[#535] Support public access block operations

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2025-04-03 13:51:16 +03:00 · 2025-04-03 13:51:16 +03:00 · a7ce40d745
commit a7ce40d745
parent 4f0f2ca7bd
23 changed files with 940 additions and 87 deletions
--- a/pkg/service/tree/tree.go
+++ b/pkg/service/tree/tree.go
@ -97,6 +97,7 @@ const (
 	lockConfigurationKV = "LockConfiguration"
 	oidKV               = "OID"
 	cidKV               = "CID"
+	publicAccessBlockKV = "PublicAccessBlock"

 	isCombinedKV    = "IsCombined"
 	isUnversionedKV = "IsUnversioned"
@ -536,6 +537,12 @@ func (c *Tree) GetSettingsNode(ctx context.Context, bktInfo *data.BucketInfo) (*
 		}
 	}

+	if publicAccessBlockValue, ok := node.Get(publicAccessBlockKV); ok {
+		if settings.PublicAccessBlock, err = parsePublicAccessBlock(publicAccessBlockValue); err != nil {
+			return nil, fmt.Errorf("settings node: %w", err)
+		}
+	}
+
 	return settings, nil
 }

@ -1907,10 +1914,50 @@ func metaFromSettings(settings *data.BucketSettings) map[string]string {
 	if settings.OwnerKey != nil {
 		results[ownerKeyKV] = hex.EncodeToString(settings.OwnerKey.Bytes())
 	}
+	if settings.PublicAccessBlock != nil {
+		results[publicAccessBlockKV] = encodePublicAccessBlock(settings.PublicAccessBlock)
+	}

 	return results
 }

+func encodePublicAccessBlock(cfg *data.PublicAccessBlockConfiguration) string {
+	return fmt.Sprintf("%v,%v,%v,%v", cfg.BlockPublicAcls, cfg.BlockPublicPolicy, cfg.IgnorePublicAcls, cfg.RestrictPublicBuckets)
+}
+
+func parsePublicAccessBlock(value string) (*data.PublicAccessBlockConfiguration, error) {
+	errInvalidFormat := fmt.Errorf("invalid public access block configuration: %s", value)
+	fields := strings.Split(value, ",")
+
+	if len(fields) != 4 {
+		return nil, errInvalidFormat
+	}
+
+	blockPublicAcls, err := strconv.ParseBool(fields[0])
+	if err != nil {
+		return nil, errInvalidFormat
+	}
+	blockPublicPolicy, err := strconv.ParseBool(fields[1])
+	if err != nil {
+		return nil, errInvalidFormat
+	}
+	ignorePublicAcls, err := strconv.ParseBool(fields[2])
+	if err != nil {
+		return nil, errInvalidFormat
+	}
+	restrictPublicBuckets, err := strconv.ParseBool(fields[3])
+	if err != nil {
+		return nil, errInvalidFormat
+	}
+
+	return &data.PublicAccessBlockConfiguration{
+		BlockPublicAcls:       blockPublicAcls,
+		BlockPublicPolicy:     blockPublicPolicy,
+		IgnorePublicAcls:      ignorePublicAcls,
+		RestrictPublicBuckets: restrictPublicBuckets,
+	}, nil
+}
+
 func metaFromMultipart(info *data.MultipartInfo, fileName string) map[string]string {
 	info.Meta[FileNameKey] = fileName
 	info.Meta[uploadIDKV] = info.UploadID