2016-07-24 01:51:12 -04:00
|
|
|
/*
|
|
|
|
* Minio Cloud Storage, (C) 2016 Minio, Inc.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import "strings"
|
|
|
|
|
|
|
|
// List of valid event types.
|
|
|
|
var suppportedEventTypes = map[string]struct{}{
|
|
|
|
// Object created event types.
|
|
|
|
"s3:ObjectCreated:*": {},
|
|
|
|
"s3:ObjectCreated:Put": {},
|
|
|
|
"s3:ObjectCreated:Post": {},
|
|
|
|
"s3:ObjectCreated:Copy": {},
|
|
|
|
"s3:ObjectCreated:CompleteMultipartUpload": {},
|
|
|
|
// Object removed event types.
|
|
|
|
"s3:ObjectRemoved:*": {},
|
|
|
|
"s3:ObjectRemoved:Delete": {},
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkEvent - checks if an event is supported.
|
|
|
|
func checkEvent(event string) APIErrorCode {
|
|
|
|
_, ok := suppportedEventTypes[event]
|
|
|
|
if !ok {
|
|
|
|
return ErrEventNotification
|
|
|
|
}
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkEvents - checks given list of events if all of them are valid.
|
|
|
|
// given if one of them is invalid, this function returns an error.
|
|
|
|
func checkEvents(events []string) APIErrorCode {
|
|
|
|
for _, event := range events {
|
|
|
|
if s3Error := checkEvent(event); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-07-25 20:53:55 -04:00
|
|
|
// Valid if filterName is 'prefix'.
|
|
|
|
func isValidFilterNamePrefix(filterName string) bool {
|
|
|
|
return "prefix" == filterName
|
|
|
|
}
|
|
|
|
|
|
|
|
// Valid if filterName is 'suffix'.
|
|
|
|
func isValidFilterNameSuffix(filterName string) bool {
|
|
|
|
return "suffix" == filterName
|
|
|
|
}
|
|
|
|
|
|
|
|
// Is this a valid filterName? - returns true if valid.
|
|
|
|
func isValidFilterName(filterName string) bool {
|
|
|
|
return isValidFilterNamePrefix(filterName) || isValidFilterNameSuffix(filterName)
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkFilterRules - checks given list of filter rules if all of them are valid.
|
|
|
|
func checkFilterRules(filterRules []filterRule) APIErrorCode {
|
|
|
|
ruleSetMap := make(map[string]string)
|
|
|
|
// Validate all filter rules.
|
|
|
|
for _, filterRule := range filterRules {
|
|
|
|
// Unknown filter rule name found, returns an appropriate error.
|
|
|
|
if !isValidFilterName(filterRule.Name) {
|
|
|
|
return ErrFilterNameInvalid
|
|
|
|
}
|
|
|
|
|
|
|
|
// Filter names should not be set twice per notification service
|
|
|
|
// configuration, if found return an appropriate error.
|
|
|
|
if _, ok := ruleSetMap[filterRule.Name]; ok {
|
|
|
|
if isValidFilterNamePrefix(filterRule.Name) {
|
|
|
|
return ErrFilterNamePrefix
|
|
|
|
} else if isValidFilterNameSuffix(filterRule.Name) {
|
|
|
|
return ErrFilterNameSuffix
|
|
|
|
} else {
|
|
|
|
return ErrFilterNameInvalid
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Maximum prefix length can be up to 1,024 characters, validate.
|
|
|
|
if !IsValidObjectPrefix(filterRule.Value) {
|
|
|
|
return ErrFilterPrefixValueInvalid
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set the new rule name to keep track of duplicates.
|
|
|
|
ruleSetMap[filterRule.Name] = filterRule.Value
|
|
|
|
}
|
|
|
|
// Success all prefixes validated.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// checkQueueARN - check if the queue arn is valid.
|
|
|
|
func checkQueueARN(queueARN string) APIErrorCode {
|
|
|
|
if !strings.HasPrefix(queueARN, minioSqs) {
|
2016-07-24 01:51:12 -04:00
|
|
|
return ErrARNNotification
|
|
|
|
}
|
2016-08-05 01:01:58 -04:00
|
|
|
if !strings.HasPrefix(queueARN, minioSqs+serverConfig.GetRegion()+":") {
|
|
|
|
return ErrRegionNotification
|
|
|
|
}
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkLambdaARN - check if the lambda arn is valid.
|
|
|
|
func checkLambdaARN(lambdaARN string) APIErrorCode {
|
|
|
|
if !strings.HasPrefix(lambdaARN, minioLambda) {
|
|
|
|
return ErrARNNotification
|
|
|
|
}
|
|
|
|
if !strings.HasPrefix(lambdaARN, minioLambda+serverConfig.GetRegion()+":") {
|
2016-07-24 01:51:12 -04:00
|
|
|
return ErrRegionNotification
|
|
|
|
}
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-07-25 20:53:55 -04:00
|
|
|
// Validate if we recognize the queue type.
|
2016-08-05 01:01:58 -04:00
|
|
|
func isValidQueue(sqsARN arnSQS) bool {
|
|
|
|
amqpQ := isAMQPQueue(sqsARN) // Is amqp queue?.
|
|
|
|
elasticQ := isElasticQueue(sqsARN) // Is elastic queue?.
|
|
|
|
redisQ := isRedisQueue(sqsARN) // Is redis queue?.
|
2016-07-25 20:53:55 -04:00
|
|
|
return amqpQ || elasticQ || redisQ
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Validate if we recognize the lambda type.
|
|
|
|
func isValidLambda(lambdaARN arnLambda) bool {
|
|
|
|
return isMinL(lambdaARN) // Is minio lambda?.
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validates account id for input queue ARN.
|
|
|
|
func isValidQueueID(queueARN string) bool {
|
|
|
|
// Unmarshals QueueARN into structured object.
|
|
|
|
sqsARN := unmarshalSqsARN(queueARN)
|
|
|
|
// AMQP queue.
|
|
|
|
if isAMQPQueue(sqsARN) {
|
|
|
|
amqpN := serverConfig.GetAMQPNotifyByID(sqsARN.AccountID)
|
|
|
|
return amqpN.Enable && amqpN.URL != ""
|
|
|
|
} else if isElasticQueue(sqsARN) { // Elastic queue.
|
|
|
|
elasticN := serverConfig.GetElasticSearchNotifyByID(sqsARN.AccountID)
|
|
|
|
return elasticN.Enable && elasticN.URL != ""
|
|
|
|
|
|
|
|
} else if isRedisQueue(sqsARN) { // Redis queue.
|
|
|
|
redisN := serverConfig.GetRedisNotifyByID(sqsARN.AccountID)
|
|
|
|
return redisN.Enable && redisN.Addr != ""
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Check - validates queue configuration and returns error if any.
|
|
|
|
func checkQueueConfig(qConfig queueConfig) APIErrorCode {
|
|
|
|
// Check queue arn is valid.
|
2016-08-05 01:01:58 -04:00
|
|
|
if s3Error := checkQueueARN(qConfig.QueueARN); s3Error != ErrNone {
|
2016-07-24 01:51:12 -04:00
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Unmarshals QueueARN into structured object.
|
|
|
|
sqsARN := unmarshalSqsARN(qConfig.QueueARN)
|
|
|
|
// Validate if sqsARN requested any of the known supported queues.
|
|
|
|
if !isValidQueue(sqsARN) {
|
|
|
|
return ErrARNNotification
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate if the account ID is correct.
|
|
|
|
if !isValidQueueID(qConfig.QueueARN) {
|
2016-07-24 01:51:12 -04:00
|
|
|
return ErrARNNotification
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if valid events are set in queue config.
|
|
|
|
if s3Error := checkEvents(qConfig.Events); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
2016-07-25 20:53:55 -04:00
|
|
|
// Check if valid filters are set in queue config.
|
|
|
|
if s3Error := checkFilterRules(qConfig.Filter.Key.FilterRules); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Success.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Check - validates queue configuration and returns error if any.
|
|
|
|
func checkLambdaConfig(lConfig lambdaConfig) APIErrorCode {
|
|
|
|
// Check queue arn is valid.
|
|
|
|
if s3Error := checkLambdaARN(lConfig.LambdaARN); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
|
|
|
// Unmarshals QueueARN into structured object.
|
|
|
|
lambdaARN := unmarshalLambdaARN(lConfig.LambdaARN)
|
|
|
|
// Validate if lambdaARN requested any of the known supported queues.
|
|
|
|
if !isValidLambda(lambdaARN) {
|
|
|
|
return ErrARNNotification
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if valid events are set in queue config.
|
|
|
|
if s3Error := checkEvents(lConfig.Events); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if valid filters are set in queue config.
|
|
|
|
if s3Error := checkFilterRules(lConfig.Filter.Key.FilterRules); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
|
|
|
// Success.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Validates all incoming queue configs, checkQueueConfig validates if the
|
|
|
|
// input fields for each queues is not malformed and has valid configuration
|
|
|
|
// information. If validation fails bucket notifications are not enabled.
|
|
|
|
func validateQueueConfigs(queueConfigs []queueConfig) APIErrorCode {
|
|
|
|
for _, qConfig := range queueConfigs {
|
|
|
|
if s3Error := checkQueueConfig(qConfig); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Success.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Validates all incoming lambda configs, checkLambdaConfig validates if the
|
|
|
|
// input fields for each queues is not malformed and has valid configuration
|
|
|
|
// information. If validation fails bucket notifications are not enabled.
|
|
|
|
func validateLambdaConfigs(lambdaConfigs []lambdaConfig) APIErrorCode {
|
|
|
|
for _, lConfig := range lambdaConfigs {
|
|
|
|
if s3Error := checkLambdaConfig(lConfig); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Success.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Validates all the bucket notification configuration for their validity,
|
|
|
|
// if one of the config is malformed or has invalid data it is rejected.
|
|
|
|
// Configuration is never applied partially.
|
|
|
|
func validateNotificationConfig(nConfig notificationConfig) APIErrorCode {
|
2016-08-05 01:01:58 -04:00
|
|
|
if s3Error := validateQueueConfigs(nConfig.QueueConfigs); s3Error != ErrNone {
|
2016-07-24 01:51:12 -04:00
|
|
|
return s3Error
|
|
|
|
}
|
2016-08-05 01:01:58 -04:00
|
|
|
if s3Error := validateLambdaConfigs(nConfig.LambdaConfigs); s3Error != ErrNone {
|
|
|
|
return s3Error
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Add validation for other configurations.
|
|
|
|
return ErrNone
|
|
|
|
}
|
|
|
|
|
2016-08-05 01:01:58 -04:00
|
|
|
// Unmarshals input value of AWS ARN format into minioLambda object.
|
|
|
|
// Returned value represents minio lambda type, currently supported are
|
|
|
|
// - minio
|
|
|
|
func unmarshalLambdaARN(lambdaARN string) arnLambda {
|
|
|
|
lambda := arnLambda{}
|
|
|
|
if !strings.HasPrefix(lambdaARN, minioLambda+serverConfig.GetRegion()+":") {
|
|
|
|
return lambda
|
|
|
|
}
|
|
|
|
lambdaType := strings.TrimPrefix(lambdaARN, minioLambda+serverConfig.GetRegion()+":")
|
|
|
|
switch {
|
|
|
|
case strings.HasSuffix(lambdaType, lambdaTypeMinio):
|
|
|
|
lambda.Type = lambdaTypeMinio
|
|
|
|
} // Add more lambda here.
|
|
|
|
lambda.AccountID = strings.TrimSuffix(lambdaType, ":"+lambda.Type)
|
|
|
|
return lambda
|
|
|
|
}
|
|
|
|
|
2016-07-24 01:51:12 -04:00
|
|
|
// Unmarshals input value of AWS ARN format into minioSqs object.
|
|
|
|
// Returned value represents minio sqs types, currently supported are
|
|
|
|
// - amqp
|
|
|
|
// - elasticsearch
|
2016-07-25 20:53:55 -04:00
|
|
|
// - redis
|
2016-08-05 01:01:58 -04:00
|
|
|
func unmarshalSqsARN(queueARN string) (mSqs arnSQS) {
|
|
|
|
mSqs = arnSQS{}
|
|
|
|
if !strings.HasPrefix(queueARN, minioSqs+serverConfig.GetRegion()+":") {
|
|
|
|
return mSqs
|
|
|
|
}
|
|
|
|
sqsType := strings.TrimPrefix(queueARN, minioSqs+serverConfig.GetRegion()+":")
|
|
|
|
switch {
|
|
|
|
case strings.HasSuffix(sqsType, queueTypeAMQP):
|
|
|
|
mSqs.Type = queueTypeAMQP
|
|
|
|
case strings.HasSuffix(sqsType, queueTypeElastic):
|
|
|
|
mSqs.Type = queueTypeElastic
|
|
|
|
case strings.HasSuffix(sqsType, queueTypeRedis):
|
|
|
|
mSqs.Type = queueTypeRedis
|
|
|
|
} // Add more queues here.
|
|
|
|
mSqs.AccountID = strings.TrimSuffix(sqsType, ":"+mSqs.Type)
|
2016-07-24 01:51:12 -04:00
|
|
|
return mSqs
|
|
|
|
}
|