2015-06-30 17:42:29 -04:00
|
|
|
/*
|
2016-03-05 19:43:48 -05:00
|
|
|
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
|
2015-06-30 17:42:29 -04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2016-08-18 19:23:42 -04:00
|
|
|
package cmd
|
2015-06-30 17:42:29 -04:00
|
|
|
|
|
|
|
import (
|
2016-03-05 19:43:48 -05:00
|
|
|
"encoding/xml"
|
2016-02-15 20:42:39 -05:00
|
|
|
"io"
|
2015-06-30 17:42:29 -04:00
|
|
|
"net/http"
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
"net/url"
|
2016-07-26 22:10:02 -04:00
|
|
|
"path"
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
"strings"
|
2015-06-30 17:42:29 -04:00
|
|
|
|
2016-02-21 20:57:05 -05:00
|
|
|
mux "github.com/gorilla/mux"
|
2016-08-20 06:16:38 -04:00
|
|
|
"github.com/minio/minio-go/pkg/set"
|
2015-06-30 17:42:29 -04:00
|
|
|
)
|
|
|
|
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-08-10 23:10:48 -04:00
|
|
|
// Enforces bucket policies for a bucket for a given tatusaction.
|
|
|
|
func enforceBucketPolicy(bucket string, action string, reqURL *url.URL) (s3Error APIErrorCode) {
|
|
|
|
if !IsValidBucketName(bucket) {
|
|
|
|
return ErrInvalidBucketName
|
|
|
|
}
|
|
|
|
// Fetch bucket policy, if policy is not set return access denied.
|
|
|
|
policy := globalBucketPolicies.GetBucketPolicy(bucket)
|
|
|
|
if policy == nil {
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrAccessDenied
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
2016-05-04 19:56:57 -04:00
|
|
|
// Construct resource in 'arn:aws:s3:::examplebucket/object' format.
|
bucketpolicy: Improve bucket policy validation, avoid nested rules.
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.
This patch implements stricter checks.
Example policy to be generally avoided.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/restic/key/*"
]
}
]
}
```
2016-03-15 13:38:04 -04:00
|
|
|
resource := AWSResourcePrefix + strings.TrimPrefix(reqURL.Path, "/")
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
|
|
|
|
// Get conditions for policy verification.
|
2016-08-20 06:16:38 -04:00
|
|
|
conditionKeyMap := make(map[string]set.StringSet)
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
for queryParam := range reqURL.Query() {
|
2016-08-20 06:16:38 -04:00
|
|
|
conditionKeyMap[queryParam] = set.CreateStringSet(reqURL.Query().Get(queryParam))
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Validate action, resource and conditions with current policy statements.
|
2016-08-20 06:16:38 -04:00
|
|
|
if !bucketPolicyEvalStatements(action, resource, conditionKeyMap, policy.Statements) {
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrAccessDenied
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
2016-03-10 05:24:52 -05:00
|
|
|
return ErrNone
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
}
|
|
|
|
|
2015-12-27 02:38:38 -05:00
|
|
|
// GetBucketLocationHandler - GET Bucket location.
|
|
|
|
// -------------------------
|
|
|
|
// This operation returns bucket location.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-12-27 02:38:38 -05:00
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypeAnonymous:
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-08-10 23:10:48 -04:00
|
|
|
if s3Error := enforceBucketPolicy(bucket, "s3:GetBucketLocation", r.URL); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypeSigned, authTypePresigned:
|
2016-08-04 18:49:35 -04:00
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := api.ObjectAPI.GetBucketInfo(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to fetch bucket info.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2016-01-19 20:49:48 -05:00
|
|
|
return
|
2015-12-27 02:38:38 -05:00
|
|
|
}
|
|
|
|
|
2016-02-15 20:42:39 -05:00
|
|
|
// Generate response.
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse := encodeResponse(LocationResponse{})
|
config/main: Re-write config files - add to new config v3
- New config format.
```
{
"version": "3",
"address": ":9000",
"backend": {
"type": "fs",
"disk": "/path"
},
"credential": {
"accessKey": "WLGDGYAQYIGI833EV05A",
"secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF"
},
"region": "us-east-1",
"logger": {
"file": {
"enable": false,
"fileName": "",
"level": "error"
},
"syslog": {
"enable": false,
"address": "",
"level": "debug"
},
"console": {
"enable": true,
"level": "fatal"
}
}
}
```
New command lines in lieu of supporting XL.
Minio initialize filesystem backend.
~~~
$ minio init fs <path>
~~~
Minio initialize XL backend.
~~~
$ minio init xl <url1>...<url16>
~~~
For 'fs' backend it starts the server.
~~~
$ minio server
~~~
For 'xl' backend it waits for servers to join.
~~~
$ minio server
... [PROGRESS BAR] of servers connecting
~~~
Now on other servers execute 'join' and they connect.
~~~
....
minio join <url1> -- from <url2> && minio server
minio join <url1> -- from <url3> && minio server
...
...
minio join <url1> -- from <url16> && minio server
~~~
2016-02-12 18:27:10 -05:00
|
|
|
// Get current region.
|
|
|
|
region := serverConfig.GetRegion()
|
|
|
|
if region != "us-east-1" {
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse = encodeResponse(LocationResponse{
|
config/main: Re-write config files - add to new config v3
- New config format.
```
{
"version": "3",
"address": ":9000",
"backend": {
"type": "fs",
"disk": "/path"
},
"credential": {
"accessKey": "WLGDGYAQYIGI833EV05A",
"secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF"
},
"region": "us-east-1",
"logger": {
"file": {
"enable": false,
"fileName": "",
"level": "error"
},
"syslog": {
"enable": false,
"address": "",
"level": "debug"
},
"console": {
"enable": true,
"level": "fatal"
}
}
}
```
New command lines in lieu of supporting XL.
Minio initialize filesystem backend.
~~~
$ minio init fs <path>
~~~
Minio initialize XL backend.
~~~
$ minio init xl <url1>...<url16>
~~~
For 'fs' backend it starts the server.
~~~
$ minio server
~~~
For 'xl' backend it waits for servers to join.
~~~
$ minio server
... [PROGRESS BAR] of servers connecting
~~~
Now on other servers execute 'join' and they connect.
~~~
....
minio join <url1> -- from <url2> && minio server
minio join <url1> -- from <url3> && minio server
...
...
minio join <url1> -- from <url16> && minio server
~~~
2016-02-12 18:27:10 -05:00
|
|
|
Location: region,
|
2016-02-15 20:42:39 -05:00
|
|
|
})
|
|
|
|
}
|
2016-04-02 01:45:27 -04:00
|
|
|
setCommonHeaders(w) // Write headers.
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-12-27 02:38:38 -05:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// ListMultipartUploadsHandler - GET Bucket (List Multipart uploads)
|
2015-06-30 17:42:29 -04:00
|
|
|
// -------------------------
|
|
|
|
// This operation lists in-progress multipart uploads. An in-progress
|
|
|
|
// multipart upload is a multipart upload that has been initiated,
|
2015-10-16 22:09:35 -04:00
|
|
|
// using the Initiate Multipart Upload request, but has not yet been
|
|
|
|
// completed or aborted. This operation returns at most 1,000 multipart
|
|
|
|
// uploads in the response.
|
2015-06-30 17:42:29 -04:00
|
|
|
//
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) ListMultipartUploadsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-10-16 22:09:35 -04:00
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypeAnonymous:
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
|
2016-08-10 23:10:48 -04:00
|
|
|
if s3Error := enforceBucketPolicy(bucket, "s3:ListBucketMultipartUploads", r.URL); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypePresigned, authTypeSigned:
|
2016-03-12 19:08:15 -05:00
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
prefix, keyMarker, uploadIDMarker, delimiter, maxUploads, _ := getBucketMultipartResources(r.URL.Query())
|
|
|
|
if maxUploads < 0 {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrInvalidMaxUploads, r.URL.Path)
|
2015-07-16 20:22:45 -04:00
|
|
|
return
|
|
|
|
}
|
2016-04-05 15:26:17 -04:00
|
|
|
if keyMarker != "" {
|
2016-04-29 17:24:10 -04:00
|
|
|
// Marker not common with prefix is not implemented.
|
|
|
|
if !strings.HasPrefix(keyMarker, prefix) {
|
|
|
|
writeErrorResponse(w, r, ErrNotImplemented, r.URL.Path)
|
|
|
|
return
|
2016-04-05 15:26:17 -04:00
|
|
|
}
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
listMultipartsInfo, err := api.ObjectAPI.ListMultipartUploads(bucket, prefix, keyMarker, uploadIDMarker, delimiter, maxUploads)
|
2015-09-19 06:20:07 -04:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to list multipart uploads.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-19 06:20:07 -04:00
|
|
|
// generate response
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
response := generateListMultipartUploadsResponse(bucket, listMultipartsInfo)
|
2016-03-06 15:16:22 -05:00
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
2016-01-08 03:40:06 -05:00
|
|
|
// write headers.
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// write success response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// ListBucketsHandler - GET Service
|
2015-06-30 17:42:29 -04:00
|
|
|
// -----------
|
|
|
|
// This implementation of the GET operation returns a list of all buckets
|
|
|
|
// owned by the authenticated sender of the request.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-17 16:23:15 -04:00
|
|
|
// List buckets does not support bucket policies, no need to enforce it.
|
2016-07-19 02:56:27 -04:00
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
2016-07-17 16:23:15 -04:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
objectAPI: Fix object API interface, remove unnecessary structs.
ObjectAPI changes.
```
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsInfo, *probe.Error)
ListMultipartUploads(bucket, objectPrefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int) (ListMultipartsInfo, *probe.Error)
ListObjectParts(bucket, object, uploadID string, partNumberMarker, maxParts int) (ListPartsInfo, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []completePart) (ObjectInfo, *probe.Error)
```
2016-04-03 04:34:20 -04:00
|
|
|
bucketsInfo, err := api.ObjectAPI.ListBuckets()
|
2016-07-17 16:23:15 -04:00
|
|
|
if err != nil {
|
|
|
|
errorIf(err, "Unable to list buckets.")
|
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2016-07-17 16:23:15 -04:00
|
|
|
|
|
|
|
// Generate response.
|
|
|
|
response := generateListBucketsResponse(bucketsInfo)
|
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
|
|
|
// Write headers.
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// Write response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2016-03-05 19:43:48 -05:00
|
|
|
// DeleteMultipleObjectsHandler - deletes multiple objects.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Request) {
|
2016-03-05 19:43:48 -05:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-03-12 19:08:15 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
|
|
|
return
|
|
|
|
case authTypeAnonymous:
|
2016-04-06 21:31:40 -04:00
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-08-10 23:10:48 -04:00
|
|
|
if s3Error := enforceBucketPolicy(bucket, "s3:DeleteObject", r.URL); s3Error != ErrNone {
|
2016-03-12 19:08:15 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
case authTypePresigned, authTypeSigned:
|
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-05 19:43:48 -05:00
|
|
|
// Content-Length is required and should be non-zero
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
|
|
|
|
if r.ContentLength <= 0 {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMissingContentLength, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Content-Md5 is requied should be set
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
|
|
|
|
if _, ok := r.Header["Content-Md5"]; !ok {
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMissingContentMD5, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Allocate incoming content length bytes.
|
|
|
|
deleteXMLBytes := make([]byte, r.ContentLength)
|
|
|
|
|
|
|
|
// Read incoming body XML bytes.
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := io.ReadFull(r.Body, deleteXMLBytes); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to read HTTP body.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Unmarshal list of keys to be deleted.
|
|
|
|
deleteObjects := &DeleteObjectsRequest{}
|
2016-04-29 17:24:10 -04:00
|
|
|
if err := xml.Unmarshal(deleteXMLBytes, deleteObjects); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to unmarshal delete objects request XML.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedXML, r.URL.Path)
|
2016-03-05 19:43:48 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var deleteErrors []DeleteError
|
|
|
|
var deletedObjects []ObjectIdentifier
|
|
|
|
// Loop through all the objects and delete them sequentially.
|
|
|
|
for _, object := range deleteObjects.Objects {
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
err := api.ObjectAPI.DeleteObject(bucket, object.ObjectName)
|
2016-03-05 19:43:48 -05:00
|
|
|
if err == nil {
|
|
|
|
deletedObjects = append(deletedObjects, ObjectIdentifier{
|
|
|
|
ObjectName: object.ObjectName,
|
|
|
|
})
|
|
|
|
} else {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to delete object.")
|
2016-05-05 23:24:29 -04:00
|
|
|
deleteErrors = append(deleteErrors, DeleteError{
|
|
|
|
Code: errorCodeResponse[toAPIErrorCode(err)].Code,
|
|
|
|
Message: errorCodeResponse[toAPIErrorCode(err)].Description,
|
|
|
|
Key: object.ObjectName,
|
|
|
|
})
|
2016-03-05 19:43:48 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
// Generate response
|
|
|
|
response := generateMultiDeleteResponse(deleteObjects.Quiet, deletedObjects, deleteErrors)
|
|
|
|
encodedSuccessResponse := encodeResponse(response)
|
|
|
|
// Write headers
|
|
|
|
setCommonHeaders(w)
|
|
|
|
// Write success response.
|
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// PutBucketHandler - PUT Bucket
|
2015-06-30 17:42:29 -04:00
|
|
|
// ----------
|
|
|
|
// This implementation of the PUT operation creates a new bucket for authenticated request
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-19 02:56:27 -04:00
|
|
|
// PutBucket does not support policies, use checkAuth to validate signature.
|
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-04 15:52:25 -05:00
|
|
|
return
|
2015-07-14 12:17:30 -04:00
|
|
|
}
|
|
|
|
|
2016-07-19 02:56:27 -04:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-07-19 00:20:17 -04:00
|
|
|
// Validate if incoming location constraint is valid, reject
|
|
|
|
// requests which do not follow valid region requirements.
|
2016-07-19 02:56:27 -04:00
|
|
|
if s3Error := isValidLocationConstraint(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-08-25 23:00:47 -04:00
|
|
|
return
|
2016-04-20 20:35:38 -04:00
|
|
|
}
|
2016-07-24 01:51:12 -04:00
|
|
|
|
|
|
|
// Proceed to creating a bucket.
|
fs: Break fs package to top-level and introduce ObjectAPI interface.
ObjectAPI interface brings in changes needed for XL ObjectAPI layer.
The new interface for any ObjectAPI layer is as below
```
// ObjectAPI interface.
type ObjectAPI interface {
// Bucket resource API.
DeleteBucket(bucket string) *probe.Error
ListBuckets() ([]BucketInfo, *probe.Error)
MakeBucket(bucket string) *probe.Error
GetBucketInfo(bucket string) (BucketInfo, *probe.Error)
// Bucket query API.
ListObjects(bucket, prefix, marker, delimiter string, maxKeys int) (ListObjectsResult, *probe.Error)
ListMultipartUploads(bucket string, resources BucketMultipartResourcesMetadata) (BucketMultipartResourcesMetadata, *probe.Error)
// Object resource API.
GetObject(bucket, object string, startOffset int64) (io.ReadCloser, *probe.Error)
GetObjectInfo(bucket, object string) (ObjectInfo, *probe.Error)
PutObject(bucket string, object string, size int64, data io.Reader, metadata map[string]string) (ObjectInfo, *probe.Error)
DeleteObject(bucket, object string) *probe.Error
// Object query API.
NewMultipartUpload(bucket, object string) (string, *probe.Error)
PutObjectPart(bucket, object, uploadID string, partID int, size int64, data io.Reader, md5Hex string) (string, *probe.Error)
ListObjectParts(bucket, object string, resources ObjectResourcesMetadata) (ObjectResourcesMetadata, *probe.Error)
CompleteMultipartUpload(bucket string, object string, uploadID string, parts []CompletePart) (ObjectInfo, *probe.Error)
AbortMultipartUpload(bucket, object, uploadID string) *probe.Error
}
```
2016-03-30 19:15:28 -04:00
|
|
|
err := api.ObjectAPI.MakeBucket(bucket)
|
2015-09-19 06:20:07 -04:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to create a bucket.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2015-09-19 06:20:07 -04:00
|
|
|
// Make sure to add Location information here only for bucket
|
2016-03-01 23:01:40 -05:00
|
|
|
w.Header().Set("Location", getLocation(r))
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, nil)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
|
|
|
|
2015-10-02 02:51:17 -04:00
|
|
|
// PostPolicyBucketHandler - POST policy
|
|
|
|
// ----------
|
|
|
|
// This implementation of the POST operation handles object creation with a specified
|
|
|
|
// signature policy in multipart/form-data
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) PostPolicyBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2015-10-02 02:51:17 -04:00
|
|
|
// Here the parameter is the size of the form data that should
|
2016-03-22 20:54:31 -04:00
|
|
|
// be loaded in memory, the remaining being put in temporary files.
|
2016-04-29 17:24:10 -04:00
|
|
|
reader, err := r.MultipartReader()
|
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to initialize multipart reader.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-07-28 15:02:22 -04:00
|
|
|
fileBody, fileName, formValues, err := extractPostPolicyFormValues(reader)
|
2016-02-04 15:52:25 -05:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to parse form values.")
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-02-15 20:42:39 -05:00
|
|
|
bucket := mux.Vars(r)["bucket"]
|
2015-10-02 02:51:17 -04:00
|
|
|
formValues["Bucket"] = bucket
|
2015-10-06 13:12:06 -04:00
|
|
|
object := formValues["Key"]
|
2016-02-15 20:42:39 -05:00
|
|
|
|
2016-07-27 20:51:55 -04:00
|
|
|
if fileName != "" && strings.Contains(object, "${filename}") {
|
|
|
|
// S3 feature to replace ${filename} found in Key form field
|
|
|
|
// by the filename attribute passed in multipart
|
|
|
|
object = strings.Replace(object, "${filename}", fileName, -1)
|
|
|
|
}
|
|
|
|
|
2016-02-15 20:42:39 -05:00
|
|
|
// Verify policy signature.
|
2016-03-30 23:04:51 -04:00
|
|
|
apiErr := doesPolicySignatureMatch(formValues)
|
|
|
|
if apiErr != ErrNone {
|
|
|
|
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-03-30 23:04:51 -04:00
|
|
|
if apiErr = checkPostPolicy(formValues); apiErr != ErrNone {
|
|
|
|
writeErrorResponse(w, r, apiErr, r.URL.Path)
|
2015-10-06 13:12:06 -04:00
|
|
|
return
|
|
|
|
}
|
2016-05-19 20:10:08 -04:00
|
|
|
|
|
|
|
// Save metadata.
|
|
|
|
metadata := make(map[string]string)
|
|
|
|
// Nothing to store right now.
|
|
|
|
|
|
|
|
md5Sum, err := api.ObjectAPI.PutObject(bucket, object, -1, fileBody, metadata)
|
2016-02-04 15:52:25 -05:00
|
|
|
if err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to create object.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-10-02 02:51:17 -04:00
|
|
|
return
|
|
|
|
}
|
2016-04-16 15:48:41 -04:00
|
|
|
if md5Sum != "" {
|
|
|
|
w.Header().Set("ETag", "\""+md5Sum+"\"")
|
2016-02-01 15:19:54 -05:00
|
|
|
}
|
2016-05-04 18:24:10 -04:00
|
|
|
encodedSuccessResponse := encodeResponse(PostResponse{
|
|
|
|
Location: getObjectLocation(bucket, object), // TODO Full URL is preferred
|
2016-05-05 04:39:26 -04:00
|
|
|
Bucket: bucket,
|
|
|
|
Key: object,
|
|
|
|
ETag: md5Sum,
|
2016-05-04 18:24:10 -04:00
|
|
|
})
|
2016-08-05 01:01:58 -04:00
|
|
|
|
2016-08-30 06:42:37 -04:00
|
|
|
// Set common headers.
|
2016-05-04 18:24:10 -04:00
|
|
|
setCommonHeaders(w)
|
2016-07-24 01:51:12 -04:00
|
|
|
|
2016-08-30 06:42:37 -04:00
|
|
|
// Write successful response.
|
2016-08-05 01:01:58 -04:00
|
|
|
writeSuccessResponse(w, encodedSuccessResponse)
|
2016-07-24 01:51:12 -04:00
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
if eventN.IsBucketNotificationSet(bucket) {
|
2016-08-30 06:42:37 -04:00
|
|
|
// Fetch object info for notifications.
|
|
|
|
objInfo, err := api.ObjectAPI.GetObjectInfo(bucket, object)
|
|
|
|
if err != nil {
|
|
|
|
errorIf(err, "Unable to fetch object info for \"%s\"", path.Join(bucket, object))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Notify object created event.
|
|
|
|
eventNotify(eventData{
|
|
|
|
Type: ObjectCreatedPost,
|
|
|
|
Bucket: bucket,
|
|
|
|
ObjInfo: objInfo,
|
|
|
|
ReqParams: map[string]string{
|
|
|
|
"sourceIPAddress": r.RemoteAddr,
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
2015-10-02 02:51:17 -04:00
|
|
|
}
|
|
|
|
|
2015-06-30 23:15:48 -04:00
|
|
|
// HeadBucketHandler - HEAD Bucket
|
2015-06-30 17:42:29 -04:00
|
|
|
// ----------
|
|
|
|
// This operation is useful to determine if a bucket exists.
|
|
|
|
// The operation returns a 200 OK if the bucket exists and you
|
|
|
|
// have permission to access it. Otherwise, the operation might
|
|
|
|
// return responses such as 404 Not Found and 403 Forbidden.
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-02-15 20:42:39 -05:00
|
|
|
vars := mux.Vars(r)
|
2015-06-30 17:42:29 -04:00
|
|
|
bucket := vars["bucket"]
|
2015-07-02 23:31:22 -04:00
|
|
|
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
switch getRequestAuthType(r) {
|
|
|
|
default:
|
|
|
|
// For all unknown auth types return error.
|
2016-03-10 05:24:52 -05:00
|
|
|
writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
return
|
2016-04-06 19:40:54 -04:00
|
|
|
case authTypeAnonymous:
|
|
|
|
// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
2016-08-10 23:10:48 -04:00
|
|
|
if s3Error := enforceBucketPolicy(bucket, "s3:ListBucket", r.URL); s3Error != ErrNone {
|
2016-04-06 19:40:54 -04:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
|
|
|
return
|
|
|
|
}
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
case authTypePresigned, authTypeSigned:
|
2016-03-12 19:08:15 -05:00
|
|
|
if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-04 15:52:25 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-29 17:24:10 -04:00
|
|
|
if _, err := api.ObjectAPI.GetBucketInfo(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to fetch bucket info.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-08-03 19:17:21 -04:00
|
|
|
return
|
|
|
|
}
|
2016-01-08 03:40:06 -05:00
|
|
|
writeSuccessResponse(w, nil)
|
2015-06-30 17:42:29 -04:00
|
|
|
}
|
2015-10-16 14:26:01 -04:00
|
|
|
|
|
|
|
// DeleteBucketHandler - Delete bucket
|
2016-04-12 15:45:15 -04:00
|
|
|
func (api objectAPIHandlers) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
|
2016-07-19 02:56:27 -04:00
|
|
|
// DeleteBucket does not support bucket policies, use checkAuth to validate signature.
|
|
|
|
if s3Error := checkAuth(r); s3Error != ErrNone {
|
|
|
|
writeErrorResponse(w, r, s3Error, r.URL.Path)
|
2016-02-15 20:42:39 -05:00
|
|
|
return
|
2016-02-04 15:52:25 -05:00
|
|
|
}
|
|
|
|
|
2016-07-19 02:56:27 -04:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
bucket := vars["bucket"]
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Attempt to delete bucket.
|
2016-04-29 17:24:10 -04:00
|
|
|
if err := api.ObjectAPI.DeleteBucket(bucket); err != nil {
|
2016-05-16 17:31:28 -04:00
|
|
|
errorIf(err, "Unable to delete a bucket.")
|
2016-05-05 23:24:29 -04:00
|
|
|
writeErrorResponse(w, r, toAPIErrorCode(err), r.URL.Path)
|
2015-10-16 14:26:01 -04:00
|
|
|
return
|
|
|
|
}
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
|
|
|
|
// Delete bucket access policy, if present - ignore any errors.
|
2016-08-09 14:33:45 -04:00
|
|
|
removeBucketPolicy(bucket, api.ObjectAPI)
|
|
|
|
|
|
|
|
// Delete notification config, if present - ignore any errors.
|
|
|
|
removeNotificationConfig(bucket, api.ObjectAPI)
|
accessPolicy: Implement Put, Get, Delete access policy.
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
2016-02-03 19:46:56 -05:00
|
|
|
|
|
|
|
// Write success response.
|
2015-10-16 23:02:37 -04:00
|
|
|
writeSuccessNoContent(w)
|
2015-10-16 14:26:01 -04:00
|
|
|
}
|