From abf209b1dd40bf43466741e373acaeb1c13d8a7c Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 26 Jun 2018 23:59:48 -0700 Subject: [PATCH] load bucket policies using object layer API (#6084) This PR fixes an issue during gateway mode where underlying policies were not translated into meaningful policies. --- cmd/fs-v1.go | 2 +- cmd/gateway-main.go | 7 +++++++ cmd/gateway/nas/gateway-nas.go | 8 -------- cmd/policy.go | 6 +++--- cmd/xl-sets.go | 2 +- cmd/xl-v1-bucket.go | 2 +- 6 files changed, 13 insertions(+), 14 deletions(-) diff --git a/cmd/fs-v1.go b/cmd/fs-v1.go index 36c121863..88d0aa43b 100644 --- a/cmd/fs-v1.go +++ b/cmd/fs-v1.go @@ -1215,7 +1215,7 @@ func (fs *FSObjects) SetBucketPolicy(ctx context.Context, bucket string, policy // GetBucketPolicy will get policy on bucket func (fs *FSObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { - return GetPolicyConfig(fs, bucket) + return getPolicyConfig(fs, bucket) } // DeleteBucketPolicy deletes all policies on bucket diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index 746f86d78..0200dd68f 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -215,6 +215,13 @@ func StartGateway(ctx *cli.Context, gw Gateway) { logger.FatalIf(err, "Unable to initialize gateway backend") } + if gw.Name() != "nas" { + // Initialize policy sys for all gateways. NAS gateway already + // initializes policy sys internally, avoid double initialization. + // Additionally also don't block the initialization of gateway. + go globalPolicySys.Init(newObject) + } + // Once endpoints are finalized, initialize the new object api. globalObjLayerMutex.Lock() globalObjectAPI = newObject diff --git a/cmd/gateway/nas/gateway-nas.go b/cmd/gateway/nas/gateway-nas.go index 7c1fea82b..a1d7b9756 100644 --- a/cmd/gateway/nas/gateway-nas.go +++ b/cmd/gateway/nas/gateway-nas.go @@ -17,12 +17,9 @@ package nas import ( - "context" - "github.com/minio/cli" minio "github.com/minio/minio/cmd" "github.com/minio/minio/pkg/auth" - "github.com/minio/minio/pkg/policy" ) const ( @@ -128,8 +125,3 @@ type nasObjects struct { func (l *nasObjects) IsNotificationSupported() bool { return false } - -// GetBucketPolicy will get policy on bucket -func (l *nasObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { - return minio.GetPolicyConfig(l, bucket) -} diff --git a/cmd/policy.go b/cmd/policy.go index 334765efd..43a9462ab 100644 --- a/cmd/policy.go +++ b/cmd/policy.go @@ -99,7 +99,7 @@ func (sys *PolicySys) refresh(objAPI ObjectLayer) error { } sys.removeDeletedBuckets(buckets) for _, bucket := range buckets { - config, err := GetPolicyConfig(objAPI, bucket.Name) + config, err := objAPI.GetBucketPolicy(context.Background(), bucket.Name) if err != nil { if _, ok := err.(BucketPolicyNotFound); ok { sys.Remove(bucket.Name) @@ -187,8 +187,8 @@ func getConditionValues(request *http.Request, locationConstraint string) map[st return args } -// GetPolicyConfig - get policy config for given bucket name. -func GetPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) { +// getPolicyConfig - get policy config for given bucket name. +func getPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) { // Construct path to policy.json for the given bucket. configFile := path.Join(bucketConfigPrefix, bucketName, bucketPolicyConfig) diff --git a/cmd/xl-sets.go b/cmd/xl-sets.go index 085acf9f2..e2916cfe9 100644 --- a/cmd/xl-sets.go +++ b/cmd/xl-sets.go @@ -476,7 +476,7 @@ func (s *xlSets) SetBucketPolicy(ctx context.Context, bucket string, policy *pol // GetBucketPolicy will return a policy on a bucket func (s *xlSets) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { - return GetPolicyConfig(s, bucket) + return getPolicyConfig(s, bucket) } // DeleteBucketPolicy deletes all policies on bucket diff --git a/cmd/xl-v1-bucket.go b/cmd/xl-v1-bucket.go index a3eca5d6d..4ced379c7 100644 --- a/cmd/xl-v1-bucket.go +++ b/cmd/xl-v1-bucket.go @@ -284,7 +284,7 @@ func (xl xlObjects) SetBucketPolicy(ctx context.Context, bucket string, policy * // GetBucketPolicy will get policy on bucket func (xl xlObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { - return GetPolicyConfig(xl, bucket) + return getPolicyConfig(xl, bucket) } // DeleteBucketPolicy deletes all policies on bucket