[#306] Add flag to enable old ACL bucket creation

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-14 17:04:35 +03:00 · 2024-02-14 17:04:35 +03:00 · c868af8a62
commit c868af8a62
parent bac1b3fb2d
10 changed files with 166 additions and 91 deletions
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@ -16,11 +16,9 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@ -1303,17 +1301,17 @@ func TestBucketAclToAst(t *testing.T) {

 func TestPutBucketACL(t *testing.T) {
 	tc := prepareHandlerContext(t)
+	tc.config.aclEnabled = true
 	bktName := "bucket-for-acl"

-	box, _ := createAccessBox(t)
-	bktInfo := createBucketOldACL(tc, bktName, box)
+	info := createBucket(tc, bktName)

 	header := map[string]string{api.AmzACL: "public-read"}
-	putBucketACL(tc, bktName, box, header)
+	putBucketACL(tc, bktName, info.Box, header)

 	header = map[string]string{api.AmzACL: "private"}
-	putBucketACL(tc, bktName, box, header)
-	checkLastRecords(t, tc, bktInfo, eacl.ActionDeny)
+	putBucketACL(tc, bktName, info.Box, header)
+	checkLastRecords(t, tc, info.BktInfo, eacl.ActionDeny)
 }

 func TestPutBucketAPE(t *testing.T) {
@ -1598,47 +1596,6 @@ func createBucket(hc *handlerContext, bktName string) *createBucketInfo {
 	}
 }

-func createBucketOldACL(hc *handlerContext, bktName string, box *accessbox.Box) *data.BucketInfo {
-	w := createBucketBase(hc, bktName, box)
-	assertStatus(hc.t, w, http.StatusOK)
-
-	cnrID, err := hc.tp.ContainerID(bktName)
-	require.NoError(hc.t, err)
-
-	cnr, err := hc.tp.Container(hc.Context(), cnrID)
-	require.NoError(hc.t, err)
-	cnr.SetBasicACL(acl.PublicRWExtended)
-	hc.tp.SetContainer(cnrID, cnr)
-	table := eacl.NewTable()
-	table.SetCID(cnrID)
-
-	key, err := hc.h.bearerTokenIssuerKey(hc.Context())
-	require.NoError(hc.t, err)
-	for _, op := range fullOps {
-		table.AddRecord(getAllowRecord(op, key))
-	}
-
-	for _, op := range fullOps {
-		table.AddRecord(getOthersRecord(op, eacl.ActionDeny))
-	}
-	err = hc.tp.SetContainerEACL(hc.Context(), *table, nil)
-	require.NoError(hc.t, err)
-
-	bktInfo, err := hc.Layer().GetBucketInfo(hc.Context(), bktName)
-	require.NoError(hc.t, err)
-
-	settings, err := hc.tree.GetSettingsNode(hc.Context(), bktInfo)
-	require.NoError(hc.t, err)
-	settings.CannedACL = ""
-	err = hc.Layer().PutBucketSettings(hc.Context(), &layer.PutSettingsParams{BktInfo: bktInfo, Settings: settings})
-	require.NoError(hc.t, err)
-
-	bktInfo, err = hc.Layer().GetBucketInfo(hc.Context(), bktName)
-	require.NoError(hc.t, err)
-
-	return bktInfo
-}
-
 func createBucketAssertS3Error(hc *handlerContext, bktName string, box *accessbox.Box, code s3errors.ErrorCode) {
 	w := createBucketBase(hc, bktName, box)
 	assertS3Error(hc.t, w, s3errors.GetAPIError(code))