realloc/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#306] acl: Handle put/get acl for APE buckets

Browse source 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-02-12 15:28:55 +03:00
parent 1f2cf0ed67
commit 3d0d2032c6
13 changed files with 280 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

54
api/handler/acl_test.go
View file

@ -16,9 +16,11 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@ -1303,7 +1305,7 @@ func TestPutBucketACL(t *testing.T) {
bktName := "bucket-for-acl"
box, _ := createAccessBox(t)
bktInfo := createBucket(t, tc, bktName, box)
bktInfo := createBucketOldACL(tc, bktName, box)
header := map[string]string{api.AmzACL: "public-read"}
putBucketACL(t, tc, bktName, box, header)
@ -1488,12 +1490,56 @@ func createAccessBox(t *testing.T) (*accessbox.Box, *keys.PrivateKey) {
return box, key
}
func createBucket(t *testing.T, hc *handlerContext, bktName string, box *accessbox.Box) *data.BucketInfo {
func createBucket(hc *handlerContext, bktName string) (*data.BucketInfo, *accessbox.Box) {
box, _ := createAccessBox(hc.t)
w := createBucketBase(hc, bktName, box)
assertStatus(t, w, http.StatusOK)
assertStatus(hc.t, w, http.StatusOK)
bktInfo, err := hc.Layer().GetBucketInfo(hc.Context(), bktName)
require.NoError(t, err)
require.NoError(hc.t, err)
return bktInfo, box
}
func createBucketOldACL(hc *handlerContext, bktName string, box *accessbox.Box) *data.BucketInfo {
w := createBucketBase(hc, bktName, box)
assertStatus(hc.t, w, http.StatusOK)
cnrID, err := hc.tp.ContainerID(bktName)
require.NoError(hc.t, err)
cnr, err := hc.tp.Container(hc.Context(), cnrID)
require.NoError(hc.t, err)
cnr.SetBasicACL(acl.PublicRWExtended)
cnr.SetAttribute(layer.AttributeAPEEnabled, "false")
hc.tp.SetContainer(cnrID, cnr)
table := eacl.NewTable()
table.SetCID(cnrID)
key, err := hc.h.bearerTokenIssuerKey(hc.Context())
require.NoError(hc.t, err)
for _, op := range fullOps {
table.AddRecord(getAllowRecord(op, key))
}
for _, op := range fullOps {
table.AddRecord(getOthersRecord(op, eacl.ActionDeny))
}
err = hc.tp.SetContainerEACL(hc.Context(), *table, nil)
require.NoError(hc.t, err)
bktInfo, err := hc.Layer().GetBucketInfo(hc.Context(), bktName)
require.NoError(hc.t, err)
settings, err := hc.tree.GetSettingsNode(hc.Context(), bktInfo)
require.NoError(hc.t, err)
settings.CannedACL = ""
err = hc.Layer().PutBucketSettings(hc.Context(), &layer.PutSettingsParams{BktInfo: bktInfo, Settings: settings})
require.NoError(hc.t, err)
bktInfo, err = hc.Layer().GetBucketInfo(hc.Context(), bktName)
require.NoError(hc.t, err)
return bktInfo
}