realloc/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#455] Allow preflight requests without auth

Browse source 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
This commit is contained in:
Marina Biryukova 2025-03-20 14:04:27 +03:00
parent c9c7379835
commit 8625b6e119
3 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

20
api/router_test.go
View file

@ -627,6 +627,26 @@ func TestMFAPolicy(t *testing.T) {
createBucket(router, ns, bktName)
}
func TestPreflightWithoutAuth(t *testing.T) {
router := prepareRouter(t)
router.middlewareSettings.denyByDefault = true
ns, bktName := "", "bucket"
allowOperations(router, ns, []string{"s3:CreateBucket"}, nil)
createBucket(router, ns, bktName)
w, r := httptest.NewRecorder(), httptest.NewRequest(http.MethodOptions, "/"+bktName, nil)
r.Header.Set(FrostfsNamespaceHeader, ns)
router.ServeHTTP(w, r)
require.Equal(t, http.StatusOK, w.Code)
w, r = httptest.NewRecorder(), httptest.NewRequest(http.MethodOptions, "/"+bktName+"/some-object", nil)
r.Header.Set(FrostfsNamespaceHeader, ns)
router.ServeHTTP(w, r)
require.Equal(t, http.StatusOK, w.Code)
}
func allowOperations(router *routerMock, ns string, operations []string, conditions engineiam.Conditions) {
addPolicy(router, ns, "allow", engineiam.AllowEffect, operations, conditions)
}