-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ACL errors for newly created and pre-existing blobs #1016
Conversation
325df00
to
8f8c421
Compare
fakestorage/object.go
Outdated
Role string | ||
} | ||
|
||
var dataInBody struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can we call this payload
?
var dataInBody struct { | |
var payload struct { |
fakestorage/object.go
Outdated
backendObj, err := s.backend.PatchObject(bucketName, objectName, dataInBody.Metadata) | ||
if len(dataInBody.Acl) > 0 { | ||
backendObj.ACL = []storage.ACLRule{} | ||
for _, aclData := range dataInBody.Acl { | ||
newAcl := storage.ACLRule{Entity: storage.ACLEntity(aclData.Entity), Role: storage.ACLRole(aclData.Role)} | ||
backendObj.ACL = append(backendObj.ACL, newAcl) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm this won't work with the backend filesystem, will it? We're modifying the value in memory and not persisting it. We need to update the PatchObject signature to take something like "attrsToUpdate" and apply changes to other attributes, not just metadata (this is necessary for #1024 too).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good point. I will fix this and push the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have made the requested change. Let me know if what I did was best practice, and if there is any changes needed.
main.go
Outdated
"github.com/fsouza/fake-gcs-server/fakestorage" | ||
"github.com/fsouza/fake-gcs-server/internal/checksum" | ||
"github.com/fsouza/fake-gcs-server/internal/config" | ||
"github.com/sirupsen/logrus" | ||
) | ||
|
||
var DefaultACL = []storage.ACLRule{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't really need to be a global, let's inline it (I know it means we'll repeat it in tests, but that's OK).
7e056dd
to
681a93a
Compare
681a93a
to
4b0dd7e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this! Just one nit on generalizing some code, otherwise it's ready to go.
If you prefer, I can take care of it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for contributing!
This fixes #944 and fixes #945.
The following two python snippets no longer crash and instead give the correct output. The first one is for a pre-existing blob (thus fixing #944):
The outputs:
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}]
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}, {'entity': 'allUsers', 'role': 'READER'}]
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}]
The second snippet shows how for a newly created blob, the acl's also update when make_public() and make_private() are called:
The outputs:
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}]
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}, {'entity': 'allUsers', 'role': 'READER'}]
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}]
Explanation of my implementation:
For fixing #944:
Within main.go, when it reads all the existing files within the bucket, it previously never set an ACL for any of these objects. I assumed that for these pre-existing blobs, the ACL for each of them would just be
[{'entity': 'projectOwner-test-project', 'role': 'OWNER'}]
.For fixing #945:
From looking at how the python API updates the ACL's, I found that rather than sending a POST to the endpoint
/b/{bucketName}/o/{objectName:.+}/acl
, it instead sends a PATCH request to the endpoint/b/{bucketName}/o/{objectName:.+}
.Thus, I needed to update the
patchObject
method withinfakestorage/object.go
to detect if new ACL's are passed in and update the object's ACL if so.