s3: change s3 tables to use RESTful API (#8169)
* s3: refactor s3 tables to use RESTful API * test/s3tables: guard empty namespaces * s3api: document tag parsing and validate get-table * s3api: limit S3Tables REST body size * Update weed/s3api/s3api_tables.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update weed/s3api/s3tables/handler.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * s3api: accept encoded table bucket ARNs * s3api: validate namespaces and close body * s3api: match encoded table bucket ARNs * s3api: scope table bucket ARN routes * s3api: dedupe table bucket request builders * test/s3tables: allow list tables without namespace * s3api: validate table params and tag ARN * s3api: tighten tag handling and get-table params * s3api: loosen tag ARN route matching * Fix S3 Tables REST routing and tests * Adjust S3 Tables request parsing * Gate S3 Tables target routing * Avoid double decoding namespaces --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Chris Lu
@@ -1,7 +1,13 @@
|
||||
package s3api
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
@@ -13,31 +19,6 @@ import (
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3tables"
|
||||
)
|
||||
|
||||
// s3TablesActionsMap contains all valid S3 Tables operations for O(1) lookup
|
||||
var s3TablesActionsMap = map[string]struct{}{
|
||||
"CreateTableBucket": {},
|
||||
"GetTableBucket": {},
|
||||
"ListTableBuckets": {},
|
||||
"DeleteTableBucket": {},
|
||||
"PutTableBucketPolicy": {},
|
||||
"GetTableBucketPolicy": {},
|
||||
"DeleteTableBucketPolicy": {},
|
||||
"CreateNamespace": {},
|
||||
"GetNamespace": {},
|
||||
"ListNamespaces": {},
|
||||
"DeleteNamespace": {},
|
||||
"CreateTable": {},
|
||||
"GetTable": {},
|
||||
"ListTables": {},
|
||||
"DeleteTable": {},
|
||||
"PutTablePolicy": {},
|
||||
"GetTablePolicy": {},
|
||||
"DeleteTablePolicy": {},
|
||||
"TagResource": {},
|
||||
"ListTagsForResource": {},
|
||||
"UntagResource": {},
|
||||
}
|
||||
|
||||
// S3TablesApiServer wraps the S3 Tables handler with S3ApiServer's filer access
|
||||
type S3TablesApiServer struct {
|
||||
s3a *S3ApiServer
|
||||
@@ -77,41 +58,570 @@ func (s3a *S3ApiServer) registerS3TablesRoutes(router *mux.Router) {
|
||||
// Create S3 Tables handler
|
||||
s3TablesApi := NewS3TablesApiServer(s3a)
|
||||
|
||||
// S3 Tables API uses POST with x-amz-target header
|
||||
// The AWS CLI sends requests with:
|
||||
// - Content-Type: application/x-amz-json-1.1
|
||||
// - X-Amz-Target: S3Tables.<OperationName>
|
||||
|
||||
// Matcher function to identify S3 Tables requests
|
||||
s3TablesMatcher := func(r *http.Request, rm *mux.RouteMatch) bool {
|
||||
// Check for X-Amz-Target header with S3Tables prefix
|
||||
target := r.Header.Get("X-Amz-Target")
|
||||
if target != "" && strings.HasPrefix(target, "S3Tables.") {
|
||||
return true
|
||||
}
|
||||
|
||||
// Also check for specific S3 Tables actions in query string (CLI fallback)
|
||||
action := r.URL.Query().Get("Action")
|
||||
if isS3TablesAction(action) {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
// REST-style S3 Tables API routes (used by AWS CLI)
|
||||
targetMatcher := func(r *http.Request, rm *mux.RouteMatch) bool {
|
||||
return strings.HasPrefix(r.Header.Get("X-Amz-Target"), "S3Tables.")
|
||||
}
|
||||
router.Methods(http.MethodPost).Path("/").MatcherFunc(targetMatcher).
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.S3TablesHandler), "S3Tables-Target"))
|
||||
router.Methods(http.MethodPut).Path("/buckets").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("CreateTableBucket", buildCreateTableBucketRequest)), "S3Tables-CreateTableBucket"))
|
||||
router.Methods(http.MethodGet).Path("/buckets").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("ListTableBuckets", buildListTableBucketsRequest)), "S3Tables-ListTableBuckets"))
|
||||
router.Methods(http.MethodGet).Path("/buckets/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("GetTableBucket", buildTableBucketArnRequest)), "S3Tables-GetTableBucket"))
|
||||
router.Methods(http.MethodDelete).Path("/buckets/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("DeleteTableBucket", buildDeleteTableBucketRequest)), "S3Tables-DeleteTableBucket"))
|
||||
router.Methods(http.MethodPut).Path("/buckets/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("PutTableBucketPolicy", buildPutTableBucketPolicyRequest)), "S3Tables-PutTableBucketPolicy"))
|
||||
router.Methods(http.MethodGet).Path("/buckets/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("GetTableBucketPolicy", buildGetTableBucketPolicyRequest)), "S3Tables-GetTableBucketPolicy"))
|
||||
router.Methods(http.MethodDelete).Path("/buckets/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("DeleteTableBucketPolicy", buildDeleteTableBucketPolicyRequest)), "S3Tables-DeleteTableBucketPolicy"))
|
||||
|
||||
// Register the S3 Tables handler wrapped with IAM authentication
|
||||
router.Methods(http.MethodPost).Path("/").MatcherFunc(s3TablesMatcher).
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(func(w http.ResponseWriter, r *http.Request) {
|
||||
s3TablesApi.S3TablesHandler(w, r)
|
||||
}), "S3Tables"))
|
||||
router.Methods(http.MethodPut).Path("/namespaces/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("CreateNamespace", buildCreateNamespaceRequest)), "S3Tables-CreateNamespace"))
|
||||
router.Methods(http.MethodGet).Path("/namespaces/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("ListNamespaces", buildListNamespacesRequest)), "S3Tables-ListNamespaces"))
|
||||
router.Methods(http.MethodGet).Path("/namespaces/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("GetNamespace", buildGetNamespaceRequest)), "S3Tables-GetNamespace"))
|
||||
router.Methods(http.MethodDelete).Path("/namespaces/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("DeleteNamespace", buildDeleteNamespaceRequest)), "S3Tables-DeleteNamespace"))
|
||||
|
||||
router.Methods(http.MethodPut).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("CreateTable", buildCreateTableRequest)), "S3Tables-CreateTable"))
|
||||
router.Methods(http.MethodGet).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("ListTables", buildListTablesRequest)), "S3Tables-ListTables"))
|
||||
router.Methods(http.MethodDelete).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}/{name}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("DeleteTable", buildDeleteTableRequest)), "S3Tables-DeleteTable"))
|
||||
|
||||
router.Methods(http.MethodPut).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}/{name}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("PutTablePolicy", buildPutTablePolicyRequest)), "S3Tables-PutTablePolicy"))
|
||||
router.Methods(http.MethodGet).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}/{name}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("GetTablePolicy", buildGetTablePolicyRequest)), "S3Tables-GetTablePolicy"))
|
||||
router.Methods(http.MethodDelete).Path("/tables/{tableBucketARN:arn:aws:s3tables:[^/]+:[^/]+:bucket/[^/]+}/{namespace}/{name}/policy").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("DeleteTablePolicy", buildDeleteTablePolicyRequest)), "S3Tables-DeleteTablePolicy"))
|
||||
|
||||
router.Methods(http.MethodPost).Path("/tag/{resourceArn:arn:aws:s3tables:.*}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("TagResource", buildTagResourceRequest)), "S3Tables-TagResource"))
|
||||
router.Methods(http.MethodGet).Path("/tag/{resourceArn:arn:aws:s3tables:.*}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("ListTagsForResource", buildListTagsForResourceRequest)), "S3Tables-ListTagsForResource"))
|
||||
router.Methods(http.MethodDelete).Path("/tag/{resourceArn:arn:aws:s3tables:.*}").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("UntagResource", buildUntagResourceRequest)), "S3Tables-UntagResource"))
|
||||
|
||||
router.Methods(http.MethodGet).Path("/get-table").
|
||||
HandlerFunc(track(s3a.authenticateS3Tables(s3TablesApi.handleRestOperation("GetTable", buildGetTableRequest)), "S3Tables-GetTable"))
|
||||
|
||||
glog.V(1).Infof("S3 Tables API enabled")
|
||||
}
|
||||
|
||||
// isS3TablesAction checks if the action is an S3 Tables operation using O(1) map lookup
|
||||
func isS3TablesAction(action string) bool {
|
||||
_, ok := s3TablesActionsMap[action]
|
||||
return ok
|
||||
type s3tablesRequestBuilder func(r *http.Request) (interface{}, error)
|
||||
|
||||
func (st *S3TablesApiServer) handleRestOperation(operation string, builder s3tablesRequestBuilder) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
payload, err := builder(r)
|
||||
if err != nil {
|
||||
writeS3TablesError(w, http.StatusBadRequest, s3tables.ErrCodeInvalidRequest, err.Error())
|
||||
return
|
||||
}
|
||||
if err := setS3TablesRequestBody(r, payload); err != nil {
|
||||
writeS3TablesError(w, http.StatusInternalServerError, s3tables.ErrCodeInternalError, err.Error())
|
||||
return
|
||||
}
|
||||
r.Header.Set("X-Amz-Target", "S3Tables."+operation)
|
||||
st.S3TablesHandler(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func setS3TablesRequestBody(r *http.Request, payload interface{}) error {
|
||||
body, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
r.Body = io.NopCloser(bytes.NewReader(body))
|
||||
r.ContentLength = int64(len(body))
|
||||
r.Header.Set("Content-Type", "application/x-amz-json-1.1")
|
||||
return nil
|
||||
}
|
||||
|
||||
func readS3TablesJSONBody(r *http.Request, v interface{}) error {
|
||||
if r.Body == nil {
|
||||
return nil
|
||||
}
|
||||
defer r.Body.Close()
|
||||
const maxRequestBodySize = 10 * 1024 * 1024
|
||||
if r.ContentLength > maxRequestBodySize {
|
||||
return fmt.Errorf("request body too large: exceeds maximum size of %d bytes", maxRequestBodySize)
|
||||
}
|
||||
limitedReader := io.LimitReader(r.Body, maxRequestBodySize+1)
|
||||
body, err := io.ReadAll(limitedReader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(body) > maxRequestBodySize {
|
||||
return fmt.Errorf("request body too large: exceeds maximum size of %d bytes", maxRequestBodySize)
|
||||
}
|
||||
if len(bytes.TrimSpace(body)) == 0 {
|
||||
return nil
|
||||
}
|
||||
return json.Unmarshal(body, v)
|
||||
}
|
||||
|
||||
func writeS3TablesError(w http.ResponseWriter, status int, code, message string) {
|
||||
w.Header().Set("Content-Type", "application/x-amz-json-1.1")
|
||||
w.WriteHeader(status)
|
||||
errorResponse := map[string]interface{}{
|
||||
"__type": code,
|
||||
"message": message,
|
||||
}
|
||||
if err := json.NewEncoder(w).Encode(errorResponse); err != nil {
|
||||
glog.Errorf("failed to encode S3Tables error response (status=%d, code=%s, message=%q): %v", status, code, message, err)
|
||||
}
|
||||
}
|
||||
|
||||
func getDecodedPathParam(r *http.Request, name string) (string, error) {
|
||||
value := mux.Vars(r)[name]
|
||||
if value == "" {
|
||||
return "", nil
|
||||
}
|
||||
decoded, err := url.PathUnescape(value)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if decoded == ".." || strings.Contains(decoded, "../") || strings.Contains(decoded, `..\`) || strings.Contains(decoded, "\x00") {
|
||||
return "", fmt.Errorf("invalid path parameter %s", name)
|
||||
}
|
||||
return decoded, nil
|
||||
}
|
||||
|
||||
func buildTableBucketRequestWithARN(r *http.Request, constructor func(string) interface{}) (interface{}, error) {
|
||||
arn, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if arn == "" {
|
||||
return nil, fmt.Errorf("tableBucketARN is required")
|
||||
}
|
||||
if _, err := s3tables.ParseBucketNameFromARN(arn); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return constructor(arn), nil
|
||||
}
|
||||
|
||||
func parseOptionalIntParam(r *http.Request, name string) (int, error) {
|
||||
value := r.URL.Query().Get(name)
|
||||
if value == "" {
|
||||
return 0, nil
|
||||
}
|
||||
parsed, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("%s must be an integer", name)
|
||||
}
|
||||
if parsed <= 0 {
|
||||
return 0, fmt.Errorf("%s must be a positive integer", name)
|
||||
}
|
||||
return parsed, nil
|
||||
}
|
||||
|
||||
func parseOptionalNamespace(r *http.Request, name string) []string {
|
||||
value := r.URL.Query().Get(name)
|
||||
if value == "" {
|
||||
return nil
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{value}); err != nil {
|
||||
glog.V(1).Infof("invalid namespace value for %s: %q: %v", name, value, err)
|
||||
return nil
|
||||
}
|
||||
return []string{value}
|
||||
}
|
||||
|
||||
// parseTagKeys handles tag key parsing from query parameters.
|
||||
// If a single value contains commas, it is split into multiple keys (e.g., "key1,key2,key3").
|
||||
// Otherwise, multiple query values are returned as-is.
|
||||
func parseTagKeys(values []string) []string {
|
||||
if len(values) == 0 {
|
||||
return nil
|
||||
}
|
||||
out := make([]string, 0, len(values))
|
||||
for _, value := range values {
|
||||
for _, part := range strings.Split(value, ",") {
|
||||
part = strings.TrimSpace(part)
|
||||
if part != "" {
|
||||
out = append(out, part)
|
||||
}
|
||||
}
|
||||
}
|
||||
if len(out) == 0 {
|
||||
return nil
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func buildCreateTableBucketRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.CreateTableBucketRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildListTableBucketsRequest(r *http.Request) (interface{}, error) {
|
||||
maxBuckets, err := parseOptionalIntParam(r, "maxBuckets")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.ListTableBucketsRequest{
|
||||
Prefix: r.URL.Query().Get("prefix"),
|
||||
ContinuationToken: r.URL.Query().Get("continuationToken"),
|
||||
MaxBuckets: maxBuckets,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildTableBucketArnRequest(r *http.Request) (interface{}, error) {
|
||||
return buildTableBucketRequestWithARN(r, func(arn string) interface{} {
|
||||
return &s3tables.GetTableBucketRequest{TableBucketARN: arn}
|
||||
})
|
||||
}
|
||||
|
||||
func buildDeleteTableBucketRequest(r *http.Request) (interface{}, error) {
|
||||
return buildTableBucketRequestWithARN(r, func(arn string) interface{} {
|
||||
return &s3tables.DeleteTableBucketRequest{TableBucketARN: arn}
|
||||
})
|
||||
}
|
||||
|
||||
func buildPutTableBucketPolicyRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.PutTableBucketPolicyRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
req.TableBucketARN = tableBucketARN
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildGetTableBucketPolicyRequest(r *http.Request) (interface{}, error) {
|
||||
return buildTableBucketRequestWithARN(r, func(arn string) interface{} {
|
||||
return &s3tables.GetTableBucketPolicyRequest{TableBucketARN: arn}
|
||||
})
|
||||
}
|
||||
|
||||
func buildDeleteTableBucketPolicyRequest(r *http.Request) (interface{}, error) {
|
||||
return buildTableBucketRequestWithARN(r, func(arn string) interface{} {
|
||||
return &s3tables.DeleteTableBucketPolicyRequest{TableBucketARN: arn}
|
||||
})
|
||||
}
|
||||
|
||||
func buildCreateNamespaceRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.CreateNamespaceRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
req.TableBucketARN = tableBucketARN
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildListNamespacesRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
maxNamespaces, err := parseOptionalIntParam(r, "maxNamespaces")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.ListNamespacesRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Prefix: r.URL.Query().Get("prefix"),
|
||||
ContinuationToken: r.URL.Query().Get("continuationToken"),
|
||||
MaxNamespaces: maxNamespaces,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildGetNamespaceRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.GetNamespaceRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: []string{namespace},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildDeleteNamespaceRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.DeleteNamespaceRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: []string{namespace},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildCreateTableRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.CreateTableRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
req.TableBucketARN = tableBucketARN
|
||||
req.Namespace = []string{namespace}
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildListTablesRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
maxTables, err := parseOptionalIntParam(r, "maxTables")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.ListTablesRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: parseOptionalNamespace(r, "namespace"),
|
||||
Prefix: r.URL.Query().Get("prefix"),
|
||||
ContinuationToken: r.URL.Query().Get("continuationToken"),
|
||||
MaxTables: maxTables,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildGetTableRequest(r *http.Request) (interface{}, error) {
|
||||
query := r.URL.Query()
|
||||
tableARN := query.Get("tableArn")
|
||||
req := &s3tables.GetTableRequest{
|
||||
TableARN: tableARN,
|
||||
}
|
||||
if tableARN == "" {
|
||||
req.TableBucketARN = query.Get("tableBucketARN")
|
||||
req.Namespace = parseOptionalNamespace(r, "namespace")
|
||||
req.Name = query.Get("name")
|
||||
if req.TableBucketARN == "" || len(req.Namespace) == 0 || req.Name == "" {
|
||||
return nil, fmt.Errorf("either tableArn or (tableBucketARN, namespace, name) must be provided")
|
||||
}
|
||||
}
|
||||
return req, nil
|
||||
}
|
||||
|
||||
func buildDeleteTableRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
name, err := getDecodedPathParam(r, "name")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if name == "" {
|
||||
return nil, fmt.Errorf("name is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateTableName(name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.DeleteTableRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: []string{namespace},
|
||||
Name: name,
|
||||
VersionToken: r.URL.Query().Get("versionToken"),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildPutTablePolicyRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.PutTablePolicyRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
name, err := getDecodedPathParam(r, "name")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if name == "" {
|
||||
return nil, fmt.Errorf("name is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateTableName(name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
req.TableBucketARN = tableBucketARN
|
||||
req.Namespace = []string{namespace}
|
||||
req.Name = name
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildGetTablePolicyRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
name, err := getDecodedPathParam(r, "name")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if name == "" {
|
||||
return nil, fmt.Errorf("name is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateTableName(name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.GetTablePolicyRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: []string{namespace},
|
||||
Name: name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildDeleteTablePolicyRequest(r *http.Request) (interface{}, error) {
|
||||
tableBucketARN, err := getDecodedPathParam(r, "tableBucketARN")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namespace, err := getDecodedPathParam(r, "namespace")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if namespace == "" {
|
||||
return nil, fmt.Errorf("namespace is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateNamespace([]string{namespace}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
name, err := getDecodedPathParam(r, "name")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if name == "" {
|
||||
return nil, fmt.Errorf("name is required")
|
||||
}
|
||||
if _, err := s3tables.ValidateTableName(name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &s3tables.DeleteTablePolicyRequest{
|
||||
TableBucketARN: tableBucketARN,
|
||||
Namespace: []string{namespace},
|
||||
Name: name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildTagResourceRequest(r *http.Request) (interface{}, error) {
|
||||
var req s3tables.TagResourceRequest
|
||||
if err := readS3TablesJSONBody(r, &req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resourceARN, err := getDecodedPathParam(r, "resourceArn")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if resourceARN == "" {
|
||||
return nil, fmt.Errorf("resourceArn is required")
|
||||
}
|
||||
req.ResourceARN = resourceARN
|
||||
return &req, nil
|
||||
}
|
||||
|
||||
func buildListTagsForResourceRequest(r *http.Request) (interface{}, error) {
|
||||
resourceARN, err := getDecodedPathParam(r, "resourceArn")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if resourceARN == "" {
|
||||
return nil, fmt.Errorf("resourceArn is required")
|
||||
}
|
||||
return &s3tables.ListTagsForResourceRequest{
|
||||
ResourceARN: resourceARN,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func buildUntagResourceRequest(r *http.Request) (interface{}, error) {
|
||||
resourceARN, err := getDecodedPathParam(r, "resourceArn")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if resourceARN == "" {
|
||||
return nil, fmt.Errorf("resourceArn is required")
|
||||
}
|
||||
tagKeys := parseTagKeys(r.URL.Query()["tagKeys"])
|
||||
if len(tagKeys) == 0 {
|
||||
return nil, fmt.Errorf("tagKeys is required for %s", resourceARN)
|
||||
}
|
||||
return &s3tables.UntagResourceRequest{
|
||||
ResourceARN: resourceARN,
|
||||
TagKeys: tagKeys,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// authenticateS3Tables wraps the handler with IAM authentication using AuthSignatureOnly
|
||||
|
||||
Reference in New Issue
Block a user