gateway/gcs: send proper error responses for Get/SetBucket policies. (#4338)

Fixes #4323
master
Harshavardhana 8 years ago
parent 5d602034ea
commit 91c7bb65c5
  1. 1
      cmd/gateway-gcs-anonymous.go
  2. 17
      cmd/gateway-gcs.go

@ -70,7 +70,6 @@ func (l *gcsGateway) AnonGetObjectInfo(bucket string, object string) (objInfo Ob
defer resp.Body.Close() defer resp.Body.Close()
if resp.StatusCode != http.StatusOK { if resp.StatusCode != http.StatusOK {
fmt.Println(resp.StatusCode)
return objInfo, gcsToObjectError(traceError(anonErrToObjectErr(resp.StatusCode, bucket, object)), bucket, object) return objInfo, gcsToObjectError(traceError(anonErrToObjectErr(resp.StatusCode, bucket, object)), bucket, object)
} }

@ -873,27 +873,21 @@ func (l *gcsGateway) SetBucketPolicies(bucket string, policyInfo policy.BucketAc
} }
acl := l.client.Bucket(bucket).ACL() acl := l.client.Bucket(bucket).ACL()
if policies[0].Policy == policy.BucketPolicyNone { if policies[0].Policy == policy.BucketPolicyNone {
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil { if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
return gcsToObjectError(traceError(err), bucket) return gcsToObjectError(traceError(err), bucket)
} }
return nil return nil
} }
role := storage.RoleReader var role storage.ACLRole
switch policies[0].Policy { switch policies[0].Policy {
case policy.BucketPolicyReadOnly: case policy.BucketPolicyReadOnly:
role = storage.RoleReader role = storage.RoleReader
case policy.BucketPolicyWriteOnly: case policy.BucketPolicyWriteOnly:
role = storage.RoleWriter role = storage.RoleWriter
case policy.BucketPolicyReadWrite:
// not supported, google only has owner role
return gcsToObjectError(traceError(NotSupported{}), bucket)
default: default:
return gcsToObjectError(traceError(fmt.Errorf("Unknown policy: %s", policies[0].Policy)), bucket) return traceError(NotImplemented{})
} }
if err := acl.Set(l.ctx, storage.AllUsers, role); err != nil { if err := acl.Set(l.ctx, storage.AllUsers, role); err != nil {
@ -915,13 +909,10 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"} policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"}
for _, r := range rules { for _, r := range rules {
if r.Entity != storage.AllUsers { if r.Entity != storage.AllUsers || r.Role == storage.RoleOwner {
continue continue
} }
switch r.Role { switch r.Role {
case storage.RoleOwner:
return policy.BucketAccessPolicy{}, gcsToObjectError(traceError(NotSupported{}), bucket)
case storage.RoleReader: case storage.RoleReader:
policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "") policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "")
case storage.RoleWriter: case storage.RoleWriter:
@ -936,7 +927,7 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
func (l *gcsGateway) DeleteBucketPolicies(bucket string) error { func (l *gcsGateway) DeleteBucketPolicies(bucket string) error {
acl := l.client.Bucket(bucket).ACL() acl := l.client.Bucket(bucket).ACL()
// this only removes the storage.AllUsers policies // This only removes the storage.AllUsers policies
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil { if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
return gcsToObjectError(traceError(err), bucket) return gcsToObjectError(traceError(err), bucket)
} }

Loading…
Cancel
Save