mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
[s3acl] Step 0: Put bucket ACL only responds success if the ACL is private. (#4856)
* Passing test: test_bucket_acl_default test_bucket_acl_canned_private_to_private https://github.com/seaweedfs/seaweedfs/issues/4519 * Update weed/s3api/s3api_bucket_handlers.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
This commit is contained in:
parent
d8b424d123
commit
a46f873edd
|
@ -18,10 +18,10 @@ bucket prefix = yournamehere-{random}-
|
||||||
|
|
||||||
[s3 main]
|
[s3 main]
|
||||||
# main display_name set in vstart.sh
|
# main display_name set in vstart.sh
|
||||||
display_name = M. Tester
|
display_name = s3_tests
|
||||||
|
|
||||||
# main user_idname set in vstart.sh
|
# main user_idname set in vstart.sh
|
||||||
user_id = testid
|
user_id = s3_tests
|
||||||
|
|
||||||
# main email set in vstart.sh
|
# main email set in vstart.sh
|
||||||
email = tester@ceph.com
|
email = tester@ceph.com
|
||||||
|
|
|
@ -259,34 +259,56 @@ func (s3a *S3ApiServer) GetBucketAclHandler(w http.ResponseWriter, r *http.Reque
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
response := AccessControlPolicy{}
|
identityId := r.Header.Get(s3_constants.AmzIdentityId)
|
||||||
for _, ident := range s3a.iam.identities {
|
response := AccessControlPolicy{
|
||||||
if len(ident.Credentials) == 0 {
|
Owner: CanonicalUser{
|
||||||
continue
|
ID: identityId,
|
||||||
}
|
DisplayName: identityId,
|
||||||
for _, action := range ident.Actions {
|
},
|
||||||
if !action.overBucket(bucket) || action.getPermission() == "" {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
id := ident.Credentials[0].AccessKey
|
|
||||||
if response.Owner.DisplayName == "" && action.isOwner(bucket) && len(ident.Credentials) > 0 {
|
|
||||||
response.Owner.DisplayName = ident.Name
|
|
||||||
response.Owner.ID = id
|
|
||||||
}
|
}
|
||||||
response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{
|
response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{
|
||||||
Grantee: Grantee{
|
Grantee: Grantee{
|
||||||
ID: id,
|
ID: identityId,
|
||||||
DisplayName: ident.Name,
|
DisplayName: identityId,
|
||||||
Type: "CanonicalUser",
|
Type: "CanonicalUser",
|
||||||
XMLXSI: "CanonicalUser",
|
XMLXSI: "CanonicalUser",
|
||||||
XMLNS: "http://www.w3.org/2001/XMLSchema-instance"},
|
XMLNS: "http://www.w3.org/2001/XMLSchema-instance"},
|
||||||
Permission: action.getPermission(),
|
Permission: s3.PermissionFullControl,
|
||||||
})
|
})
|
||||||
}
|
|
||||||
}
|
|
||||||
writeSuccessResponseXML(w, r, response)
|
writeSuccessResponseXML(w, r, response)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PutBucketAclHandler Put bucket ACL only responds success if the ACL is private.
|
||||||
|
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html //
|
||||||
|
func (s3a *S3ApiServer) PutBucketAclHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// collect parameters
|
||||||
|
bucket, _ := s3_constants.GetBucketAndObject(r)
|
||||||
|
glog.V(3).Infof("PutBucketAclHandler %s", bucket)
|
||||||
|
|
||||||
|
if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
|
||||||
|
s3err.WriteErrorResponse(w, r, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
cannedAcl := r.Header.Get(s3_constants.AmzCannedAcl)
|
||||||
|
switch {
|
||||||
|
case cannedAcl == "":
|
||||||
|
acl := &s3.AccessControlPolicy{}
|
||||||
|
if err := xmlDecoder(r.Body, acl, r.ContentLength); err != nil {
|
||||||
|
glog.Errorf("PutBucketAclHandler: %s", err)
|
||||||
|
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if len(acl.Grants) == 1 && acl.Grants[0].Permission != nil && *acl.Grants[0].Permission == s3_constants.PermissionFullControl {
|
||||||
|
writeSuccessResponseEmpty(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
case cannedAcl == s3_constants.CannedAclPrivate:
|
||||||
|
writeSuccessResponseEmpty(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented)
|
||||||
|
}
|
||||||
|
|
||||||
// GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration
|
// GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration
|
||||||
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
|
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
|
||||||
func (s3a *S3ApiServer) GetBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
|
func (s3a *S3ApiServer) GetBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
@ -41,9 +41,3 @@ func (s3a *S3ApiServer) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Re
|
||||||
func (s3a *S3ApiServer) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
|
func (s3a *S3ApiServer) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
s3err.WriteErrorResponse(w, r, http.StatusNoContent)
|
s3err.WriteErrorResponse(w, r, http.StatusNoContent)
|
||||||
}
|
}
|
||||||
|
|
||||||
// PutBucketAclHandler Put bucket ACL
|
|
||||||
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
|
||||||
func (s3a *S3ApiServer) PutBucketAclHandler(w http.ResponseWriter, r *http.Request) {
|
|
||||||
s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented)
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue