oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gateway/gcs: send proper error responses for Get/SetBucket policies. (#4338)

Browse Source 
Fixes #4323
master
Harshavardhana 8 years ago
parent 5d602034ea
commit 91c7bb65c5
2 changed files with 4 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      cmd/gateway-gcs-anonymous.go
  2. 17
      cmd/gateway-gcs.go

1
cmd/gateway-gcs-anonymous.go
Unescape View File

@ -70,7 +70,6 @@ func (l *gcsGateway) AnonGetObjectInfo(bucket string, object string) (objInfo Ob
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
fmt.Println(resp.StatusCode)
return objInfo, gcsToObjectError(traceError(anonErrToObjectErr(resp.StatusCode, bucket, object)), bucket, object)
}

17
cmd/gateway-gcs.go
Unescape View File

@ -873,27 +873,21 @@ func (l *gcsGateway) SetBucketPolicies(bucket string, policyInfo policy.BucketAc
}
acl := l.client.Bucket(bucket).ACL()
if policies[0].Policy == policy.BucketPolicyNone {
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
return gcsToObjectError(traceError(err), bucket)
}
return nil
}
role := storage.RoleReader
var role storage.ACLRole
switch policies[0].Policy {
case policy.BucketPolicyReadOnly:
role = storage.RoleReader
case policy.BucketPolicyWriteOnly:
role = storage.RoleWriter
case policy.BucketPolicyReadWrite:
// not supported, google only has owner role
return gcsToObjectError(traceError(NotSupported{}), bucket)
default:
return gcsToObjectError(traceError(fmt.Errorf("Unknown policy: %s", policies[0].Policy)), bucket)
return traceError(NotImplemented{})
}
if err := acl.Set(l.ctx, storage.AllUsers, role); err != nil {
@ -915,13 +909,10 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"}
for _, r := range rules {
if r.Entity != storage.AllUsers {
if r.Entity != storage.AllUsers || r.Role == storage.RoleOwner {
continue
}
switch r.Role {
case storage.RoleOwner:
return policy.BucketAccessPolicy{}, gcsToObjectError(traceError(NotSupported{}), bucket)
case storage.RoleReader:
policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "")
case storage.RoleWriter:
@ -936,7 +927,7 @@ func (l *gcsGateway) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy
func (l *gcsGateway) DeleteBucketPolicies(bucket string) error {
acl := l.client.Bucket(bucket).ACL()
// this only removes the storage.AllUsers policies
// This only removes the storage.AllUsers policies
if err := acl.Delete(l.ctx, storage.AllUsers); err != nil {
return gcsToObjectError(traceError(err), bucket)
}

Write Preview
Loading…
Cancel
Save