diff --git a/docker/compose/s3tests.conf b/docker/compose/s3tests.conf index 68d9ddeb7..2bffe20d4 100644 --- a/docker/compose/s3tests.conf +++ b/docker/compose/s3tests.conf @@ -18,10 +18,10 @@ bucket prefix = yournamehere-{random}- [s3 main] # main display_name set in vstart.sh -display_name = M. Tester +display_name = s3_tests # main user_idname set in vstart.sh -user_id = testid +user_id = s3_tests # main email set in vstart.sh email = tester@ceph.com diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go index d4d81905d..d2e987a25 100644 --- a/weed/s3api/s3api_bucket_handlers.go +++ b/weed/s3api/s3api_bucket_handlers.go @@ -259,32 +259,54 @@ func (s3a *S3ApiServer) GetBucketAclHandler(w http.ResponseWriter, r *http.Reque return } - response := AccessControlPolicy{} - for _, ident := range s3a.iam.identities { - if len(ident.Credentials) == 0 { - continue + identityId := r.Header.Get(s3_constants.AmzIdentityId) + response := AccessControlPolicy{ + Owner: CanonicalUser{ + ID: identityId, + DisplayName: identityId, + }, + } + response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{ + Grantee: Grantee{ + ID: identityId, + DisplayName: identityId, + Type: "CanonicalUser", + XMLXSI: "CanonicalUser", + XMLNS: "http://www.w3.org/2001/XMLSchema-instance"}, + Permission: s3.PermissionFullControl, + }) + writeSuccessResponseXML(w, r, response) +} + +// PutBucketAclHandler Put bucket ACL only responds success if the ACL is private. +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html // +func (s3a *S3ApiServer) PutBucketAclHandler(w http.ResponseWriter, r *http.Request) { + // collect parameters + bucket, _ := s3_constants.GetBucketAndObject(r) + glog.V(3).Infof("PutBucketAclHandler %s", bucket) + + if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone { + s3err.WriteErrorResponse(w, r, err) + return + } + cannedAcl := r.Header.Get(s3_constants.AmzCannedAcl) + switch { + case cannedAcl == "": + acl := &s3.AccessControlPolicy{} + if err := xmlDecoder(r.Body, acl, r.ContentLength); err != nil { + glog.Errorf("PutBucketAclHandler: %s", err) + s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) + return } - for _, action := range ident.Actions { - if !action.overBucket(bucket) || action.getPermission() == "" { - continue - } - id := ident.Credentials[0].AccessKey - if response.Owner.DisplayName == "" && action.isOwner(bucket) && len(ident.Credentials) > 0 { - response.Owner.DisplayName = ident.Name - response.Owner.ID = id - } - response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{ - Grantee: Grantee{ - ID: id, - DisplayName: ident.Name, - Type: "CanonicalUser", - XMLXSI: "CanonicalUser", - XMLNS: "http://www.w3.org/2001/XMLSchema-instance"}, - Permission: action.getPermission(), - }) + if len(acl.Grants) == 1 && acl.Grants[0].Permission != nil && *acl.Grants[0].Permission == s3_constants.PermissionFullControl { + writeSuccessResponseEmpty(w, r) + return } + case cannedAcl == s3_constants.CannedAclPrivate: + writeSuccessResponseEmpty(w, r) + return } - writeSuccessResponseXML(w, r, response) + s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented) } // GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration diff --git a/weed/s3api/s3api_bucket_skip_handlers.go b/weed/s3api/s3api_bucket_skip_handlers.go index 70fd38424..62d5b8ce7 100644 --- a/weed/s3api/s3api_bucket_skip_handlers.go +++ b/weed/s3api/s3api_bucket_skip_handlers.go @@ -41,9 +41,3 @@ func (s3a *S3ApiServer) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Re func (s3a *S3ApiServer) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) { s3err.WriteErrorResponse(w, r, http.StatusNoContent) } - -// PutBucketAclHandler Put bucket ACL -// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html -func (s3a *S3ApiServer) PutBucketAclHandler(w http.ResponseWriter, r *http.Request) { - s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented) -}