2015-06-30 17:42:29 -04:00
|
|
|
/*
|
2016-03-05 19:43:48 -05:00
|
|
|
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
|
2015-06-30 17:42:29 -04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2015-09-19 03:52:01 -04:00
|
|
|
package main
|
2015-06-30 17:42:29 -04:00
|
|
|
|
|
|
|
import (
|
2016-02-15 20:42:39 -05:00
|
|
|
"bytes"
|
2016-04-02 01:45:27 -04:00
|
|
|
"encoding/base64"
|
|
|
|
"encoding/hex"
|
2016-03-05 19:43:48 -05:00
|
|
|
"encoding/xml"
|
2016-02-15 20:42:39 -05:00
|
|
|
"io"
|
2015-10-16 14:26:01 -04:00
|
|
|
"io/ioutil"
|
2016-02-15 20:42:39 -05:00
|
|
|
"mime/multipart"
|
2015-06-30 17:42:29 -04:00
|
|
|
"net/http"
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
"net/url"
|
|
|
|
"strings"
|
2015-06-30 17:42:29 -04:00
|
|
|
|
2016-02-21 20:57:05 -05:00
|
|
|
mux "github.com/gorilla/mux"
|
2015-06-30 17:42:29 -04:00
|
|
|
)
|
|
|
|
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-03-10 05:24:52 -05:00
|
|
|
func enforceBucketPolicy(action string, bucket string, reqURL *url.URL) (s3Error APIErrorCode) {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
// Read saved bucket policy.
|
|
|
|
policy, err := readBucketPolicy(bucket)
|
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable read bucket policy.")
|
2016-04-29 17:24:10 -04:00
|
|
|
switch err.(type) {
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
case BucketNotFound:
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrNoSuchBucket
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
case BucketNameInvalid:
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrInvalidBucketName
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
default:
|
|
|
|
// For any other error just return AccessDenied.
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrAccessDenied
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
// Parse the saved policy.
|
2016-04-29 17:24:10 -04:00
|
|
|
bucketPolicy, err := parseBucketPolicy(policy)
|
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to parse bucket policy.")
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrAccessDenied
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
2016-05-04 19:56:57 -04:00
|
|
|
// Construct resource in 'arn:aws:s3:::examplebucket/object' format.
|
bucketpolicy: Improve bucket policy validation, avoid nested rules.
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.
This patch implements stricter checks.
Example policy to be generally avoided.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/restic/key/*"
]
}
]
}
```
2016-03-15 13:38:04 -04:00
|
|
|
resource := AWSResourcePrefix + strings.TrimPrefix(reqURL.Path, "/")
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
|
|
|
|
// Get conditions for policy verification.
|
|
|
|
conditions := make(map[string]string)
|
|
|
|
for queryParam := range reqURL.Query() {
|
2016-04-15 21:23:19 -04:00
|
|
|
conditions[queryParam] = reqURL.Query().Get(queryParam)
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Validate action, resource and conditions with current policy statements.
|
bucketpolicy: Improve bucket policy validation, avoid nested rules.
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.
This patch implements stricter checks.
Example policy to be generally avoided.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/restic/key/*"
]
}
]
}
```
2016-03-15 13:38:04 -04:00
|
|
|
if !bucketPolicyEvalStatements(action, resource, conditions, bucketPolicy.Statements) {
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrAccessDenied
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrNone
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
2015-12-27 02:38:38 -05:00
|
|
|
// GetBucketLocationHandler - GET Bucket location.
|
|
|
|
// -------------------------
|
|
|
|
// This operation returns bucket location.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-12-27 02:38:38 -05:00
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypeAnonymous:
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-03-10 05:24:52 -05:00
|
|
|
if s3Error := enforceBucketPolicy("s3:GetBucketLocation", bucket, r.URL); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypeSigned, authTypePresigned:
|
2016-04-29 17:24:10 -04:00
|
|
|
payload, err := ioutil.ReadAll(r.Body)
|
|
|
|
if err != nil {
|
2016-04-02 01:45:27 -04:00
|
|
|
writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
// Verify Content-Md5, if payload is set.
|
|
|
|
if r.Header.Get("Content-Md5") != "" {
|
|
|
|
if r.Header.Get("Content-Md5") != base64.StdEncoding.EncodeToString(sumMD5(payload)) {
|
|
|
|
writeErrorResponse(w, r, ErrBadDigest, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Populate back the payload.
|
|
|
|
r.Body = ioutil.NopCloser(bytes.NewReader(payload))
|
|
|
|
var s3Error APIErrorCode // API error code.
|
|
|
|
validateRegion := false // Validate region.
|
|
|
|
if isRequestSignatureV4(r) {
|
|
|
|
s3Error = doesSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
|
|
|
|
} else if isRequestPresignedSignatureV4(r) {
|
2016-04-07 06:04:18 -04:00
|
|
|
s3Error = doesPresignedSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
|
2016-04-02 01:45:27 -04:00
|
|
|
}
|
|
|
|
if s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := api.ObjectAPI.GetBucketInfo(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to fetch bucket info.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2016-01-19 20:49:48 -05:00
|
|
|
return
|
2015-12-27 02:38:38 -05:00
|
|
|
}
|
|
|
|
|
2016-02-15 20:42:39 -05:00
|
|
|
// Generate response.
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse := encodeResponse(LocationResponse{})
|
config/main: Re-write config files - add to new config v3
- New config format.
```
{
"version": "3",
"address": ":9000",
"backend": {
"type": "fs",
"disk": "/path"
},
"credential": {
"accessKey": "WLGDGYAQYIGI833EV05A",
"secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF"
},
"region": "us-east-1",
"logger": {
"file": {
"enable": false,
"fileName": "",
"level": "error"
},
"syslog": {
"enable": false,
"address": "",
"level": "debug"
},
"console": {
"enable": true,
"level": "fatal"
}
}
}
```
New command lines in lieu of supporting XL.
Minio initialize filesystem backend.
~~~
$ minio init fs <path>
~~~
Minio initialize XL backend.
~~~
$ minio init xl <url1>...<url16>
~~~
For 'fs' backend it starts the server.
~~~
$ minio server
~~~
For 'xl' backend it waits for servers to join.
~~~
$ minio server
... [PROGRESS BAR] of servers connecting
~~~
Now on other servers execute 'join' and they connect.
~~~
....
minio join <url1> -- from <url2> && minio server
minio join <url1> -- from <url3> && minio server
...
...
minio join <url1> -- from <url16> && minio server
~~~
2016-02-12 18:27:10 -05:00
|
|
|
// Get current region.
|
|
|
|
region := serverConfig.GetRegion()
|
|
|
|
if region != "us-east-1" {
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse = encodeResponse(LocationResponse{
|
config/main: Re-write config files - add to new config v3
- New config format.
```
{
"version": "3",
"address": ":9000",
"backend": {
"type": "fs",
"disk": "/path"
},
"credential": {
"accessKey": "WLGDGYAQYIGI833EV05A",
"secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF"
},
"region": "us-east-1",
"logger": {
"file": {
"enable": false,
"fileName": "",
"level": "error"
},
"syslog": {
"enable": false,
"address": "",
"level": "debug"
},
"console": {
"enable": true,
"level": "fatal"
}
}
}
```
New command lines in lieu of supporting XL.
Minio initialize filesystem backend.
~~~
$ minio init fs <path>
~~~
Minio initialize XL backend.
~~~
$ minio init xl <url1>...<url16>
~~~
For 'fs' backend it starts the server.
~~~
$ minio server
~~~
For 'xl' backend it waits for servers to join.
~~~
$ minio server
... [PROGRESS BAR] of servers connecting
~~~
Now on other servers execute 'join' and they connect.
~~~
....
minio join <url1> -- from <url2> && minio server
minio join <url1> -- from <url3> && minio server
...
...
minio join <url1> -- from <url16> && minio server
~~~
2016-02-12 18:27:10 -05:00
|
|
|
Location: region,
|
2016-02-15 20:42:39 -05:00
|
|
|
})
|
|
|
|
}
|
2016-04-02 01:45:27 -04:00
|
|
|
setCommonHeaders(w) // Write headers.
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-12-27 02:38:38 -05:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// ListMultipartUploadsHandler - GET Bucket (List Multipart uploads)
|
2015-06-30 17:42:29 -04:00
|
|
|
// -------------------------
|
|
|
|
// This operation lists in-progress multipart uploads. An in-progress
|
|
|
|
// multipart upload is a multipart upload that has been initiated,
|
2015-10-16 22:09:35 -04:00
|
|
|
// using the Initiate Multipart Upload request, but has not yet been
|
|
|
|
// completed or aborted. This operation returns at most 1,000 multipart
|
|
|
|
// uploads in the response.
|
2015-06-30 17:42:29 -04:00
|
|
|
//
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) ListMultipartUploadsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-10-16 22:09:35 -04:00
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypeAnonymous:
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
|
2016-03-10 05:24:52 -05:00
|
|
|
if s3Error := enforceBucketPolicy("s3:ListBucketMultipartUploads", bucket, r.URL); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypePresigned, authTypeSigned:
|
2016-03-12 19:08:15 -05:00
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
prefix, keyMarker, uploadIDMarker, delimiter, maxUploads, _ := getBucketMultipartResources(r.URL.Query())
|
|
|
|
if maxUploads < 0 {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrInvalidMaxUploads, r.URL.Path)
|
2015-07-16 20:22:45 -04:00
|
|
|
return
|
|
|
|
}
|
2016-04-05 15:26:17 -04:00
|
|
|
if keyMarker != "" {
|
2016-04-29 17:24:10 -04:00
|
|
|
// Marker not common with prefix is not implemented.
|
|
|
|
if !strings.HasPrefix(keyMarker, prefix) {
|
|
|
|
writeErrorResponse(w, r, ErrNotImplemented, r.URL.Path)
|
|
|
|
return
|
2016-04-05 15:26:17 -04:00
|
|
|
}
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
listMultipartsInfo, err := api.ObjectAPI.ListMultipartUploads(bucket, prefix, keyMarker, uploadIDMarker, delimiter, maxUploads)
|
2015-09-19 06:20:07 -04:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to list multipart uploads.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-19 06:20:07 -04:00
|
|
|
// generate response
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
response := generateListMultipartUploadsResponse(bucket, listMultipartsInfo)
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
2016-01-08 03:40:06 -05:00
|
|
|
// write headers.
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// write success response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// ListBucketsHandler - GET Service
|
2015-06-30 17:42:29 -04:00
|
|
|
// -----------
|
|
|
|
// This implementation of the GET operation returns a list of all buckets
|
|
|
|
// owned by the authenticated sender of the request.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-17 16:23:15 -04:00
|
|
|
// List buckets does not support bucket policies, no need to enforce it.
|
2016-07-19 02:56:27 -04:00
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
2016-07-17 16:23:15 -04:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
bucketsInfo, err := api.ObjectAPI.ListBuckets()
|
2016-07-17 16:23:15 -04:00
|
|
|
if err != nil {
|
|
|
|
errorIf(err, "Unable to list buckets.")
|
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2016-07-17 16:23:15 -04:00
|
|
|
|
|
|
|
// Generate response.
|
|
|
|
response := generateListBucketsResponse(bucketsInfo)
|
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
|
|
|
// Write headers.
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// Write response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2016-03-05 19:43:48 -05:00
|
|
|
// DeleteMultipleObjectsHandler - deletes multiple objects.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-03-05 19:43:48 -05:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-03-12 19:08:15 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
|
|
|
return
|
|
|
|
case authTypeAnonymous:
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-03-12 19:08:15 -05:00
|
|
|
if s3Error := enforceBucketPolicy("s3:DeleteObject", bucket, r.URL); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypePresigned, authTypeSigned:
|
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-05 19:43:48 -05:00
|
|
|
// Content-Length is required and should be non-zero
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
|
|
|
|
if r.ContentLength <= 0 {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMissingContentLength, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Content-Md5 is requied should be set
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
|
|
|
|
if _, ok := r.Header["Content-Md5"]; !ok {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMissingContentMD5, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Allocate incoming content length bytes.
|
|
|
|
deleteXMLBytes := make([]byte, r.ContentLength)
|
|
|
|
|
|
|
|
// Read incoming body XML bytes.
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := io.ReadFull(r.Body, deleteXMLBytes); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to read HTTP body.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Unmarshal list of keys to be deleted.
|
|
|
|
deleteObjects := &DeleteObjectsRequest{}
|
2016-04-29 17:24:10 -04:00
|
|
|
if err := xml.Unmarshal(deleteXMLBytes, deleteObjects); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to unmarshal delete objects request XML.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedXML, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var deleteErrors []DeleteError
|
|
|
|
var deletedObjects []ObjectIdentifier
|
|
|
|
// Loop through all the objects and delete them sequentially.
|
|
|
|
for _, object := range deleteObjects.Objects {
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
err := api.ObjectAPI.DeleteObject(bucket, object.ObjectName)
|
2016-03-05 19:43:48 -05:00
|
|
|
if err == nil {
|
|
|
|
deletedObjects = append(deletedObjects, ObjectIdentifier{
|
|
|
|
ObjectName: object.ObjectName,
|
|
|
|
})
|
|
|
|
} else {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to delete object.")
|
2016-05-05 23:24:29 -04:00
|
|
|
deleteErrors = append(deleteErrors, DeleteError{
|
|
|
|
Code: errorCodeResponse[toAPIErrorCode(err)].Code,
|
|
|
|
Message: errorCodeResponse[toAPIErrorCode(err)].Description,
|
|
|
|
Key: object.ObjectName,
|
|
|
|
})
|
2016-03-05 19:43:48 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
// Generate response
|
|
|
|
response := generateMultiDeleteResponse(deleteObjects.Quiet, deletedObjects, deleteErrors)
|
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
|
|
|
// Write headers
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// Write success response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// PutBucketHandler - PUT Bucket
|
2015-06-30 17:42:29 -04:00
|
|
|
// ----------
|
|
|
|
// This implementation of the PUT operation creates a new bucket for authenticated request
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-19 02:56:27 -04:00
|
|
|
// PutBucket does not support policies, use checkAuth to validate signature.
|
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-04 15:52:25 -05:00
|
|
|
return
|
2015-07-14 12:17:30 -04:00
|
|
|
}
|
|
|
|
|
2016-07-19 02:56:27 -04:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-07-19 00:20:17 -04:00
|
|
|
// Validate if incoming location constraint is valid, reject
|
|
|
|
// requests which do not follow valid region requirements.
|
2016-07-19 02:56:27 -04:00
|
|
|
if s3Error := isValidLocationConstraint(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-04-21 23:08:08 -04:00
|
|
|
return
|
2016-04-20 20:35:38 -04:00
|
|
|
}
|
2016-02-15 20:42:39 -05:00
|
|
|
// Make bucket.
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
err := api.ObjectAPI.MakeBucket(bucket)
|
2015-09-19 06:20:07 -04:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to create a bucket.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-19 06:20:07 -04:00
|
|
|
// Make sure to add Location information here only for bucket
|
2016-03-01 23:01:40 -05:00
|
|
|
w.Header().Set("Location", getLocation(r))
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, nil)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
func extractHTTPFormValues(reader *multipart.Reader) (io.Reader, map[string]string, error) {
|
2016-02-15 20:42:39 -05:00
|
|
|
/// HTML Form values
|
|
|
|
formValues := make(map[string]string)
|
|
|
|
filePart := new(bytes.Buffer)
|
2016-04-29 17:24:10 -04:00
|
|
|
var err error
|
|
|
|
for err == nil {
|
2016-02-15 20:42:39 -05:00
|
|
|
var part *multipart.Part
|
2016-04-29 17:24:10 -04:00
|
|
|
part, err = reader.NextPart()
|
2016-02-15 20:42:39 -05:00
|
|
|
if part != nil {
|
|
|
|
if part.FileName() == "" {
|
2016-04-29 17:24:10 -04:00
|
|
|
var buffer []byte
|
|
|
|
buffer, err = ioutil.ReadAll(part)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
2016-02-15 20:42:39 -05:00
|
|
|
}
|
|
|
|
formValues[http.CanonicalHeaderKey(part.FormName())] = string(buffer)
|
|
|
|
} else {
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err = io.Copy(filePart, part); err != nil {
|
|
|
|
return nil, nil, err
|
2016-02-15 20:42:39 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return filePart, formValues, nil
|
|
|
|
}
|
|
|
|
|
2015-10-02 02:51:17 -04:00
|
|
|
// PostPolicyBucketHandler - POST policy
|
|
|
|
// ----------
|
|
|
|
// This implementation of the POST operation handles object creation with a specified
|
|
|
|
// signature policy in multipart/form-data
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) PostPolicyBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2015-10-02 02:51:17 -04:00
|
|
|
// Here the parameter is the size of the form data that should
|
2016-03-22 20:54:31 -04:00
|
|
|
// be loaded in memory, the remaining being put in temporary files.
|
2016-04-29 17:24:10 -04:00
|
|
|
reader, err := r.MultipartReader()
|
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to initialize multipart reader.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-02-04 15:52:25 -05:00
|
|
|
fileBody, formValues, err := extractHTTPFormValues(reader)
|
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to parse form values.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-02-15 20:42:39 -05:00
|
|
|
bucket := mux.Vars(r)["bucket"]
|
2015-10-02 02:51:17 -04:00
|
|
|
formValues["Bucket"] = bucket
|
2015-10-06 13:12:06 -04:00
|
|
|
object := formValues["Key"]
|
2016-02-15 20:42:39 -05:00
|
|
|
|
|
|
|
// Verify policy signature.
|
2016-03-30 23:04:51 -04:00
|
|
|
apiErr := doesPolicySignatureMatch(formValues)
|
|
|
|
if apiErr != ErrNone {
|
|
|
|
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-03-30 23:04:51 -04:00
|
|
|
if apiErr = checkPostPolicy(formValues); apiErr != ErrNone {
|
|
|
|
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
2015-10-06 13:12:06 -04:00
|
|
|
return
|
|
|
|
}
|
2016-05-19 20:10:08 -04:00
|
|
|
|
|
|
|
// Save metadata.
|
|
|
|
metadata := make(map[string]string)
|
|
|
|
// Nothing to store right now.
|
|
|
|
|
|
|
|
md5Sum, err := api.ObjectAPI.PutObject(bucket, object, -1, fileBody, metadata)
|
2016-02-04 15:52:25 -05:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to create object.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-04-16 15:48:41 -04:00
|
|
|
if md5Sum != "" {
|
|
|
|
w.Header().Set("ETag", "\""+md5Sum+"\"")
|
2016-02-01 15:19:54 -05:00
|
|
|
}
|
2016-05-04 18:24:10 -04:00
|
|
|
encodedSuccessResponse := encodeResponse(PostResponse{
|
|
|
|
Location: getObjectLocation(bucket, object), // TODO Full URL is preferred
|
2016-05-05 04:39:26 -04:00
|
|
|
Bucket: bucket,
|
|
|
|
Key: object,
|
|
|
|
ETag: md5Sum,
|
2016-05-04 18:24:10 -04:00
|
|
|
})
|
|
|
|
setCommonHeaders(w)
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-10-02 02:51:17 -04:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// HeadBucketHandler - HEAD Bucket
|
2015-06-30 17:42:29 -04:00
|
|
|
// ----------
|
|
|
|
// This operation is useful to determine if a bucket exists.
|
|
|
|
// The operation returns a 200 OK if the bucket exists and you
|
|
|
|
// have permission to access it. Otherwise, the operation might
|
|
|
|
// return responses such as 404 Not Found and 403 Forbidden.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-06-30 17:42:29 -04:00
|
|
|
bucket := vars["bucket"]
|
2015-07-02 23:31:22 -04:00
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
return
|
2016-04-06 19:40:54 -04:00
|
|
|
case authTypeAnonymous:
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
|
|
|
if s3Error := enforceBucketPolicy("s3:ListBucket", bucket, r.URL); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypePresigned, authTypeSigned:
|
2016-03-12 19:08:15 -05:00
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-04 15:52:25 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := api.ObjectAPI.GetBucketInfo(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to fetch bucket info.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, nil)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
2015-10-16 14:26:01 -04:00
|
|
|
|
|
|
|
// DeleteBucketHandler - Delete bucket
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-19 02:56:27 -04:00
|
|
|
// DeleteBucket does not support bucket policies, use checkAuth to validate signature.
|
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
2016-07-19 02:56:27 -04:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
if err := api.ObjectAPI.DeleteBucket(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to delete a bucket.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-10-16 14:26:01 -04:00
|
|
|
return
|
|
|
|
}
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
|
|
|
|
// Delete bucket access policy, if present - ignore any errors.
|
|
|
|
removeBucketPolicy(bucket)
|
|
|
|
|
|
|
|
// Write success response.
|
2015-10-16 23:02:37 -04:00
|
|
|
writeSuccessNoContent(w)
|
2015-10-16 14:26:01 -04:00
|
|
|
}
|