seaweedfs/weed/s3api/s3api_bucket_handlers.go

513 lines
15 KiB
Go
Raw Normal View History

2018-07-18 17:37:09 +08:00
package s3api
import (
"context"
"encoding/xml"
2022-03-31 11:44:48 +08:00
"errors"
2018-07-18 17:37:09 +08:00
"fmt"
2022-10-02 10:18:00 +08:00
"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3bucket"
2022-10-02 10:18:00 +08:00
"github.com/seaweedfs/seaweedfs/weed/util"
"math"
2018-07-22 08:39:10 +08:00
"net/http"
"time"
2018-07-24 16:38:08 +08:00
"github.com/seaweedfs/seaweedfs/weed/filer"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/storage/needle"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
2020-11-11 16:20:59 +08:00
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/s3"
2020-02-26 03:13:06 +08:00
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
)
type ListAllMyBucketsResult struct {
2019-03-16 06:55:34 +08:00
XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListAllMyBucketsResult"`
Owner *s3.Owner
Buckets []*s3.Bucket `xml:"Buckets>Bucket"`
}
2018-07-18 17:37:09 +08:00
func (s3a *S3ApiServer) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
2021-09-19 15:18:59 +08:00
glog.V(3).Infof("ListBucketsHandler")
2020-12-25 16:38:56 +08:00
var identity *Identity
var s3Err s3err.ErrorCode
if s3a.iam.isEnabled() {
identity, s3Err = s3a.iam.authUser(r)
if s3Err != s3err.ErrNone {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3Err)
2020-12-25 16:38:56 +08:00
return
}
}
var response ListAllMyBucketsResult
2018-07-18 17:37:09 +08:00
entries, _, err := s3a.list(s3a.option.BucketsPath, "", "", false, math.MaxInt32)
2018-07-18 17:37:09 +08:00
2018-09-04 04:03:16 +08:00
if err != nil {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
2018-09-04 04:03:16 +08:00
return
}
2018-07-18 17:37:09 +08:00
identityId := r.Header.Get(s3_constants.AmzIdentityId)
2020-11-11 16:20:59 +08:00
var buckets []*s3.Bucket
2018-09-04 04:03:16 +08:00
for _, entry := range entries {
if entry.IsDirectory {
if identity != nil && !identity.canDo(s3_constants.ACTION_LIST, entry.Name, "") {
2020-11-13 05:57:54 +08:00
continue
2020-11-11 16:20:59 +08:00
}
buckets = append(buckets, &s3.Bucket{
Name: aws.String(entry.Name),
CreationDate: aws.Time(time.Unix(entry.Attributes.Crtime, 0).UTC()),
2018-09-04 04:03:16 +08:00
})
2018-07-18 17:37:09 +08:00
}
2018-09-04 04:03:16 +08:00
}
2018-07-18 17:37:09 +08:00
response = ListAllMyBucketsResult{
Owner: &s3.Owner{
2020-11-11 16:20:59 +08:00
ID: aws.String(identityId),
DisplayName: aws.String(identityId),
2018-09-04 04:03:16 +08:00
},
Buckets: buckets,
2018-07-18 17:37:09 +08:00
}
2021-11-01 09:02:08 +08:00
writeSuccessResponseXML(w, r, response)
2018-07-18 17:37:09 +08:00
}
func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
2021-09-19 15:18:59 +08:00
glog.V(3).Infof("PutBucketHandler %s", bucket)
// validate the bucket name
err := s3bucket.VerifyS3BucketName(bucket)
if err != nil {
glog.Errorf("put invalid bucket name: %v %v", bucket, err)
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidBucketName)
return
}
2020-10-16 01:52:17 +08:00
// avoid duplicated buckets
errCode := s3err.ErrNone
if err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
2020-10-16 01:52:17 +08:00
if resp, err := client.CollectionList(context.Background(), &filer_pb.CollectionListRequest{
IncludeEcVolumes: true,
IncludeNormalVolumes: true,
}); err != nil {
glog.Errorf("list collection: %v", err)
return fmt.Errorf("list collections: %v", err)
2020-10-25 11:12:04 +08:00
} else {
2020-10-16 01:52:17 +08:00
for _, c := range resp.Collections {
if s3a.getCollectionName(bucket) == c.Name {
2020-10-16 01:52:17 +08:00
errCode = s3err.ErrBucketAlreadyExists
break
}
}
}
return nil
}); err != nil {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
2020-10-16 01:52:17 +08:00
return
}
2020-11-12 14:11:03 +08:00
if exist, err := s3a.exists(s3a.option.BucketsPath, bucket, true); err == nil && exist {
errCode = s3err.ErrBucketAlreadyExists
}
2020-10-16 01:52:17 +08:00
if errCode != s3err.ErrNone {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, errCode)
2020-10-16 01:52:17 +08:00
return
}
2021-11-04 03:11:36 +08:00
if s3a.iam.isEnabled() {
if _, errCode = s3a.iam.authRequest(r, s3_constants.ACTION_ADMIN); errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
}
2020-11-11 16:20:59 +08:00
fn := func(entry *filer_pb.Entry) {
if identityId := r.Header.Get(s3_constants.AmzIdentityId); identityId != "" {
2020-11-12 11:50:19 +08:00
if entry.Extended == nil {
entry.Extended = make(map[string][]byte)
}
entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
2020-11-11 16:20:59 +08:00
}
}
2018-09-04 04:03:16 +08:00
// create the folder for bucket, but lazily create actual collection
2020-11-11 16:20:59 +08:00
if err := s3a.mkdir(s3a.option.BucketsPath, bucket, fn); err != nil {
2020-10-16 01:52:17 +08:00
glog.Errorf("PutBucketHandler mkdir: %v", err)
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
2022-05-02 14:16:29 +08:00
w.Header().Set("Location", "/"+bucket)
2021-11-01 09:02:08 +08:00
writeSuccessResponseEmpty(w, r)
}
func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
2021-09-19 15:18:59 +08:00
glog.V(3).Infof("DeleteBucketHandler %s", bucket)
if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, err)
return
}
2020-11-12 17:59:31 +08:00
err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
2022-03-31 01:46:13 +08:00
if !s3a.option.AllowDeleteBucketNotEmpty {
entries, _, err := s3a.list(s3a.option.BucketsPath+"/"+bucket, "", "", false, 2)
2022-03-31 01:46:13 +08:00
if err != nil {
return fmt.Errorf("failed to list bucket %s: %v", bucket, err)
}
for _, entry := range entries {
if entry.Name != s3_constants.MultipartUploadsFolder {
return errors.New(s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code)
}
2022-03-31 01:46:13 +08:00
}
2021-05-24 22:13:04 +08:00
}
// delete collection
deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
Collection: s3a.getCollectionName(bucket),
}
glog.V(1).Infof("delete collection: %v", deleteCollectionRequest)
2020-02-26 14:23:59 +08:00
if _, err := client.DeleteCollection(context.Background(), deleteCollectionRequest); err != nil {
2018-07-20 15:58:10 +08:00
return fmt.Errorf("delete collection %s: %v", bucket, err)
}
return nil
})
2021-05-24 22:13:04 +08:00
if err != nil {
s3ErrorCode := s3err.ErrInternalError
2022-03-31 11:44:48 +08:00
if err.Error() == s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code {
2021-05-24 22:13:04 +08:00
s3ErrorCode = s3err.ErrBucketNotEmpty
}
2022-03-31 01:46:13 +08:00
s3err.WriteErrorResponse(w, r, s3ErrorCode)
2021-05-24 22:13:04 +08:00
return
}
err = s3a.rm(s3a.option.BucketsPath, bucket, false, true)
2018-09-04 04:16:26 +08:00
if err != nil {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
2021-11-01 09:02:08 +08:00
s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
}
2018-07-19 16:43:27 +08:00
func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
2021-09-19 15:18:59 +08:00
glog.V(3).Infof("HeadBucketHandler %s", bucket)
2018-07-19 16:43:27 +08:00
if entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket); entry == nil || err == filer_pb.ErrNotFound {
s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
return
}
2021-11-01 09:02:08 +08:00
writeSuccessResponseEmpty(w, r)
}
func (s3a *S3ApiServer) checkBucket(r *http.Request, bucket string) s3err.ErrorCode {
2020-11-13 05:30:08 +08:00
entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
2020-11-13 05:30:46 +08:00
if entry == nil || err == filer_pb.ErrNotFound {
return s3err.ErrNoSuchBucket
2018-07-19 16:43:27 +08:00
}
2020-11-12 17:59:31 +08:00
2020-11-13 05:57:54 +08:00
if !s3a.hasAccess(r, entry) {
return s3err.ErrAccessDenied
}
return s3err.ErrNone
2018-07-19 16:43:27 +08:00
}
2020-11-13 05:57:54 +08:00
func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
isAdmin := r.Header.Get(s3_constants.AmzIsAdmin) != ""
2020-11-13 05:57:54 +08:00
if isAdmin {
return true
}
if entry.Extended == nil {
return true
}
identityId := r.Header.Get(s3_constants.AmzIdentityId)
if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
2020-11-13 05:57:54 +08:00
if identityId != string(id) {
return false
}
}
return true
}
2021-10-11 18:03:56 +08:00
// GetBucketAclHandler Get Bucket ACL
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
func (s3a *S3ApiServer) GetBucketAclHandler(w http.ResponseWriter, r *http.Request) {
// collect parameters
bucket, _ := s3_constants.GetBucketAndObject(r)
2021-10-11 18:03:56 +08:00
glog.V(3).Infof("GetBucketAclHandler %s", bucket)
if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, err)
2021-10-11 18:03:56 +08:00
return
}
response := AccessControlPolicy{}
for _, ident := range s3a.iam.identities {
if len(ident.Credentials) == 0 {
continue
}
for _, action := range ident.Actions {
if !action.overBucket(bucket) || action.getPermission() == "" {
continue
}
id := ident.Credentials[0].AccessKey
if response.Owner.DisplayName == "" && action.isOwner(bucket) && len(ident.Credentials) > 0 {
response.Owner.DisplayName = ident.Name
response.Owner.ID = id
}
response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{
Grantee: Grantee{
ID: id,
DisplayName: ident.Name,
Type: "CanonicalUser",
XMLXSI: "CanonicalUser",
XMLNS: "http://www.w3.org/2001/XMLSchema-instance"},
Permission: action.getPermission(),
})
}
}
2021-11-01 09:02:08 +08:00
writeSuccessResponseXML(w, r, response)
2021-10-11 18:03:56 +08:00
}
// GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
func (s3a *S3ApiServer) GetBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
// collect parameters
bucket, _ := s3_constants.GetBucketAndObject(r)
2022-02-25 13:41:20 +08:00
glog.V(3).Infof("GetBucketLifecycleConfigurationHandler %s", bucket)
2021-10-11 18:03:56 +08:00
if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, err)
2021-10-11 18:03:56 +08:00
return
}
fc, err := filer.ReadFilerConf(s3a.option.Filer, s3a.option.GrpcDialOption, nil)
if err != nil {
glog.Errorf("GetBucketLifecycleConfigurationHandler: %s", err)
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
2021-10-11 18:03:56 +08:00
return
}
ttls := fc.GetCollectionTtls(s3a.getCollectionName(bucket))
2021-10-14 04:35:33 +08:00
if len(ttls) == 0 {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchLifecycleConfiguration)
return
2021-10-14 04:35:33 +08:00
}
response := Lifecycle{}
for prefix, internalTtl := range ttls {
ttl, _ := needle.ReadTTL(internalTtl)
days := int(ttl.Minutes() / 60 / 24)
if days == 0 {
continue
}
response.Rules = append(response.Rules, Rule{
Status: Enabled, Filter: Filter{
Prefix: Prefix{string: prefix, set: true},
set: true,
},
Expiration: Expiration{Days: days, set: true},
})
}
2021-11-01 09:02:08 +08:00
writeSuccessResponseXML(w, r, response)
2021-10-11 18:03:56 +08:00
}
// PutBucketLifecycleConfigurationHandler Put Bucket Lifecycle configuration
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
func (s3a *S3ApiServer) PutBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
2021-11-01 09:05:34 +08:00
s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented)
2021-10-11 18:03:56 +08:00
}
// DeleteBucketMetricsConfiguration Delete Bucket Lifecycle
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
func (s3a *S3ApiServer) DeleteBucketLifecycleHandler(w http.ResponseWriter, r *http.Request) {
2021-11-01 09:02:08 +08:00
s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
2021-10-11 18:03:56 +08:00
}
// GetBucketLocationHandler Get bucket location
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html
func (s3a *S3ApiServer) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
writeSuccessResponseXML(w, r, LocationConstraint{})
}
// GetBucketRequestPaymentHandler Get bucket location
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html
func (s3a *S3ApiServer) GetBucketRequestPaymentHandler(w http.ResponseWriter, r *http.Request) {
writeSuccessResponseXML(w, r, RequestPaymentConfiguration{Payer: "BucketOwner"})
}
2022-10-02 10:18:00 +08:00
// PutBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketOwnershipControls.html
func (s3a *S3ApiServer) PutBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
glog.V(3).Infof("PutBucketOwnershipControls %s", bucket)
errCode := s3a.checkAccessByOwnership(r, bucket)
if errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
if r.Body == nil || r.Body == http.NoBody {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
var v s3.OwnershipControls
defer util.CloseRequest(r)
err := xmlutil.UnmarshalXML(&v, xml.NewDecoder(r.Body), "")
if err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
if len(v.Rules) != 1 {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
printOwnership := true
ownership := *v.Rules[0].ObjectOwnership
switch ownership {
case s3_constants.OwnershipObjectWriter:
case s3_constants.OwnershipBucketOwnerPreferred:
case s3_constants.OwnershipBucketOwnerEnforced:
printOwnership = false
default:
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
if err != nil {
if err == filer_pb.ErrNotFound {
s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
return
}
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
oldOwnership, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
if !ok || string(oldOwnership) != ownership {
if bucketEntry.Extended == nil {
bucketEntry.Extended = make(map[string][]byte)
}
bucketEntry.Extended[s3_constants.ExtOwnershipKey] = []byte(ownership)
err = s3a.updateEntry(s3a.option.BucketsPath, bucketEntry)
if err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
}
if printOwnership {
result := &s3.PutBucketOwnershipControlsInput{
OwnershipControls: &v,
}
s3err.WriteAwsXMLResponse(w, r, http.StatusOK, result)
} else {
writeSuccessResponseEmpty(w, r)
}
}
// GetBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketOwnershipControls.html
func (s3a *S3ApiServer) GetBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
glog.V(3).Infof("GetBucketOwnershipControls %s", bucket)
errCode := s3a.checkAccessByOwnership(r, bucket)
if errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
if err != nil {
if err == filer_pb.ErrNotFound {
s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
return
}
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
v, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
if !ok {
s3err.WriteErrorResponse(w, r, s3err.OwnershipControlsNotFoundError)
return
}
ownership := string(v)
result := &s3.PutBucketOwnershipControlsInput{
OwnershipControls: &s3.OwnershipControls{
Rules: []*s3.OwnershipControlsRule{
{
ObjectOwnership: &ownership,
},
},
},
}
s3err.WriteAwsXMLResponse(w, r, http.StatusOK, result)
}
// DeleteBucketOwnershipControls https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketOwnershipControls.html
func (s3a *S3ApiServer) DeleteBucketOwnershipControls(w http.ResponseWriter, r *http.Request) {
bucket, _ := s3_constants.GetBucketAndObject(r)
glog.V(3).Infof("PutBucketOwnershipControls %s", bucket)
errCode := s3a.checkAccessByOwnership(r, bucket)
if errCode != s3err.ErrNone {
s3err.WriteErrorResponse(w, r, errCode)
return
}
bucketEntry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
if err != nil {
if err == filer_pb.ErrNotFound {
s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
return
}
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
_, ok := bucketEntry.Extended[s3_constants.ExtOwnershipKey]
if !ok {
s3err.WriteErrorResponse(w, r, s3err.OwnershipControlsNotFoundError)
return
}
delete(bucketEntry.Extended, s3_constants.ExtOwnershipKey)
err = s3a.updateEntry(s3a.option.BucketsPath, bucketEntry)
if err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
return
}
emptyOwnershipControls := &s3.OwnershipControls{
Rules: []*s3.OwnershipControlsRule{},
}
s3err.WriteAwsXMLResponse(w, r, http.StatusOK, emptyOwnershipControls)
}