14,7 +14,6 @@ import (
 	errorsFrost "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@ -101,16 +100,8 @@ func (x *FrostFS) Container(ctx context.Context, idCnr cid.ID) (*container.Conta
 	return &res, nil
 }

-var basicACLZero acl.Basic
-
 // CreateContainer implements frostfs.FrostFS interface method.
-//
-// If prm.BasicACL is zero, 'eacl-public-read-write' is used.
 func (x *FrostFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*layer.ContainerCreateResult, error) {
-	if prm.BasicACL == basicACLZero {
-		prm.BasicACL = acl.PublicRWExtended
-	}
-
 	var cnr container.Container
 	cnr.Init()
 	cnr.SetPlacementPolicy(prm.Policy)