Compare commits

...

3 Commits

Author SHA1 Message Date
Rahul Padigela 6ef8d5267f feature: S3C-1903 allow public reads on buckets
This change supports proving a whitelist of buckets that have public-read
canned acl set, to allow reads from anonymous users on objects without
having to explicitly set public-read acl on them.
2018-12-27 10:55:47 +00:00
Stephane Cance 0b33d59b34 bump hf 7.4.2 2018-11-28 12:33:43 +00:00
Stephane Cance 53ebb8fc25 bump version to 7.4.2 2018-11-28 12:32:44 +00:00
2 changed files with 24 additions and 10 deletions

View File

@ -1,5 +1,9 @@
const constants = require('../../../../constants'); const constants = require('../../../../constants');
// whitelist buckets to allow public read on objects
const publicReadBuckets = process.env.ALLOW_PUBLIC_READ_BUCKETS ?
process.env.ALLOW_PUBLIC_READ_BUCKETS.split(',') : [];
function isBucketAuthorized(bucket, requestType, canonicalID) { function isBucketAuthorized(bucket, requestType, canonicalID) {
// Check to see if user is authorized to perform a // Check to see if user is authorized to perform a
// particular action on bucket based on ACLs. // particular action on bucket based on ACLs.
@ -115,6 +119,16 @@ function isObjAuthorized(bucket, objectMD, requestType, canonicalID) {
return true; return true;
} }
} }
// allow public reads on buckets that are whitelisted for anonymous reads
// TODO: remove this after bucket policies are implemented
const bucketAcl = bucket.getAcl();
const allowPublicReads = publicReadBuckets.includes(bucket.getName()) &&
bucketAcl.Canned === 'public-read' &&
(requestType === 'objectGet' || requestType === 'objectHead');
if (allowPublicReads) {
return true;
}
return false; return false;
} }

View File

@ -1,6 +1,6 @@
{ {
"name": "s3", "name": "s3",
"version": "7.4.0", "version": "7.4.2",
"description": "S3 connector", "description": "S3 connector",
"main": "index.js", "main": "index.js",
"engines": { "engines": {
@ -19,11 +19,11 @@
}, },
"homepage": "https://github.com/scality/S3#readme", "homepage": "https://github.com/scality/S3#readme",
"dependencies": { "dependencies": {
"arsenal": "scality/Arsenal#879823c4", "arsenal": "scality/Arsenal#hotfix/7.4.2",
"async": "~2.5.0", "async": "~2.5.0",
"aws-sdk": "2.28.0", "aws-sdk": "2.28.0",
"azure-storage": "^2.1.0", "azure-storage": "^2.1.0",
"bucketclient": "scality/bucketclient#b74165ac", "bucketclient": "scality/bucketclient#hotfix/7.4.2",
"commander": "^2.9.0", "commander": "^2.9.0",
"diskusage": "0.2.4", "diskusage": "0.2.4",
"google-auto-auth": "^0.9.1", "google-auto-auth": "^0.9.1",
@ -31,19 +31,19 @@
"mongodb": "^2.2.31", "mongodb": "^2.2.31",
"node-uuid": "^1.4.3", "node-uuid": "^1.4.3",
"npm-run-all": "~4.0.2", "npm-run-all": "~4.0.2",
"sproxydclient": "scality/sproxydclient#6a391f8d", "sproxydclient": "scality/sproxydclient#hotfix/7.4.2",
"utapi": "scality/utapi#cd3324df", "utapi": "scality/utapi#hotfix/7.4.2",
"utf8": "~2.1.1", "utf8": "~2.1.1",
"uuid": "^3.0.1", "uuid": "^3.0.1",
"vaultclient": "scality/vaultclient#fbd9988d", "vaultclient": "scality/vaultclient#hotfix/7.4.2",
"werelogs": "scality/werelogs#0ff7ec82", "werelogs": "scality/werelogs#hotfix/7.4.2",
"xml2js": "~0.4.16" "xml2js": "~0.4.16"
}, },
"devDependencies": { "devDependencies": {
"bluebird": "^3.3.1", "bluebird": "^3.3.1",
"eslint": "^2.4.0", "eslint": "^2.4.0",
"eslint-config-airbnb": "^6.0.0", "eslint-config-airbnb": "^6.0.0",
"eslint-config-scality": "scality/Guidelines#71a059ad", "eslint-config-scality": "scality/Guidelines#hotfix/7.4.2",
"ioredis": "2.4.0", "ioredis": "2.4.0",
"istanbul": "1.0.0-alpha.2", "istanbul": "1.0.0-alpha.2",
"istanbul-api": "1.0.0-alpha.13", "istanbul-api": "1.0.0-alpha.13",
@ -51,11 +51,11 @@
"mocha": "^2.3.4", "mocha": "^2.3.4",
"mocha-junit-reporter": "1.11.1", "mocha-junit-reporter": "1.11.1",
"node-mocks-http": "1.5.2", "node-mocks-http": "1.5.2",
"s3blaster": "scality/s3blaster#7a836b6e", "s3blaster": "scality/s3blaster#hotfix/7.4.2",
"tv4": "^1.2.7" "tv4": "^1.2.7"
}, },
"optionalDependencies": { "optionalDependencies": {
"cdmiclient": "scality/cdmiclient#9ff12c18" "cdmiclient": "scality/cdmiclient#hotfix/7.4.2"
}, },
"scripts": { "scripts": {
"ft_awssdk": "cd tests/functional/aws-node-sdk && mocha test/", "ft_awssdk": "cd tests/functional/aws-node-sdk && mocha test/",