Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9366 Commits
33 Branches
301 Tags
176 MiB
Tree: b253a20faf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b253a20faf'
${ noResults }
seaweedfs/weed/s3api/s3api_bucket_handlers.go

583 lines
17 KiB
Raw Normal View History

add list all my buckets
7 years ago
add namespace for ListAllMyBucketsResult
6 years ago
use constant for ErrBucketNotEmpty
3 years ago
add list all my buckets
7 years ago
add ownership rest apis (#3765)
2 years ago
perf(fix): fix bugs Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
add ownership rest apis (#3765)
2 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
go fmt
7 years ago
go fmt
7 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
Add bucket owner attr.
4 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
fix directory lookup nil
5 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
add context to all filer APIs
6 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
add namespace for ListAllMyBucketsResult
6 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
add list all my buckets
7 years ago
add glog for s3 handlers
3 years ago
s3: support config action Admin:bucket
4 years ago
refactoring
3 years ago
s3: support config action Admin:bucket
4 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
add list all my buckets
7 years ago
s3: ListParts output xml format fix https://github.com/chrislusf/seaweedfs/issues/1461
5 years ago
add list all my buckets
7 years ago
refactoring
7 years ago
refactoring
3 years ago
refactoring
7 years ago
add list all my buckets
7 years ago
move s3 related constants from package http to s3_constants
3 years ago
Add bucket owner attr.
4 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
refactoring
7 years ago
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551
3 years ago
enable admin to access all buckets
4 years ago
Add bucket owner attr.
4 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
s3: print out time in UTC format fix https://github.com/chrislusf/seaweedfs/issues/1297
5 years ago
refactoring
7 years ago
add list all my buckets
7 years ago
refactoring
7 years ago
add list all my buckets
7 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
Add bucket owner attr.
4 years ago
refactoring
7 years ago
fix s3 ListAllMyBucketsResult to work with s3cmd
6 years ago
add list all my buckets
7 years ago
refactoring
3 years ago
add list all my buckets
7 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
move s3 related constants from package http to s3_constants
3 years ago
add glog for s3 handlers
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
detect invalid bucket name fix https://github.com/seaweedfs/seaweedfs/issues/4143
2 years ago
s3: avoid duplicated bucket
4 years ago
use streaming mode for long poll grpc calls streaming mode would create separate grpc connections for each call. this is to ensure the long poll connections are properly closed.
3 years ago
s3: avoid duplicated bucket
4 years ago
go fmt
4 years ago
s3: avoid duplicated bucket
4 years ago
refactoring
3 years ago
s3: avoid duplicated bucket
4 years ago
check if bucket already exists.
4 years ago
s3: avoid duplicated bucket
4 years ago
refactoring
3 years ago
s3: avoid duplicated bucket
4 years ago
check auth only when enabled
3 years ago
s3: skip permission checking for creating bucket if the bucket already exists fix https://github.com/chrislusf/seaweedfs/issues/2417 Rclone was trying to create the bucket even though the bucket already exists.
3 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
extract and save acl when create bucket
2 years ago
Add bucket owner attr.
4 years ago
move s3 related constants from package http to s3_constants
3 years ago
fix if nil map in entry.
4 years ago
move s3 related constants from package http to s3_constants
3 years ago
perf(fix): fix bugs Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
set bucket ownership if not empty Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
create bucket with ownership Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
Add bucket owner attr.
4 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
Add bucket owner attr.
4 years ago
refactoring
7 years ago
Add bucket owner attr.
4 years ago
s3: avoid duplicated bucket
4 years ago
refactoring
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
clear cache when put bucket Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
go fmt
3 years ago
refactoring
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
move s3 related constants from package http to s3_constants
3 years ago
add glog for s3 handlers
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
adjust check bucket if exist or has access.
4 years ago
refactoring
3 years ago
return NoSuchBucket instead of InternalError delete non-existed bucket.
4 years ago
skip if entry.Extended map is nil.
4 years ago
use streaming mode for long poll grpc calls streaming mode would create separate grpc connections for each call. this is to ensure the long poll connections are properly closed.
3 years ago
allowDeleteBucketNotEmpty
3 years ago
use const multipart uploads folder avoid error bucket NotEmpty if multipart uploads folder exist
3 years ago
allowDeleteBucketNotEmpty
3 years ago
use const multipart uploads folder avoid error bucket NotEmpty if multipart uploads folder exist
3 years ago
allowDeleteBucketNotEmpty
3 years ago
s3 test bucket delete nonempty
4 years ago
delete bucket also removes collection data
7 years ago
remove ctx if possible
5 years ago
fix string printing
7 years ago
delete bucket also removes collection data
7 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
s3 test bucket delete nonempty
4 years ago
use constant for ErrBucketNotEmpty
3 years ago
s3 test bucket delete nonempty
4 years ago
allowDeleteBucketNotEmpty
3 years ago
s3 test bucket delete nonempty
4 years ago
S3 API: fix DeleteMultipleObjectsHandler fix https://github.com/chrislusf/seaweedfs/issues/1241
5 years ago
refactoring filer rm
7 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
refactoring
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
refactoring
3 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
add HeadBucket
7 years ago
move s3 related constants from package http to s3_constants
3 years ago
add glog for s3 handlers
3 years ago
add HeadBucket
7 years ago
add acl validation for s3 bucket read api
2 years ago
Avoid forbiddening for HeadBucketHandler if owners are specified https://github.com/chrislusf/seaweedfs/issues/2434
3 years ago
adjust check bucket if exist or has access.
4 years ago
refactoring
3 years ago
adjust check bucket if exist or has access.
4 years ago
rename function
4 years ago
fix ErrNotFound
4 years ago
adjust check bucket if exist or has access.
4 years ago
add HeadBucket
7 years ago
skip if entry.Extended map is nil.
4 years ago
enable admin to access all buckets
4 years ago
adjust check bucket if exist or has access.
4 years ago
check permission for bucket delete/head.
4 years ago
adjust check bucket if exist or has access.
4 years ago
add HeadBucket
7 years ago
enable admin to access all buckets
4 years ago
move s3 related constants from package http to s3_constants
3 years ago
enable admin to access all buckets
4 years ago
move s3 related constants from package http to s3_constants
3 years ago
enable admin to access all buckets
4 years ago
adjust check bucket if exist or has access.
4 years ago
AclHandlers
3 years ago
implement `PutBucketAclHandler` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
implement `PutBucketAclHandler` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
implement `PutBucketAclHandler` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
AclHandlers
3 years ago
move s3 related constants from package http to s3_constants
3 years ago
AclHandlers
3 years ago
add acl validation for s3 bucket read api
2 years ago
AclHandlers
3 years ago
add acl validation for s3 bucket read api
2 years ago
AclHandlers
3 years ago
add acl validation for s3 bucket read api
2 years ago
AclHandlers
3 years ago
move s3 related constants from package http to s3_constants
3 years ago
fix incorrect log information
3 years ago
AclHandlers
3 years ago
refactoring
3 years ago
AclHandlers
3 years ago
refactoring
3 years ago
AclHandlers
3 years ago
GetBucketLifecycleConfigurationHandler
3 years ago
refactoring
3 years ago
DeleteBucketLifecycleConfiguration return 204
3 years ago
GetBucketLifecycleConfigurationHandler
3 years ago
refactoring
3 years ago
AclHandlers
3 years ago
refactoring
3 years ago
AclHandlers
3 years ago
refactoring
3 years ago
AclHandlers
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add ownership rest apis (#3765)
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
[s3acl] Step 0: Put bucket ACL only responds success if the ACL is private. (#4856) * Passing test: test_bucket_acl_default test_bucket_acl_canned_private_to_private https://github.com/seaweedfs/seaweedfs/issues/4519 * Update weed/s3api/s3api_bucket_handlers.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> Signed-off-by: LHHDZ <shichanglin5@qq.com>
1 year ago
add ownership rest apis (#3765)
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
add ownership rest apis (#3765)
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
validate grants when setting ownership to `OwnershipBucketOwnerEnforced` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
validate grants when setting ownership to `OwnershipBucketOwnerEnforced` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
validate grants when setting ownership to `OwnershipBucketOwnerEnforced` Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
add ownership rest apis (#3765)
2 years ago
optimize readability Signed-off-by: changlin.shi <changlin.shi@ly.com>
2 years ago
add ownership rest apis (#3765)
2 years ago
  1. package s3api
  3. import (
  4. "context"
  5. "encoding/xml"
  6. "errors"
  7. "fmt"
  8. "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
  9. "github.com/seaweedfs/seaweedfs/weed/s3api/s3bucket"
  10. "github.com/seaweedfs/seaweedfs/weed/util"
  11. "math"
  12. "net/http"
  13. "time"
  15. "github.com/seaweedfs/seaweedfs/weed/filer"
  16. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
  17. "github.com/seaweedfs/seaweedfs/weed/storage/needle"
  19. "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
  21. "github.com/aws/aws-sdk-go/aws"
  22. "github.com/aws/aws-sdk-go/service/s3"
  24. "github.com/seaweedfs/seaweedfs/weed/glog"
  25. "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
  26. )
  28. type ListAllMyBucketsResult struct {
  29. XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListAllMyBucketsResult"`
  30. Owner *s3.Owner
  31. Buckets []*s3.Bucket `xml:"Buckets>Bucket"`
  32. }
  34. func (s3a *S3ApiServer) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
  36. glog.V(3).Infof("ListBucketsHandler")
  38. var identity *Identity
  39. var s3Err s3err.ErrorCode
  40. if s3a.iam.isEnabled() {
  41. identity, s3Err = s3a.iam.authUser(r)
  42. if s3Err != s3err.ErrNone {
  43. s3err.WriteErrorResponse(w, r, s3Err)
  44. return
  45. }
  46. }
  48. var response ListAllMyBucketsResult
  50. entries, _, err := s3a.list(s3a.option.BucketsPath, "", "", false, math.MaxInt32)
  52. if err != nil {
  53. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  54. return
  55. }
  57. identityId := r.Header.Get(s3_constants.AmzIdentityId)
  59. var buckets []*s3.Bucket
  60. for _, entry := range entries {
  61. if entry.IsDirectory {
  62. if identity != nil && !identity.canDo(s3_constants.ACTION_LIST, entry.Name, "") {
  63. continue
  64. }
  65. buckets = append(buckets, &s3.Bucket{
  66. Name: aws.String(entry.Name),
  67. CreationDate: aws.Time(time.Unix(entry.Attributes.Crtime, 0).UTC()),
  68. })
  69. }
  70. }
  72. response = ListAllMyBucketsResult{
  73. Owner: &s3.Owner{
  74. ID: aws.String(identityId),
  75. DisplayName: aws.String(identityId),
  76. },
  77. Buckets: buckets,
  78. }
  80. writeSuccessResponseXML(w, r, response)
  81. }
  83. func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
  85. bucket, _ := s3_constants.GetBucketAndObject(r)
  86. glog.V(3).Infof("PutBucketHandler %s", bucket)
  88. // validate the bucket name
  89. err := s3bucket.VerifyS3BucketName(bucket)
  90. if err != nil {
  91. glog.Errorf("put invalid bucket name: %v %v", bucket, err)
  92. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidBucketName)
  93. return
  94. }
  96. // avoid duplicated buckets
  97. errCode := s3err.ErrNone
  98. if err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  99. if resp, err := client.CollectionList(context.Background(), &filer_pb.CollectionListRequest{
  100. IncludeEcVolumes: true,
  101. IncludeNormalVolumes: true,
  102. }); err != nil {
  103. glog.Errorf("list collection: %v", err)
  104. return fmt.Errorf("list collections: %v", err)
  105. } else {
  106. for _, c := range resp.Collections {
  107. if bucket == c.Name {
  108. errCode = s3err.ErrBucketAlreadyExists
  109. break
  110. }
  111. }
  112. }
  113. return nil
  114. }); err != nil {
  115. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  116. return
  117. }
  118. if exist, err := s3a.exists(s3a.option.BucketsPath, bucket, true); err == nil && exist {
  119. errCode = s3err.ErrBucketAlreadyExists
  120. }
  121. if errCode != s3err.ErrNone {
  122. s3err.WriteErrorResponse(w, r, errCode)
  123. return
  124. }
  126. if s3a.iam.isEnabled() {
  127. if _, errCode = s3a.iam.authRequest(r, s3_constants.ACTION_ADMIN); errCode != s3err.ErrNone {
  128. s3err.WriteErrorResponse(w, r, errCode)
  129. return
  130. }
  131. }
  133. objectOwnership := r.Header.Get("X-Amz-Object-Ownership")
  134. requestAccountId := s3acl.GetAccountId(r)
  135. grants, errCode := s3acl.ExtractBucketAcl(r, s3a.accountManager, objectOwnership, requestAccountId, requestAccountId, true)
  136. if errCode != s3err.ErrNone {
  137. s3err.WriteErrorResponse(w, r, errCode)
  138. return
  139. }
  141. fn := func(entry *filer_pb.Entry) {
  142. if identityId := r.Header.Get(s3_constants.AmzIdentityId); identityId != "" {
  143. if entry.Extended == nil {
  144. entry.Extended = make(map[string][]byte)
  145. }
  146. entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
  147. s3a.bucketRegistry.LoadBucketMetadata(entry)
  148. }
  149. if objectOwnership != "" {
  150. if entry.Extended == nil {
  151. entry.Extended = make(map[string][]byte)
  152. }
  153. entry.Extended[s3_constants.ExtOwnershipKey] = []byte(objectOwnership)
  154. }
  155. s3acl.AssembleEntryWithAcp(entry, requestAccountId, grants)
  156. }
  158. // create the folder for bucket, but lazily create actual collection
  159. if err := s3a.mkdir(s3a.option.BucketsPath, bucket, fn); err != nil {
  160. glog.Errorf("PutBucketHandler mkdir: %v", err)
  161. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  162. return
  163. }
  165. // clear cache
  166. s3a.bucketRegistry.ClearCache(bucket)
  168. w.Header().Set("Location", "/"+bucket)
  169. writeSuccessResponseEmpty(w, r)
  170. }
  172. func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
  174. bucket, _ := s3_constants.GetBucketAndObject(r)
  175. glog.V(3).Infof("DeleteBucketHandler %s", bucket)
  177. if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
  178. s3err.WriteErrorResponse(w, r, err)
  179. return
  180. }
  182. err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  183. if !s3a.option.AllowDeleteBucketNotEmpty {
  184. entries, _, err := s3a.list(s3a.option.BucketsPath+"/"+bucket, "", "", false, 2)
  185. if err != nil {
  186. return fmt.Errorf("failed to list bucket %s: %v", bucket, err)
  187. }
  188. for _, entry := range entries {
  189. if entry.Name != s3_constants.MultipartUploadsFolder {
  190. return errors.New(s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code)
  191. }
  192. }
  193. }
  195. // delete collection
  196. deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
  197. Collection: bucket,
  198. }
  200. glog.V(1).Infof("delete collection: %v", deleteCollectionRequest)
  201. if _, err := client.DeleteCollection(context.Background(), deleteCollectionRequest); err != nil {
  202. return fmt.Errorf("delete collection %s: %v", bucket, err)
  203. }
  205. return nil
  206. })
  208. if err != nil {
  209. s3ErrorCode := s3err.ErrInternalError
  210. if err.Error() == s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code {
  211. s3ErrorCode = s3err.ErrBucketNotEmpty
  212. }
  213. s3err.WriteErrorResponse(w, r, s3ErrorCode)
  214. return
  215. }
  217. err = s3a.rm(s3a.option.BucketsPath, bucket, false, true)
  219. if err != nil {
  220. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  221. return
  222. }
  224. s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
  225. }
  227. func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
  229. bucket, _ := s3_constants.GetBucketAndObject(r)
  230. glog.V(3).Infof("HeadBucketHandler %s", bucket)
  232. _, errorCode := s3a.checkAccessForReadBucket(r, bucket, s3_constants.PermissionRead)
  233. if errorCode != s3err.ErrNone {
  234. s3err.WriteErrorResponse(w, r, errorCode)
  235. return
  236. }
  237. if entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket); entry == nil || err == filer_pb.ErrNotFound {
  238. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
  239. return
  240. }
  242. writeSuccessResponseEmpty(w, r)
  243. }
  245. func (s3a *S3ApiServer) checkBucket(r *http.Request, bucket string) s3err.ErrorCode {
  246. entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  247. if entry == nil || err == filer_pb.ErrNotFound {
  248. return s3err.ErrNoSuchBucket
  249. }
  251. if !s3a.hasAccess(r, entry) {
  252. return s3err.ErrAccessDenied
  253. }
  254. return s3err.ErrNone
  255. }
  257. func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
  258. isAdmin := r.Header.Get(s3_constants.AmzIsAdmin) != ""
  259. if isAdmin {
  260. return true
  261. }
  262. if entry.Extended == nil {
  263. return true
  264. }
  266. identityId := r.Header.Get(s3_constants.AmzIdentityId)
  267. if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
  268. if identityId != string(id) {
  269. return false
  270. }
  271. }
  272. return true
  273. }
  275. // PutBucketAclHandler Put bucket ACL
  276. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
  277. func (s3a *S3ApiServer) PutBucketAclHandler(w http.ResponseWriter, r *http.Request) {
  278. bucket, _ := s3_constants.GetBucketAndObject(r)
  279. glog.V(3).Infof("PutBucketAclHandler %s", bucket)
  281. accountId := s3acl.GetAccountId(r)
  282. bucketMetadata, errorCode := s3a.checkAccessForPutBucketAcl(accountId, bucket)
  283. if errorCode != s3err.ErrNone {
  284. s3err.WriteErrorResponse(w, r, errorCode)
  285. return
  286. }
  288. grants, errCode := s3acl.ExtractBucketAcl(r, s3a.accountManager, bucketMetadata.ObjectOwnership, *bucketMetadata.Owner.ID, accountId, false)
  289. if errCode != s3err.ErrNone {
  290. s3err.WriteErrorResponse(w, r, errCode)
  291. return
  292. }
  294. bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  295. if err != nil {
  296. glog.Warning(err)
  297. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  298. return
  299. }
  301. errCode = s3acl.AssembleEntryWithAcp(bucketEntry, *bucketMetadata.Owner.ID, grants)
  302. if errCode != s3err.ErrNone {
  303. s3err.WriteErrorResponse(w, r, errCode)
  304. return
  305. }
  307. err = updateBucketEntry(s3a, bucketEntry)
  308. if err != nil {
  309. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  310. return
  311. }
  312. //update local cache
  313. bucketMetadata.Acl = grants
  314. s3err.WriteEmptyResponse(w, r, http.StatusOK)
  315. }
  317. // GetBucketAclHandler Get Bucket ACL
  318. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
  319. func (s3a *S3ApiServer) GetBucketAclHandler(w http.ResponseWriter, r *http.Request) {
  320. // collect parameters
  321. bucket, _ := s3_constants.GetBucketAndObject(r)
  322. glog.V(3).Infof("GetBucketAclHandler %s", bucket)
  324. bucketMetadata, errorCode := s3a.checkAccessForReadBucket(r, bucket, s3_constants.PermissionReadAcp)
  325. if s3err.ErrNone != errorCode {
  326. s3err.WriteErrorResponse(w, r, errorCode)
  327. return
  328. }
  330. acp := &s3.PutBucketAclInput{
  331. AccessControlPolicy: &s3.AccessControlPolicy{
  332. Grants: bucketMetadata.Acl,
  333. Owner: bucketMetadata.Owner,
  334. },
  335. }
  336. s3err.WriteAwsXMLResponse(w, r, http.StatusOK, acp)
  337. }
  339. // GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration
  340. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
  341. func (s3a *S3ApiServer) GetBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
  342. // collect parameters
  343. bucket, _ := s3_constants.GetBucketAndObject(r)
  344. glog.V(3).Infof("GetBucketLifecycleConfigurationHandler %s", bucket)
  346. if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
  347. s3err.WriteErrorResponse(w, r, err)
  348. return
  349. }
  350. fc, err := filer.ReadFilerConf(s3a.option.Filer, s3a.option.GrpcDialOption, nil)
  351. if err != nil {
  352. glog.Errorf("GetBucketLifecycleConfigurationHandler: %s", err)
  353. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  354. return
  355. }
  356. ttls := fc.GetCollectionTtls(bucket)
  357. if len(ttls) == 0 {
  358. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchLifecycleConfiguration)
  359. return
  360. }
  361. response := Lifecycle{}
  362. for prefix, internalTtl := range ttls {
  363. ttl, _ := needle.ReadTTL(internalTtl)
  364. days := int(ttl.Minutes() / 60 / 24)
  365. if days == 0 {
  366. continue
  367. }
  368. response.Rules = append(response.Rules, Rule{
  369. Status: Enabled, Filter: Filter{
  370. Prefix: Prefix{string: prefix, set: true},
  371. set: true,
  372. },
  373. Expiration: Expiration{Days: days, set: true},
  374. })
  375. }
  376. writeSuccessResponseXML(w, r, response)
  377. }
  379. // PutBucketLifecycleConfigurationHandler Put Bucket Lifecycle configuration
  380. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
  381. func (s3a *S3ApiServer) PutBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
  383. s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented)
  385. }
  387. // DeleteBucketMetricsConfiguration Delete Bucket Lifecycle
  388. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
  389. func (s3a *S3ApiServer) DeleteBucketLifecycleHandler(w http.ResponseWriter, r *http.Request) {
  391. s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
  393. }
  395. // GetBucketLocationHandler Get bucket location
  396. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html
  397. func (s3a *S3ApiServer) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
  398. writeSuccessResponseXML(w, r, LocationConstraint{})
  399. }
  401. // GetBucketRequestPaymentHandler Get bucket location
  402. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html
  403. func (s3a *S3ApiServer) GetBucketRequestPaymentHandler(w http.ResponseWriter, r *http.Request) {
  404. writeSuccessResponseXML(w, r, RequestPaymentConfiguration{Payer: "BucketOwner"})
  405. }
  407. // PutBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketOwnershipControls.html
  408. func (s3a *S3ApiServer) PutBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
  409. bucket, _ := s3_constants.GetBucketAndObject(r)
  410. glog.V(3).Infof("PutBucketOwnershipControls %s", bucket)
  412. errCode := s3a.checkAccessByOwnership(r, bucket)
  413. if errCode != s3err.ErrNone {
  414. s3err.WriteErrorResponse(w, r, errCode)
  415. return
  416. }
  418. if r.Body == nil || r.Body == http.NoBody {
  419. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  420. return
  421. }
  423. defer util.CloseRequest(r)
  424. var v s3.OwnershipControls
  426. err := xmlutil.UnmarshalXML(&v, xml.NewDecoder(r.Body), "")
  427. if err != nil {
  428. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  429. return
  430. }
  432. if len(v.Rules) != 1 {
  433. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  434. return
  435. }
  437. printOwnership := true
  438. newObjectOwnership := *v.Rules[0].ObjectOwnership
  439. switch newObjectOwnership {
  440. case s3_constants.OwnershipObjectWriter:
  441. case s3_constants.OwnershipBucketOwnerPreferred:
  442. case s3_constants.OwnershipBucketOwnerEnforced:
  443. default:
  444. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  445. return
  446. }
  448. bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  449. if err != nil {
  450. if err == filer_pb.ErrNotFound {
  451. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
  452. return
  453. }
  454. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  455. return
  456. }
  458. oldOwnership, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
  459. if !ok || string(oldOwnership) != newObjectOwnership {
  461. // must reset bucket acl to default(bucket owner with full control permission) before setting ownership
  462. // to `OwnershipBucketOwnerEnforced` (bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting)
  463. if newObjectOwnership == s3_constants.OwnershipBucketOwnerEnforced {
  464. acpGrants := s3acl.GetAcpGrants(nil, bucketEntry.Extended)
  465. if len(acpGrants) > 1 {
  466. s3err.WriteErrorResponse(w, r, s3err.InvalidBucketAclWithObjectOwnership)
  467. return
  468. } else if len(acpGrants) == 1 {
  469. bucketOwner := s3acl.GetAcpOwner(bucketEntry.Extended, s3account.AccountAdmin.Id)
  470. expectGrant := s3acl.GrantWithFullControl(bucketOwner)
  471. if !s3acl.GrantEquals(acpGrants[0], expectGrant) {
  472. s3err.WriteErrorResponse(w, r, s3err.InvalidBucketAclWithObjectOwnership)
  473. return
  474. }
  475. }
  476. }
  478. if bucketEntry.Extended == nil {
  479. bucketEntry.Extended = make(map[string][]byte)
  480. }
  481. //update local cache
  482. bucketMetadata, eCode := s3a.bucketRegistry.GetBucketMetadata(bucket)
  483. if eCode == s3err.ErrNone {
  484. bucketMetadata.ObjectOwnership = newObjectOwnership
  485. }
  486. bucketEntry.Extended[s3_constants.ExtOwnershipKey] = []byte(newObjectOwnership)
  487. err = s3a.updateEntry(s3a.option.BucketsPath, bucketEntry)
  488. if err != nil {
  489. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  490. return
  491. }
  492. }
  494. if printOwnership {
  495. result := &s3.PutBucketOwnershipControlsInput{
  496. OwnershipControls: &v,
  497. }
  498. s3err.WriteAwsXMLResponse(w, r, http.StatusOK, result)
  499. } else {
  500. writeSuccessResponseEmpty(w, r)
  501. }
  502. }
  504. // GetBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketOwnershipControls.html
  505. func (s3a *S3ApiServer) GetBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
  506. bucket, _ := s3_constants.GetBucketAndObject(r)
  507. glog.V(3).Infof("GetBucketOwnershipControls %s", bucket)
  509. errCode := s3a.checkAccessByOwnership(r, bucket)
  510. if errCode != s3err.ErrNone {
  511. s3err.WriteErrorResponse(w, r, errCode)
  512. return
  513. }
  515. bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  516. if err != nil {
  517. if err == filer_pb.ErrNotFound {
  518. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
  519. return
  520. }
  521. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  522. return
  523. }
  525. v, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
  526. if !ok {
  527. s3err.WriteErrorResponse(w, r, s3err.OwnershipControlsNotFoundError)
  528. return
  529. }
  530. ownership := string(v)
  532. result := &s3.PutBucketOwnershipControlsInput{
  533. OwnershipControls: &s3.OwnershipControls{
  534. Rules: []*s3.OwnershipControlsRule{
  535. {
  536. ObjectOwnership: &ownership,
  537. },
  538. },
  539. },
  540. }
  542. s3err.WriteAwsXMLResponse(w, r, http.StatusOK, result)
  543. }
  545. // DeleteBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketOwnershipControls.html
  546. func (s3a *S3ApiServer) DeleteBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
  547. bucket, _ := s3_constants.GetBucketAndObject(r)
  548. glog.V(3).Infof("PutBucketOwnershipControls %s", bucket)
  550. errCode := s3a.checkAccessByOwnership(r, bucket)
  551. if errCode != s3err.ErrNone {
  552. s3err.WriteErrorResponse(w, r, errCode)
  553. return
  554. }
  556. bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  557. if err != nil {
  558. if err == filer_pb.ErrNotFound {
  559. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
  560. return
  561. }
  562. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  563. return
  564. }
  566. _, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
  567. if !ok {
  568. s3err.WriteErrorResponse(w, r, s3err.OwnershipControlsNotFoundError)
  569. return
  570. }
  572. delete(bucketEntry.Extended, s3_constants.ExtOwnershipKey)
  573. err = s3a.updateEntry(s3a.option.BucketsPath, bucketEntry)
  574. if err != nil {
  575. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  576. return
  577. }
  579. emptyOwnershipControls := &s3.OwnershipControls{
  580. Rules: []*s3.OwnershipControlsRule{},
  581. }
  582. s3err.WriteAwsXMLResponse(w, r, http.StatusOK, emptyOwnershipControls)
  583. }