-
Notifications
You must be signed in to change notification settings - Fork 256
Expand file tree
/
Copy pathservices.js
More file actions
1010 lines (951 loc) · 43.1 KB
/
services.js
File metadata and controls
1010 lines (951 loc) · 43.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
const assert = require('assert');
const async = require('async');
const { errors, s3middleware } = require('arsenal');
const ObjectMD = require('arsenal').models.ObjectMD;
const BucketInfo = require('arsenal').models.BucketInfo;
const ObjectMDArchive = require('arsenal').models.ObjectMDArchive;
const ObjectMDChecksum = require('arsenal').models.ObjectMDChecksum;
const { versioning } = require('arsenal');
const acl = require('./metadata/acl');
const constants = require('../constants');
const { config } = require('./Config');
const { data } = require('./data/wrapper');
const metadata = require('./metadata/wrapper');
const { setObjectLockInformation }
= require('./api/apiUtils/object/objectLockHelpers');
const removeAWSChunked = require('./api/apiUtils/object/removeAWSChunked');
const { parseTagFromQuery } = s3middleware.tagging;
const usersBucket = constants.usersBucket;
const oldUsersBucket = constants.oldUsersBucket;
function setLastModifiedFromHeader(md, metaHeaders) {
const forcedLastModifiedTs = Date.parse(metaHeaders[constants.lastModifiedHeader]);
md.setLastModified(new Date(forcedLastModifiedTs).toJSON());
// eslint-disable-next-line no-param-reassign
delete metaHeaders[constants.lastModifiedHeader];
}
const services = {
getService(authInfo, request, log, splitter, cb, overrideUserbucket) {
const canonicalID = authInfo.getCanonicalID();
assert.strictEqual(typeof splitter, 'string');
const prefix = `${canonicalID}${splitter}`;
const bucketUsers = overrideUserbucket || usersBucket;
// Note: we are limiting max keys on a bucket listing to 10000
// AWS does not limit but they only allow 100 buckets
// (without special increase)
// TODO: Consider implementing pagination like object listing
// with respect to bucket listing so can go beyond 10000
metadata.listObject(bucketUsers, { prefix, maxKeys: 10000 }, log,
(err, listResponse) => {
// If MD responds with NoSuchBucket, this means the
// hidden usersBucket has not yet been created for
// the domain. If this is the case, it means
// that no buckets in this domain have been created so
// it follows that this particular user has no buckets.
// So, the get service listing should not have any
// buckets to list. By returning an empty array, the
// getService API will just respond with the user info
// without listing any buckets.
if (err?.is?.NoSuchBucket) {
log.trace('no buckets found');
// If we checked the old user bucket, that means we
// already checked the new user bucket. If neither the
// old user bucket or the new user bucket exist, no buckets
// have yet been created in the namespace so an empty
// listing should be returned
if (overrideUserbucket) {
return cb(null, [], splitter);
}
// Since there were no results from checking the
// new users bucket, we check the old users bucket
return this.getService(authInfo, request, log,
constants.oldSplitter, cb, oldUsersBucket);
}
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
return cb(null, listResponse.Contents, splitter);
});
},
/**
* Check that hashedStream.completedHash matches header contentMd5.
* @param {object} contentMD5 - content-md5 header
* @param {string} completedHash - hashed stream once completed
* @param {RequestLogger} log - the current request logger
* @return {boolean} - true if contentMD5 matches or is undefined,
* false otherwise
*/
checkHashMatchMD5(contentMD5, completedHash, log) {
if (contentMD5 && completedHash && contentMD5 !== completedHash) {
log.debug('contentMD5 and completedHash does not match',
{ method: 'checkHashMatchMD5', completedHash, contentMD5 });
return false;
}
return true;
},
/**
* Stores object location, custom headers, version etc.
* @param {object} bucketName - bucket in which metadata is stored
* @param {array} dataGetInfo - array of objects with information to
* retrieve data or null if 0 bytes object
* @param {object} cipherBundle - server side encryption information
* @param {object} params - custom built object containing resource details.
* @param {function} cb - callback containing result for the next task
* @return {function} executes callback with err or ETag as arguments
*/
metadataStoreObject(bucketName, dataGetInfo, cipherBundle, params, cb) {
const { objectKey, authInfo, size, contentMD5, checksum, metaHeaders,
contentType, cacheControl, contentDisposition, contentEncoding,
expires, multipart, headers, overrideMetadata, log,
lastModifiedDate, versioning, versionId, uploadId,
tagging, taggingCopy, replicationInfo, defaultRetention,
dataStoreName, creationTime, retentionMode, retentionDate,
legalHold, originOp, updateMicroVersionId, archive, oldReplayId,
deleteNullKey, amzStorageClass, overheadField, needOplogUpdate,
restoredEtag, bucketOwnerId } = params;
log.trace('storing object in metadata');
assert.strictEqual(typeof bucketName, 'string');
const md = new ObjectMD();
if (config.testingMode && metaHeaders && metaHeaders[constants.lastModifiedHeader]) {
setLastModifiedFromHeader(md, metaHeaders);
}
// This should be object creator's canonical ID.
md.setOwnerId(authInfo.getCanonicalID())
.setKey(objectKey)
.setCacheControl(cacheControl)
.setContentDisposition(contentDisposition)
.setContentEncoding(contentEncoding)
.setExpires(expires)
.setContentLength(size)
.setContentType(contentType)
.setContentMd5(contentMD5)
.setLocation(dataGetInfo)
// If an IAM user uploads a resource, the owner should be the parent
// account. http://docs.aws.amazon.com/AmazonS3/
// latest/dev/access-control-overview.html
.setOwnerDisplayName(authInfo.getAccountDisplayName())
.setDataStoreName(dataStoreName)
// CreationTime needs to be carried over so that it remains static
.setCreationTime(creationTime)
.setOriginOp(originOp);
if (checksum) {
md.setChecksum(new ObjectMDChecksum(checksum.algorithm, checksum.value, checksum.type));
}
// Sending in last modified date in object put copy since need
// to return the exact date in the response
if (lastModifiedDate) {
md.setLastModified(lastModifiedDate);
}
if (cipherBundle) {
md.setAmzServerSideEncryption(cipherBundle.algorithm);
// configuredMasterKeyId takes precedence
if (cipherBundle.configuredMasterKeyId || cipherBundle.masterKeyId) {
md.setAmzEncryptionKeyId(cipherBundle.configuredMasterKeyId || cipherBundle.masterKeyId);
}
}
if (headers && headers['x-amz-website-redirect-location']) {
md.setRedirectLocation(headers['x-amz-website-redirect-location']);
}
if (headers) {
// Stores retention information if object has its own retention
// configuration or default retention configuration from its bucket
const headerMode = headers['x-amz-object-lock-mode'];
const headerDate = headers['x-amz-object-lock-retain-until-date'];
const headerLegalHold = headers['x-amz-object-lock-legal-hold'];
const objectRetention = headers && headerMode && headerDate;
const objectLegalHold = headers && headerLegalHold;
if (objectRetention || defaultRetention || objectLegalHold) {
setObjectLockInformation(headers, md, defaultRetention);
}
}
if (replicationInfo) {
md.setReplicationInfo(replicationInfo);
}
// options to send to metadata to create or overwrite versions
// when putting the object MD
const options = {};
if (versioning) {
options.versioning = versioning;
}
if (versionId || versionId === '') {
options.versionId = versionId;
}
if (needOplogUpdate) {
options.needOplogUpdate = true;
options.originOp = needOplogUpdate;
}
if (uploadId) {
md.setUploadId(uploadId);
options.replayId = uploadId;
}
// update microVersionId when overwriting metadata.
if (updateMicroVersionId) {
md.updateMicroVersionId();
}
// update restore
if (archive) {
md.setAmzStorageClass(amzStorageClass);
md.setArchive(new ObjectMDArchive(
archive.archiveInfo,
archive.restoreRequestedAt,
archive.restoreRequestedDays,
archive.restoreCompletedAt,
archive.restoreWillExpireAt));
md.setAmzRestore({
'ongoing-request': false,
'expiry-date': archive.restoreWillExpireAt,
'content-md5': restoredEtag,
});
}
if (oldReplayId) {
options.oldReplayId = oldReplayId;
}
if (deleteNullKey) {
options.deleteNullKey = deleteNullKey;
}
if (overheadField) {
options.overheadField = overheadField;
}
// information to store about the version and the null version id
// in the object metadata
// NOTE nullVersionId and nullUploadId are only maintained in
// v0 metadata compatibility mode
const { isNull, nullVersionId, nullUploadId, isDeleteMarker } = params;
md.setIsNull(isNull)
.setNullVersionId(nullVersionId)
.setNullUploadId(nullUploadId)
.setIsDeleteMarker(isDeleteMarker);
if (versionId && versionId !== 'null') {
md.setVersionId(versionId);
}
if (isNull && !config.nullVersionCompatMode) {
md.setIsNull2(true);
}
if (taggingCopy) {
// If copying tags to an object (taggingCopy) we do not
// need to validate them again
md.setTags(taggingCopy);
} else if (tagging) {
const validationTagRes = parseTagFromQuery(tagging);
if (validationTagRes instanceof Error) {
log.debug('tag validation failed', {
error: validationTagRes,
method: 'metadataStoreObject',
});
return process.nextTick(() => cb(validationTagRes));
}
md.setTags(validationTagRes);
}
// Store user provided metadata.
// For multipart upload this also serves to transfer
// over metadata originally sent with the initiation
// of the multipart upload (for instance, ACL's).
// Do NOT move this to before
// the assignments of metadata above since this loop
// will reassign some of the above values with the ones
// from the intiation of the multipart upload
// (for instance, storage class)
md.setUserMetadata(metaHeaders);
if (overrideMetadata) {
md.overrideMetadataValues(overrideMetadata);
}
if (retentionMode && retentionDate) {
md.setRetentionMode(retentionMode);
md.setRetentionDate(retentionDate);
}
if (legalHold) {
md.setLegalHold(legalHold);
}
if (params.acl) {
// In case of a restore we dont pass ACL in the headers
// but we take them from the old metadata
md.setAcl(params.acl);
}
if (bucketOwnerId) {
md.setBucketOwnerId(bucketOwnerId);
}
log.trace('object metadata', { omVal: md.getValue() });
// If this is not the completion of a multipart upload or
// the creation of a delete marker, parse the headers to
// get the ACL's if any
return async.waterfall([
callback => {
if (multipart || md.getIsDeleteMarker()) {
return callback();
}
const parseAclParams = {
headers,
resourceType: 'object',
acl: md.getAcl(),
log,
};
log.trace('parsing acl from headers');
acl.parseAclFromHeaders(parseAclParams, (err, parsedACL) => {
if (err) {
log.debug('error parsing acl', { error: err });
return callback(err);
}
md.setAcl(parsedACL);
return callback();
});
return null;
},
callback => metadata.putObjectMD(bucketName, objectKey, md,
options, log, callback),
], (err, data) => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
log.trace('object successfully stored in metadata');
// if versioning is enabled, data will be returned from metadata
// as JSON containing a versionId which some APIs will need sent
// back to them
let versionId;
if (data) {
if (params.isNull && params.isDeleteMarker) {
versionId = 'null';
} else if (!params.isNull) {
versionId = JSON.parse(data).versionId;
}
}
return cb(err, {
lastModified: md.getLastModified(),
tags: md.getTags(),
contentMD5,
versionId,
checksum: md.getChecksum(),
});
});
},
/**
* Deletes objects from a bucket
* @param {string} bucketName - bucket in which objectMD is stored
* @param {object} objectMD - object's metadata
* @param {string} objectKey - object key name
* @param {object} options - other instructions, such as { versionId } to
* delete a specific version of the object
* @param {boolean} deferLocationDeletion - true if the object should not
* be removed from the storage, but be returned instead.
* @param {Log} log - logger instance
* @param {string} originOp - origin operation
* @param {function} cb - callback from async.waterfall in objectGet
* @return {undefined}
*/
deleteObject(bucketName, objectMD, objectKey, options, deferLocationDeletion, log, originOp, cb) {
log.trace('deleting object from bucket');
assert.strictEqual(typeof bucketName, 'string');
assert.strictEqual(typeof objectMD, 'object');
function deleteMDandData() {
return metadata.deleteObjectMD(bucketName, objectKey, options, log,
(err, res) => {
if (err) {
return cb(err, res);
}
log.trace('deleteObject: metadata delete OK');
if (objectMD.location === null) {
return cb(null, res);
}
if (deferLocationDeletion) {
return cb(null, Array.isArray(objectMD.location)
? objectMD.location : [objectMD.location]);
}
if (!Array.isArray(objectMD.location)) {
data.delete(objectMD.location, log);
return cb(null, res);
}
return data.batchDelete(objectMD.location, null, null, log, err => {
if (err) {
return cb(err);
}
return cb(null, res);
});
}, originOp);
}
const objGetInfo = objectMD.location;
// special case that prevents azure blocks from unecessary deletion
// will return null if no need
return data.protectAzureBlocks(bucketName, objectKey, objGetInfo,
log, err => {
if (err) {
return cb(err);
}
return deleteMDandData();
});
},
/**
* Gets list of objects in bucket
* @param {object} bucketName - bucket in which objectMetadata is stored
* @param {object} listingParams - params object passing on
* needed items from request object
* @param {object} log - request logger instance
* @param {function} cb - callback to bucketGet.js
* @return {undefined}
* JSON response from metastore
*/
getObjectListing(bucketName, listingParams, log, cb) {
assert.strictEqual(typeof bucketName, 'string');
log.trace('performing metadata get object listing',
{ listingParams });
metadata.listObject(bucketName, listingParams, log,
(err, listResponse) => {
if (err) {
log.debug('error from metadata', { error: err });
return cb(err);
}
return cb(null, listResponse);
});
},
/**
* Finds a specific object version by its uploadId by listing and filtering all versions.
* This is used during MPU abort to clean up potentially orphaned object metadata.
* @param {string} bucketName - The name of the bucket.
* @param {string} objectKey - The key of the object.
* @param {string} uploadId - The uploadId to search for.
* @param {object} log - The logger instance.
* @param {function} cb - The callback, called with (err, foundVersion).
* @returns {undefined}
*/
findObjectVersionByUploadId(bucketName, objectKey, uploadId, log, cb) {
let keyMarker = null;
let versionIdMarker = null;
let foundVersion = null;
let shouldContinue = true;
return async.whilst(
() => shouldContinue && !foundVersion,
callback => {
const listParams = {
listingType: 'DelimiterVersions',
// To only list the specific key, we need to add the versionId separator
prefix: `${objectKey}${versioning.VersioningConstants.VersionId.Separator}`,
maxKeys: 1000,
};
if (keyMarker) {
listParams.keyMarker = keyMarker;
}
if (versionIdMarker) {
listParams.versionIdMarker = versionIdMarker;
}
return this.getObjectListing(bucketName, listParams, log, (err, listResponse) => {
if (err) {
log.error('error listing object versions', { error: err });
return callback(err);
}
// Check each version in current batch for matching uploadId
const matchedVersion = (listResponse.Versions || []).find(version =>
version.key === objectKey &&
version.value &&
version.value.uploadId === uploadId
);
if (matchedVersion) {
foundVersion = matchedVersion.value;
}
// Set up for next iteration if needed
if (listResponse.IsTruncated && !foundVersion) {
keyMarker = listResponse.NextKeyMarker;
versionIdMarker = listResponse.NextVersionIdMarker;
} else {
shouldContinue = false;
}
return callback();
});
},
err => cb(err, err ? null : foundVersion)
);
},
/**
* Gets list of objects ready to be lifecycled
* @param {object} bucketName - bucket in which objectMetadata is stored
* @param {object} listingParams - params object passing on
* needed items from request object
* @param {object} log - request logger instance
* @param {function} cb - callback to bucketGet.js
* @return {undefined}
* JSON response from metastore
*/
getLifecycleListing(bucketName, listingParams, log, cb) {
assert.strictEqual(typeof bucketName, 'string');
log.trace('performing metadata get object listing for lifecycle',
{ listingParams });
metadata.listLifecycleObject(bucketName, listingParams, log,
(err, listResponse) => {
if (err) {
log.debug('error from metadata', { error: err });
return cb(err);
}
return cb(null, listResponse);
});
},
metadataStoreMPObject(bucketName, cipherBundle, params, log, cb) {
assert.strictEqual(typeof bucketName, 'string');
assert.strictEqual(typeof params.splitter, 'string');
// TODO: Determine splitter that will not appear in
// any of these items. This is GH Issue#218
// 1) ObjectKey can contain any characters so when initiating
// the MPU, we restricted the ability to create an object containing
// the splitter.
// 2) UploadId's are UUID version 4
const splitter = params.splitter;
const longMPUIdentifier =
`overview${splitter}${params.objectKey}` +
`${splitter}${params.uploadId}`;
const multipartObjectMD = {};
multipartObjectMD.id = params.uploadId;
multipartObjectMD.eventualStorageBucket = params.eventualStorageBucket;
multipartObjectMD.initiated = new Date().toJSON();
// Note: opting to store the initiator and owner
// info here (including display names)
// rather than just saving the canonicalID and
// calling the display name when get a view request.
// Since multi-part upload will likely not be open
// for that long, seems unnecessary
// to be concerned about a change in the display
// name while the multi part upload is open.
multipartObjectMD['owner-display-name'] = params.ownerDisplayName;
multipartObjectMD['owner-id'] = params.ownerID;
multipartObjectMD.initiator = {
DisplayName: params.initiatorDisplayName,
ID: params.initiatorID,
};
multipartObjectMD.key = params.objectKey;
multipartObjectMD.uploadId = params.uploadId;
multipartObjectMD['cache-control'] = params.headers['cache-control'];
multipartObjectMD['content-disposition'] =
params.headers['content-disposition'];
multipartObjectMD['content-encoding'] =
removeAWSChunked(params.headers['content-encoding']);
multipartObjectMD['content-type'] =
params.headers['content-type'];
multipartObjectMD.expires =
params.headers.expires;
multipartObjectMD['x-amz-storage-class'] = params.storageClass; // TODO: removed CLDSRV-639
multipartObjectMD['x-amz-website-redirect-location'] =
params.headers['x-amz-website-redirect-location'];
if (cipherBundle) {
multipartObjectMD['x-amz-server-side-encryption'] =
cipherBundle.algorithm;
if (cipherBundle.masterKeyId) {
multipartObjectMD[
'x-amz-server-side-encryption-aws-kms-key-id'] =
cipherBundle.masterKeyId;
}
}
multipartObjectMD.controllingLocationConstraint =
params.controllingLocationConstraint;
multipartObjectMD.dataStoreName = params.dataStoreName;
if (params.tagging) {
const validationTagRes = parseTagFromQuery(params.tagging);
if (validationTagRes instanceof Error) {
log.debug('tag validation failed', {
error: validationTagRes,
method: 'metadataStoreObject',
});
process.nextTick(() => cb(validationTagRes));
}
multipartObjectMD['x-amz-tagging'] = params.tagging;
}
if (params.retentionMode && params.retentionDate) {
multipartObjectMD.retentionMode = params.retentionMode;
multipartObjectMD.retentionDate = params.retentionDate;
}
if (params.legalHold) {
multipartObjectMD.legalHold = params.legalHold;
}
multipartObjectMD.checksumAlgorithm = params.checksumAlgorithm;
multipartObjectMD.checksumType = params.checksumType;
multipartObjectMD.checksumIsDefault = params.checksumIsDefault;
Object.keys(params.metaHeaders).forEach(val => {
multipartObjectMD[val] = params.metaHeaders[val];
});
// TODO: Add encryption values from headers if sent with request
const parseAclParams = {
headers: params.headers,
resourceType: 'object',
acl: {
Canned: 'private',
FULL_CONTROL: [],
WRITE_ACP: [],
READ: [],
READ_ACP: [],
},
log,
};
acl.parseAclFromHeaders(parseAclParams, (err, parsedACL) => {
if (err) {
return cb(err);
}
multipartObjectMD.acl = parsedACL;
metadata.putObjectMD(bucketName, longMPUIdentifier,
multipartObjectMD, {}, log, err => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
return cb(null, multipartObjectMD);
});
return undefined;
});
},
/**
* Mark the MPU overview key with a flag when starting the
* CompleteMPU operation, to be checked by "put part" operations
*
* @param {object} params - params object
* @param {string} params.bucketName - name of MPU bucket
* @param {string} params.objectKey - object key
* @param {string} params.uploadId - upload ID
* @param {string} params.splitter - splitter for this overview key
* @param {object} params.storedMetadata - original metadata of the overview key
* @param {Logger} log - Logger object
* @param {function} cb - callback(err)
* @return {undefined}
*/
metadataMarkMPObjectForCompletion(params, log, cb) {
assert.strictEqual(typeof params, 'object');
assert.strictEqual(typeof params.bucketName, 'string');
assert.strictEqual(typeof params.objectKey, 'string');
assert.strictEqual(typeof params.uploadId, 'string');
assert.strictEqual(typeof params.splitter, 'string');
assert.strictEqual(typeof params.storedMetadata, 'object');
const splitter = params.splitter;
const longMPUIdentifier =
`overview${splitter}${params.objectKey}${splitter}${params.uploadId}`;
const multipartObjectMD = Object.assign({}, params.storedMetadata);
multipartObjectMD.completeInProgress = true;
metadata.putObjectMD(params.bucketName, longMPUIdentifier, multipartObjectMD,
{}, log, err => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
return cb();
});
},
/**
* Returns if a CompleteMPU operation is in progress for this
* object, by looking at the `completeInProgress` flag stored in
* the overview key
*
* @param {object} params - params object
* @param {string} params.bucketName - bucket name where object should be stored
* @param {string} params.objectKey - object key
* @param {string} params.uploadId - upload ID
* @param {string} params.splitter - splitter for this overview key
* @param {object} log - request logger instance
* @param {function} cb - callback(err, {bool} completeInProgress)
* @return {undefined}
*/
isCompleteMPUInProgress(params, log, cb) {
assert.strictEqual(typeof params, 'object');
assert.strictEqual(typeof params.bucketName, 'string');
assert.strictEqual(typeof params.objectKey, 'string');
assert.strictEqual(typeof params.uploadId, 'string');
assert.strictEqual(typeof params.splitter, 'string');
const mpuBucketName = `${constants.mpuBucketPrefix}${params.bucketName}`;
const splitter = params.splitter;
const mpuOverviewKey =
`overview${splitter}${params.objectKey}${splitter}${params.uploadId}`;
return metadata.getObjectMD(mpuBucketName, mpuOverviewKey, {}, log,
(err, res) => {
if (err) {
if (err.is && err.is.NoSuchKey) {
// The overview key no longer exists, meaning completeMultipartUpload
// already ran to completion and cleaned up the MPU bucket.
// This is a race condition: objectPutPart checked for old
// part locations after completeMultipartUpload deleted the overview.
// Returning true (complete in progress) prevents objectPutPart
// from deleting part data that may have already been committed
// as the final object.
return cb(null, true);
}
log.error('error getting the overview object from mpu bucket', {
error: err,
method: 'services.isCompleteMPUInProgress',
params,
});
return cb(err);
}
return cb(null, Boolean(res.completeInProgress));
});
},
/**
* Checks whether bucket exists, multipart upload
* has been initiated and the user is authorized
* @param {object} params - custom built object containing
* bucket name, uploadId, authInfo etc.
* @param {function} cb - callback containing error and
* bucket reference for the next task
* @return {undefined} calls callback with arguments:
* - error
* - bucket
* - the multipart upload metadata
* - the overview key stored metadata
*/
metadataValidateMultipart(params, cb) {
const { bucketName, uploadId, authInfo,
objectKey, requestType, log } = params;
assert.strictEqual(typeof bucketName, 'string');
// This checks whether the mpu bucket exists.
// If the MPU was initiated, the mpu bucket should exist.
const mpuBucketName = `${constants.mpuBucketPrefix}${bucketName}`;
metadata.getBucket(mpuBucketName, log, (err, mpuBucket) => {
if (err?.is?.NoSuchBucket) {
log.debug('bucket not found in metadata', { error: err,
method: 'services.metadataValidateMultipart' });
return cb(errors.NoSuchUpload);
}
if (err) {
log.error('error from metadata', { error: err,
method: 'services.metadataValidateMultipart' });
return cb(err);
}
let splitter = constants.splitter;
// BACKWARD: Remove to remove the old splitter
if (mpuBucket.getMdBucketModelVersion() < 2) {
splitter = constants.oldSplitter;
}
const mpuOverviewKey =
`overview${splitter}${objectKey}${splitter}${uploadId}`;
metadata.getObjectMD(mpuBucket.getName(), mpuOverviewKey,
{}, log, (err, storedMetadata) => {
if (err) {
if (err.is && err.is.NoSuchKey) {
return cb(errors.NoSuchUpload);
}
log.error('error from metadata', { error: err });
return cb(err);
}
const initiatorID = storedMetadata.initiator.ID;
const ownerID = storedMetadata['owner-id'];
const mpuOverview = {
key: storedMetadata.key,
id: storedMetadata.id,
eventualStorageBucket:
storedMetadata.eventualStorageBucket,
initiatorID,
initiatorDisplayName:
storedMetadata.initiator.DisplayName,
ownerID,
ownerDisplayName:
storedMetadata['owner-display-name'],
storageClass:
storedMetadata['x-amz-storage-class'],
initiated: storedMetadata.initiated,
controllingLocationConstraint:
storedMetadata.controllingLocationConstraint,
};
const tagging = storedMetadata['x-amz-tagging'];
if (tagging) {
mpuOverview.tagging = tagging;
}
// If access was provided by the destination bucket's
// bucket policies, go ahead.
if (requestType === 'bucketPolicyGoAhead') {
return cb(null, mpuBucket, mpuOverview, storedMetadata);
}
const requesterID = authInfo.isRequesterAnIAMUser() ?
authInfo.getArn() : authInfo.getCanonicalID();
const isRequesterInitiator =
initiatorID === requesterID;
const isRequesterParentAccountOfInitiator =
ownerID === authInfo.getCanonicalID();
if (requestType === 'putPart or complete') {
// Only the initiator of the multipart
// upload can upload a part or complete the mpu
if (!isRequesterInitiator) {
return cb(errors.AccessDenied);
}
}
if (requestType === 'deleteMPU'
|| requestType === 'listParts') {
// In order for account/user to be
// authorized must either be the
// bucket owner or intitator of
// the multipart upload request
// (or parent account of initiator).
// In addition if the bucket policy
// designates someone else with
// s3:AbortMultipartUpload or
// s3:ListMultipartUploadPartsrights,
// as applicable, that account/user will have the right.
// If got to this step, it means there is
// no bucket policy on this.
if (mpuBucket.getOwner() !== authInfo.getCanonicalID()
&& !isRequesterInitiator
&& !isRequesterParentAccountOfInitiator) {
return cb(errors.AccessDenied);
}
}
return cb(null, mpuBucket, mpuOverview, storedMetadata);
});
return undefined;
});
},
/**
* Stores metadata about a part of a multipart upload
* @param {string} mpuBucketName - name of the special mpu bucket
* @param {object []} partLocations - data retrieval info for part.
* @param {string} partLocations[].key -
* key in datastore for part
* @param {string} partLocations[].dataStoreName - name of dataStore
* @param {string} [partLocations[].size] - part size
* @param {string} [partLocations[].sseCryptoScheme] - cryptoScheme
* @param {string} [partLocations[].sseCipheredDataKey] - cipheredDataKey
* @param {string} [partLocations[].sseAlgorithm] - encryption algo
* @param {string} [partLocations[].masterKeyId] - masterKeyId
* @param {object} metaStoreParams - custom built object
* @param {object} log - request logger instance
* @param {function} cb - callback to send error or move to next task
* @return {undefined}
*/
metadataStorePart(mpuBucketName, partLocations,
metaStoreParams, log, cb) {
assert.strictEqual(typeof mpuBucketName, 'string');
const { partNumber, contentMD5, size, uploadId, lastModified, splitter, overheadField, ownerId }
= metaStoreParams;
const dateModified = typeof lastModified === 'string' ?
lastModified : new Date().toJSON();
assert.strictEqual(typeof splitter, 'string');
const partKey = `${uploadId}${splitter}${partNumber}`;
const omVal = {
// Version 3 changes the format of partLocations
// from an object to an array
'md-model-version': 3,
partLocations,
'key': partKey,
'last-modified': dateModified,
'content-md5': contentMD5,
'content-length': size,
'owner-id': ownerId,
};
const params = {};
if (overheadField) {
params.overheadField = overheadField;
}
metadata.putObjectMD(mpuBucketName, partKey, omVal, params, log, err => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
return cb(null);
});
},
/**
* Gets list of open multipart uploads in bucket
* @param {object} MPUbucketName - bucket in which objectMetadata is stored
* @param {object} listingParams - params object passing on
* needed items from request object
* @param {object} log - Werelogs logger
* @param {function} cb - callback to listMultipartUploads.js
* @return {undefined}
*/
getMultipartUploadListing(MPUbucketName, listingParams, log, cb) {
assert.strictEqual(typeof MPUbucketName, 'string');
assert.strictEqual(typeof listingParams.splitter, 'string');
metadata.getBucket(MPUbucketName, log, (err, bucket) => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
if (bucket === undefined) {
return cb(null, {
IsTruncated: false,
NextMarker: undefined,
MaxKeys: 0,
Uploads: [],
CommonPrefixes: [],
});
}
const listParams = {};
Object.keys(listingParams).forEach(name => {
listParams[name] = listingParams[name];
});
// BACKWARD: Remove to remove the old splitter
if (bucket.getMdBucketModelVersion() < 2) {
listParams.splitter = constants.oldSplitter;
}
metadata.listMultipartUploads(MPUbucketName, listParams, log,
cb);
return undefined;
});
},
/**
* Gets the special multipart upload bucket associated with
* the user's account or creates it if it does not exist
* @param {Bucket} destinationBucket - bucket the mpu will end up in
* @param {string} bucketName - name of the destination bucket
* @param {object} log - Werelogs logger
* @param {function} cb - callback that returns multipart
* upload bucket or error if any
* @return {undefined}
*/
getMPUBucket(destinationBucket, bucketName, log, cb) {
assert.strictEqual(typeof bucketName, 'string');
const MPUBucketName = `${constants.mpuBucketPrefix}${bucketName}`;
metadata.getBucket(MPUBucketName, log, (err, bucket) => {
if (err?.is?.NoSuchBucket) {
log.trace('no buckets found');
const creationDate = new Date().toJSON();
const mpuBucket = new BucketInfo(MPUBucketName,
destinationBucket.getOwner(),
destinationBucket.getOwnerDisplayName(), creationDate,
BucketInfo.currentModelVersion());
// Note that unlike during the creation of a normal bucket,
// we do NOT add this bucket to the lists of a user's buckets.
// By not adding this bucket to the lists of a user's buckets,
// a getService request should not return a reference to this
// bucket. This is the desired behavior since this should be
// a hidden bucket.
return metadata.createBucket(MPUBucketName, mpuBucket, log,
err => {
if (err) {
log.error('error from metadata', { error: err });
return cb(err);
}
return cb(null, mpuBucket);
});
}
if (err) {
log.error('error from metadata', {
error: err,
method: 'services.getMPUBucket',
});
return cb(err);
}
return cb(null, bucket);
});
},
getMPUparts(mpuBucketName, uploadId, log, cb) {
assert.strictEqual(typeof mpuBucketName, 'string');
const searchArgs = {
prefix: `${uploadId}`,
marker: undefined,
delimiter: undefined,
maxKeys: 10000,
};
metadata.listObject(mpuBucketName, searchArgs, log, cb);
},
getSomeMPUparts(params, cb) {
const { uploadId, mpuBucketName, maxParts, partNumberMarker, log } =
params;
assert.strictEqual(typeof mpuBucketName, 'string');
assert.strictEqual(typeof params.splitter, 'string');
const paddedPartNumber = `000000${partNumberMarker}`.substr(-5);
const searchArgs = {
prefix: uploadId,
marker: `${uploadId}${params.splitter}${paddedPartNumber}`,
delimiter: undefined,
maxKeys: maxParts,
};
metadata.listObject(mpuBucketName, searchArgs, log, cb);
},
batchDeleteObjectMetadata(mpuBucketName, keysToDelete, log, cb) {