feat: add feature preserveACLGrants

clyso · Nov 28, 2024 · a60e25d · a60e25d
1 parent e7d5e1f
commit a60e25d
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 18 deletions.
diff --git a/docker-compose/s3-credentials.yaml b/docker-compose/s3-credentials.yaml
@@ -11,7 +11,6 @@ storage:
           secretAccessKey: fakeSecret
       provider: Other # <Ceph|Minio|AWS|Other see providers list in rclone config> https://rclone.org/s3/#configuration
       isMain: true # <true|false> one of the storages in should be main
-      syncACLGrants: false # Set true to synchronize ACL Grants from source
       healthCheckInterval: 10s
       httpTimeout: 1m
       isSecure: false #set false for http address
@@ -27,7 +26,6 @@ storage:
           secretAccessKey: fakeSecret2
       provider: Other
       isMain: false
-      syncACLGrants: false
       healthCheckInterval: 10s
       httpTimeout: 1m
       isSecure: false

diff --git a/docker-compose/worker-conf.yaml b/docker-compose/worker-conf.yaml
@@ -19,4 +19,5 @@ features:
   acl: false # sync object/bucket ACLs
   lifecycle: false # sync bucket Lifecycle
   policy: false # sync bucket Policies
+  preserveACLGrants: false # preserve object/bucket ACL Grants from source
 
diff --git a/pkg/config/config.yaml b/pkg/config/config.yaml
@@ -35,3 +35,4 @@ features:
   acl: true # sync object/bucket ACLs
   lifecycle: false # sync bucket Lifecycle
   policy: false # sync bucket Policies
+  preserveACLGrants: false # preserve object/bucket ACL Grants from source
diff --git a/pkg/features/features.go b/pkg/features/features.go
@@ -19,11 +19,12 @@ package features
 import "context"
 
 type Config struct {
-	Versioning bool `yaml:"versioning"`
-	Tagging    bool `yaml:"tagging"`
-	ACL        bool `yaml:"acl"`
-	Lifecycle  bool `yaml:"lifecycle"`
-	Policy     bool `yaml:"policy"`
+	Versioning        bool `yaml:"versioning"`
+	Tagging           bool `yaml:"tagging"`
+	ACL               bool `yaml:"acl"`
+	Lifecycle         bool `yaml:"lifecycle"`
+	Policy            bool `yaml:"policy"`
+	PreserveACLGrants bool `yaml:"preserveACLGrants"`
 }
 
 var val *Config
@@ -51,3 +52,7 @@ func Lifecycle(_ context.Context) bool {
 func Policy(_ context.Context) bool {
 	return val.Policy
 }
+
+func PreserveACLGrants(_ context.Context) bool {
+	return val.PreserveACLGrants
+}
diff --git a/pkg/s3/config.go b/pkg/s3/config.go
@@ -48,7 +48,6 @@ type Storage struct {
 	HealthCheckInterval time.Duration            `yaml:"healthCheckInterval"`
 	HttpTimeout         time.Duration            `yaml:"httpTimeout"`
 	IsSecure            bool                     `yaml:"isSecure"`
-	SyncACLGrants       bool                     `yaml:"syncACLGrants"`
 	DefaultRegion       string                   `yaml:"defaultRegion"`
 
 	RateLimit RateLimit `yaml:"rateLimit"`

diff --git a/service/worker/config.yaml b/service/worker/config.yaml
@@ -47,7 +47,6 @@ storage:
   #          secretAccessKey: <user2 v4 secretKey credential>
   #      provider: <Ceph|Minio|AWS|Other see providers list in rclone config> # https://rclone.org/s3/#configuration
   #      isMain: true # <true|false> one of the storages in should be main
-  #      syncACLGrants: false #set true to synchronize ACL Grants from source
   #      healthCheckInterval: 10s
   #      httpTimeout: 1m
   #      isSecure: true #set false for http address
@@ -66,7 +65,6 @@ storage:
   #          secretAccessKey: <user2 v4 secretKey credential>
   #      provider: <Ceph|Minio|AWS|Other see providers list in rclone config> # https://rclone.org/s3/#configuration
   #      isMain: false # <true|false> one of the storages in should be main
-  #      syncACLGrants: false #set true to synchronize ACL Grants from source
   #      healthCheckInterval: 10s
   #      httpTimeout: 1m
   #      isSecure: true #set false for http address

diff --git a/service/worker/handler/acl.go b/service/worker/handler/acl.go
@@ -156,10 +156,8 @@ func (s *svc) syncBucketACL(ctx context.Context, fromClient, toClient s3client.C
 		toOwnerID = toACL.Owner.ID
 	}
 
-	var syncACLGrants bool = toClient.Config().SyncACLGrants
-
 	_, err = toClient.AWS().PutBucketAclWithContext(ctx, &aws_s3.PutBucketAclInput{
-		AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, syncACLGrants),
+		AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, features.PreserveACLGrants(ctx)),
 		Bucket:              &bucket,
 	})
 	if err != nil {
@@ -220,10 +218,8 @@ func (s *svc) syncObjectACL(ctx context.Context, fromClient, toClient s3client.C
 		toOwnerID = toACL.Owner.ID
 	}
 
-	var syncACLGrants bool = toClient.Config().SyncACLGrants
-
 	_, err = toClient.AWS().PutObjectAclWithContext(ctx, &aws_s3.PutObjectAclInput{
-		AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, syncACLGrants),
+		AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, features.PreserveACLGrants(ctx)),
 		Bucket:              &bucket,
 		Key:                 &object,
 		VersionId:           nil, //todo: versioning
@@ -248,11 +244,11 @@ func srcOwnerToDstOwner(owner, srcBucketOwner, dstBucketOwner *string) *string {
 	return dstBucketOwner
 }
 
-func mappedOwnersACL(srcOwner *aws_s3.Owner, srcGrants []*aws_s3.Grant, dstOwner *string, syncACLGrants bool) *aws_s3.AccessControlPolicy {
+func mappedOwnersACL(srcOwner *aws_s3.Owner, srcGrants []*aws_s3.Grant, dstOwner *string, preserveACLGrants bool) *aws_s3.AccessControlPolicy {
 	grants := make([]*aws_s3.Grant, len(srcGrants))
 	for i, grant := range srcGrants {
 		var dstID *string
-		if syncACLGrants {
+		if preserveACLGrants {
 			dstID = grant.Grantee.ID
 		} else {
 			dstID = srcOwnerToDstOwner(grant.Grantee.ID, srcOwner.ID, dstOwner)