Compare commits
4 Commits
developmen
...
feature/S3
Author | SHA1 | Date |
---|---|---|
Dora Korpar | 0e595bc89f | |
Dora Korpar | 0f382bf391 | |
Dora Korpar | d2c3202cbf | |
Dora Korpar | bb85f98d90 |
|
@ -60,6 +60,7 @@ const websiteHead = require('./websiteHead');
|
|||
const writeContinue = require('../utilities/writeContinue');
|
||||
const validateQueryAndHeaders = require('../utilities/validateQueryAndHeaders');
|
||||
const parseCopySource = require('./apiUtils/object/parseCopySource');
|
||||
const tagConditionKeyAuth = require('./apiUtils/authorization/tagConditionKeys');
|
||||
|
||||
auth.setHandler(vault);
|
||||
|
||||
|
@ -100,34 +101,35 @@ const api = {
|
|||
log.trace('authentication error', { error: err });
|
||||
return callback(err);
|
||||
}
|
||||
if (authorizationResults) {
|
||||
function ifAuthResults(authResults) {
|
||||
if (apiMethod === 'objectGet') {
|
||||
// first item checks s3:GetObject(Version) action
|
||||
if (!authorizationResults[0].isAllowed) {
|
||||
if (!authResults[0].isAllowed) {
|
||||
log.trace('get object authorization denial from Vault');
|
||||
return callback(errors.AccessDenied);
|
||||
}
|
||||
// second item checks s3:GetObject(Version)Tagging action
|
||||
if (!authorizationResults[1].isAllowed) {
|
||||
if (!authResults[1].isAllowed) {
|
||||
log.trace('get tagging authorization denial ' +
|
||||
'from Vault');
|
||||
returnTagCount = false;
|
||||
}
|
||||
} else {
|
||||
for (let i = 0; i < authorizationResults.length; i++) {
|
||||
if (!authorizationResults[i].isAllowed) {
|
||||
for (let i = 0; i < authResults.length; i++) {
|
||||
if (!authResults[i].isAllowed) {
|
||||
log.trace('authorization denial from Vault');
|
||||
return callback(errors.AccessDenied);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (authorizationResults) {
|
||||
console.log(`\n\n!!!!!!!!!!auth results`);
|
||||
ifAuthResults(authorizationResults);
|
||||
}
|
||||
// issue 100 Continue to the client
|
||||
writeContinue(request, response);
|
||||
if (apiMethod === 'objectPut' || apiMethod === 'objectPutPart') {
|
||||
return this[apiMethod](userInfo, request, streamingV4Params,
|
||||
log, callback);
|
||||
}
|
||||
|
||||
const MAX_POST_LENGTH = request.method.toUpperCase() === 'POST' ?
|
||||
1024 * 1024 : 1024 * 1024 / 2; // 1 MB or 512 KB
|
||||
const post = [];
|
||||
|
@ -157,6 +159,21 @@ const api = {
|
|||
// Convert array of post buffers into one string
|
||||
request.post = Buffer.concat(post, postLength).toString();
|
||||
|
||||
console.log(`\n\n--------auth results?????????? ${authorizationResults}`);
|
||||
// IAM policy -Tag condition keys require information from CloudServer for evaluation
|
||||
return tagConditionKeyAuth(authorizationResults, request, requestContexts, log,
|
||||
(err, tagAuthResults) => {
|
||||
if (err) {
|
||||
log.trace('tag authentication error', { error: err });
|
||||
return callback(err);
|
||||
}
|
||||
if (tagAuthResults) {
|
||||
ifAuthResults(tagAuthResults);
|
||||
}
|
||||
if (apiMethod === 'objectPut' || apiMethod === 'objectPutPart') {
|
||||
return this[apiMethod](userInfo, request, streamingV4Params,
|
||||
log, callback);
|
||||
}
|
||||
if (apiMethod === 'objectCopy' ||
|
||||
apiMethod === 'objectPutCopyPart') {
|
||||
return this[apiMethod](userInfo, request, sourceBucket,
|
||||
|
@ -166,8 +183,11 @@ const api = {
|
|||
return this[apiMethod](userInfo, request,
|
||||
returnTagCount, log, callback);
|
||||
}
|
||||
const util = require('util');
|
||||
console.log(`\n\n------- request post in api method call:::::: ${util.inspect(request.post, false, null)}`);
|
||||
return this[apiMethod](userInfo, request, log, callback);
|
||||
});
|
||||
});
|
||||
return undefined;
|
||||
}, 's3', requestContexts);
|
||||
},
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
const async = require('async');
|
||||
const { auth, s3middleware } = require('arsenal');
|
||||
const metadata = require('../../../metadata/wrapper');
|
||||
const { decodeVersionId } = require('../object/versioning');
|
||||
|
||||
const { parseTagXml } = s3middleware.tagging;
|
||||
|
||||
function makeTagQuery(tags) {
|
||||
const tagsArray = Object.keys(tags);
|
||||
tagsArray.map(t => `${t}=${tags[t]}`);
|
||||
return tagsArray.join(',');
|
||||
}
|
||||
|
||||
function updateRequestContexts(request, requestContexts, log, cb) {
|
||||
requestContexts.forEach(rc => {
|
||||
rc.setNeedTagEval(true);
|
||||
|
||||
async.series([
|
||||
next => {
|
||||
if (request.post) {
|
||||
parseTagXml(request.post, log, (err, tags) => {
|
||||
if (err) {
|
||||
log.trace('error parsing request tags');
|
||||
return next(err);
|
||||
}
|
||||
rc.setRequestObjTags(makeTagQuery(tags));
|
||||
return next();
|
||||
});
|
||||
}
|
||||
process.nextTick(() => next());
|
||||
},
|
||||
next => {
|
||||
const objectKey = request.objectKey;
|
||||
const bucketName = request.bucketName;
|
||||
const decodedVidResult = decodeVersionId(request.query);
|
||||
if (decodedVidResult instanceof Error) {
|
||||
log.trace('invalid versionId query', {
|
||||
versionId: request.query.versionId,
|
||||
error: decodedVidResult,
|
||||
});
|
||||
return process.nextTick(() => next(decodedVidResult));
|
||||
}
|
||||
const reqVersionId = decodedVidResult;
|
||||
|
||||
return metadata.getObjectMD(bucketName, objectKey, { versionId: reqVersionId }, log,
|
||||
(err, objMD) => {
|
||||
if (err) {
|
||||
log.trace('error getting request object tags');
|
||||
return next(err);
|
||||
}
|
||||
const existingTags = objMD['x-amz-tagging'];
|
||||
rc.setExistingObjTags(makeTagQuery(existingTags));
|
||||
return next();
|
||||
});
|
||||
},
|
||||
], err => {
|
||||
if (err) {
|
||||
log.trace('error processing tag condition key evaluation');
|
||||
return cb(err);
|
||||
}
|
||||
return cb(null, requestContexts);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function tagConditionKeyAuth(authorizationResults, request, requestContexts, log, cb) {
|
||||
if (!authorizationResults) {
|
||||
return cb();
|
||||
}
|
||||
if (!authorizationResults.some(authRes => authRes.checkTagConditions)) {
|
||||
return cb();
|
||||
}
|
||||
|
||||
return updateRequestContexts(request, requestContexts, log, (err, updatedContexts) => {
|
||||
if (err) {
|
||||
return cb(err);
|
||||
}
|
||||
return auth.server.doAuth(request, log,
|
||||
(err, userInfo, tagAuthResults) => cb(err, tagAuthResults), 's3', updatedContexts);
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = tagConditionKeyAuth;
|
|
@ -46,6 +46,8 @@ function objectPutTagging(authInfo, request, log, callback) {
|
|||
versionId: reqVersionId,
|
||||
};
|
||||
|
||||
const util = require('util');
|
||||
console.log(`\n\n------- REQUEST POST IN PUT OBJ TAGGING::::::::; ${util.inspect(request.post, false, null)}`);
|
||||
return async.waterfall([
|
||||
next => metadataValidateBucketAndObj(metadataValParams, log,
|
||||
(err, bucket, objectMD) => {
|
||||
|
@ -75,6 +77,8 @@ function objectPutTagging(authInfo, request, log, callback) {
|
|||
},
|
||||
(bucket, tags, objectMD, next) => {
|
||||
// eslint-disable-next-line no-param-reassign
|
||||
const util = require('util');
|
||||
console.log(`\n\n----------PARSED TAG XML::::: ${util.inspect(tags, false, null)}\n\n`);
|
||||
objectMD.tags = tags;
|
||||
const params = objectMD.versionId ? { versionId:
|
||||
objectMD.versionId } : {};
|
||||
|
|
Loading…
Reference in New Issue