Merge pull request #8799 from guymguym/guy-md-conditions-nsfs

NSFS check_md_conditions for GET/HEAD (not yet for PUT/DELETE)

Author: guymguym

docs/dev_guide/ceph_s3_tests/ceph_s3_tests_pending_list_status.md

@@ -46,10 +46,6 @@ Attached a table with tests that where investigated and their status (this table
 | test_object_create_bad_date_none_aws2                     | Internal Component | [438](https://github.com/ceph/s3-tests/issues/438)                    | It used to pass in the past (not related to code change in our repo) |
 | test_bucket_create_bad_authorization_invalid_aws2         | Internal Component | [438](https://github.com/ceph/s3-tests/issues/438)                    | It used to pass in the past (not related to code change in our repo) |
 | test_bucket_create_bad_date_none_aws2                     | Internal Component | [438](https://github.com/ceph/s3-tests/issues/438)                    | It used to pass in the past (not related to code change in our repo) |
-| test_get_object_ifnonematch_good                     | Internal Component |                    | It used to pass in the past (not related to code 
-change in our repo) - stopped passing between the update of commit hash 6861c3d81081a6883fb90d66cb60392e1abdf3ca to da91ad8bbf899c72199df35b69e9393c706aabee |
-| test_get_object_ifmodifiedsince_failed                     | Internal Component |                    | It used to pass in the past (not related to code 
-change in our repo) - stopped passing between the update of commit hash 6861c3d81081a6883fb90d66cb60392e1abdf3ca to da91ad8bbf899c72199df35b69e9393c706aabee |
 | test_versioning_concurrent_multi_object_delete | Faulty Test | [588](https://github.com/ceph/s3-tests/issues/588) | 
 | test_get_bucket_encryption_s3 | Faulty Test | [613](https://github.com/ceph/s3-tests/issues/613) | 
 | test_get_bucket_encryption_kms | Faulty Test | [613](https://github.com/ceph/s3-tests/issues/613) | 

src/endpoint/s3/s3_errors.js

@@ -481,7 +481,8 @@ S3Error.AccessControlListNotSupported = Object.freeze({
 /////////////////////////////////////
 S3Error.NotModified = Object.freeze({
     code: 'NotModified',
-    message: 'The resource was not modified according to the conditions in the provided headers.',
+    // this short undescriptive message is compatible with AWS and is expected by s3-tests
+    message: 'Not Modified',
     http_code: 304,
 });
 S3Error.BadRequest = Object.freeze({

src/endpoint/s3/s3_rest.js

@@ -450,7 +450,7 @@ function _prepare_error(req, res, err) {
             if (res.headersSent) {
                 dbg.log0('Sent reply in body, bit too late for Etag header');
             } else {
-                res.setHeader('ETag', err.rpc_data.etag);
+                res.setHeader('ETag', '"' + err.rpc_data.etag + '"');
             }
         }
         if (err.rpc_data.last_modified) {

src/native/util/os_darwin.cpp

@@ -52,7 +52,7 @@ get_supplemental_groups_by_uid(uid_t uid, std::vector<gid_t>& groups)
     struct passwd* pw = getpwuid(uid);
     if (pw == NULL) {
         if (errno == 0) {
-            LOG("get_supplemental_groups_by_uid: no record for uid " << uid);
+            // LOG("get_supplemental_groups_by_uid: no record for uid " << uid);
         } else {
             LOG("WARNING: get_supplemental_groups_by_uid: getpwuid failed: " << strerror(errno));
         }

src/native/util/os_linux.cpp

@@ -38,7 +38,7 @@ get_supplemental_groups_by_uid(uid_t uid, std::vector<gid_t>& groups)
     struct passwd* pw = getpwuid(uid);
     if (pw == NULL) {
         if (errno == 0) {
-            LOG("get_supplemental_groups_by_uid: no record for uid " << uid);
+            // LOG("get_supplemental_groups_by_uid: no record for uid " << uid);
         } else {
             LOG("WARNING: get_supplemental_groups_by_uid: getpwuid failed: " << strerror(errno));
         }

src/sdk/namespace_fs.js

@@ -18,6 +18,7 @@ const error_utils = require('../util/error_utils');
 const stream_utils = require('../util/stream_utils');
 const buffer_utils = require('../util/buffer_utils');
 const size_utils = require('../util/size_utils');
+const http_utils = require('../util/http_utils');
 const native_fs_utils = require('../util/native_fs_utils');
 const FileWriter = require('../util/file_writer');
 const LRUCache = require('../util/lru_cache');
@@ -970,6 +971,10 @@ class NamespaceFS {
                 }
             }
             this._throw_if_delete_marker(stat, params);
+            http_utils.check_md_conditions(params.md_conditions, {
+                etag: this._get_etag(stat),
+                last_modified_time: stat.mtime,
+            });
             return this._get_object_info(params.bucket, params.key, stat, isDir);
         } catch (err) {
             if (this._should_update_issues_report(params, file_path, err)) {
@@ -1045,6 +1050,10 @@ class NamespaceFS {
             }
             this._throw_if_delete_marker(stat, params);
             // await this._fail_if_archived_or_sparse_file(fs_context, file_path, stat);
+            http_utils.check_md_conditions(params.md_conditions, {
+                etag: this._get_etag(stat),
+                last_modified_time: stat.mtime,
+            });
 
             const start = Number(params.start) || 0;
             const end = isNaN(Number(params.end)) ? Infinity : Number(params.end);

src/server/object_services/object_server.js

@@ -791,7 +791,7 @@ async function read_object_md(req) {
         throw new RpcError('UNAUTHORIZED', 'requesting account is not authorized to read the object');
     }
 
-    check_md_conditions(md_conditions, obj);
+    http_utils.check_md_conditions(md_conditions, obj);
     const info = get_object_info(obj, { role: req.role });
     _check_encryption_permissions(obj.encryption, encryption);
 
@@ -1593,51 +1593,6 @@ function check_object_mode(req, obj, rpc_code) {
     return obj;
 }
 
-function check_md_conditions(conditions, obj) {
-    if (!conditions) return;
-    if (!conditions.if_match_etag &&
-        !conditions.if_none_match_etag &&
-        !conditions.if_modified_since &&
-        !conditions.if_unmodified_since) return;
-
-    const data = obj ? {
-        etag: obj.etag,
-        last_modified: obj.create_time ?
-            obj.create_time.getTime() : obj._id.getTimestamp().getTime(),
-    } : {
-        etag: '',
-        last_modified: 0,
-    };
-
-    // See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectHEAD.html#req-header-consideration-1
-    // See https://tools.ietf.org/html/rfc7232 (HTTP Conditional Requests)
-    let matched = false;
-    let unmatched = false;
-
-    if (conditions.if_match_etag) {
-        if (!(obj && http_utils.match_etag(conditions.if_match_etag, data.etag))) {
-            throw new RpcError('IF_MATCH_ETAG', 'check_md_conditions failed', data);
-        }
-        matched = true;
-    }
-    if (conditions.if_none_match_etag) {
-        if (obj && http_utils.match_etag(conditions.if_none_match_etag, data.etag)) {
-            throw new RpcError('IF_NONE_MATCH_ETAG', 'check_md_conditions failed', data);
-        }
-        unmatched = true;
-    }
-    if (conditions.if_modified_since) {
-        if (!unmatched && (!obj || conditions.if_modified_since > data.last_modified)) {
-            throw new RpcError('IF_MODIFIED_SINCE', 'check_md_conditions failed', data);
-        }
-    }
-    if (conditions.if_unmodified_since) {
-        if (!matched && (!obj || conditions.if_unmodified_since < data.last_modified)) {
-            throw new RpcError('IF_UNMODIFIED_SINCE', 'check_md_conditions failed', data);
-        }
-    }
-}
-
 /**
  * Return the etag ("Entity tag") for the given entity.
  * Entity can be ObjectMD or ObjectMultipart or an updates for one of those.
@@ -1736,8 +1691,8 @@ async function _put_object_handle_latest({ req, put_obj, set_updates, unset_upda
 
     if (bucket_versioning === 'DISABLED') {
         const obj = await MDStore.instance().find_object_null_version(req.bucket._id, put_obj.key);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
         if (obj) {
-            check_md_conditions(req.rpc_params.md_conditions, obj);
             // 2, 3, 6, 7
             await MDStore.instance().complete_object_upload_latest_mark_remove_current_and_delete({
                 unmark_obj: obj,
@@ -1754,8 +1709,8 @@ async function _put_object_handle_latest({ req, put_obj, set_updates, unset_upda
 
     if (bucket_versioning === 'ENABLED') {
         const obj = await MDStore.instance().find_object_latest(req.bucket._id, put_obj.key);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
         if (obj) {
-            check_md_conditions(req.rpc_params.md_conditions, obj);
             // 3, 6
             await MDStore.instance().complete_object_upload_latest_mark_remove_current({
                 unmark_obj: obj,
@@ -1773,12 +1728,11 @@ async function _put_object_handle_latest({ req, put_obj, set_updates, unset_upda
     if (bucket_versioning === 'SUSPENDED') {
         const obj = await MDStore.instance().find_object_null_version(req.bucket._id, put_obj.key);
         if (obj) {
-            check_md_conditions(req.rpc_params.md_conditions, obj);
             // 2, 3, 6, 7
             if (obj.version_past) {
                 const latest_obj = await MDStore.instance().find_object_latest(req.bucket._id, put_obj.key);
+                http_utils.check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                 if (latest_obj) {
-                    check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                     // 2, 3, 6, 7
                     await MDStore.instance().complete_object_upload_latest_mark_remove_current_and_delete({
                         delete_obj: obj,
@@ -1792,6 +1746,7 @@ async function _put_object_handle_latest({ req, put_obj, set_updates, unset_upda
                     await MDStore.instance().update_object_by_id(put_obj._id, set_updates, unset_updates);
                 }
             } else {
+                http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
                 await MDStore.instance().complete_object_upload_latest_mark_remove_current_and_delete({
                     unmark_obj: obj,
                     put_obj,
@@ -1801,8 +1756,8 @@ async function _put_object_handle_latest({ req, put_obj, set_updates, unset_upda
             }
         } else {
             const latest_obj = await MDStore.instance().find_object_latest(req.bucket._id, put_obj.key);
+            http_utils.check_md_conditions(req.rpc_params.md_conditions, latest_obj);
             if (latest_obj) {
-                check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                 // 3, 6
                 await MDStore.instance().complete_object_upload_latest_mark_remove_current({
                     unmark_obj: latest_obj,
@@ -1828,10 +1783,10 @@ async function _delete_object_version(req) {
 
     if (bucket_versioning === 'DISABLED') {
         const obj = version_id === 'null' && await MDStore.instance().find_object_or_upload_null_version(req.bucket._id, req.rpc_params.key);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
 
         if (!obj) return { reply: {} };
         if (obj.delete_marker) dbg.error('versioning disabled bucket null objects should not have delete_markers', obj);
-        check_md_conditions(req.rpc_params.md_conditions, obj);
         // 2, 3, 8
         await MDStore.instance().remove_object_and_unset_latest(obj);
         return { obj, reply: _get_delete_obj_reply(obj) };
@@ -1841,6 +1796,7 @@ async function _delete_object_version(req) {
         const obj = version_id === 'null' ?
             await MDStore.instance().find_object_or_upload_null_version(req.bucket._id, req.rpc_params.key) :
             await MDStore.instance().find_object_by_version(req.bucket._id, req.rpc_params.key, version_seq);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
         if (!obj) return { reply: {} };
 
         if (config.WORM_ENABLED && obj.lock_settings) {
@@ -1863,7 +1819,6 @@ async function _delete_object_version(req) {
                 }
             }
         }
-        check_md_conditions(req.rpc_params.md_conditions, obj);
         if (obj.version_past) {
             // 2, 8
             await MDStore.instance().delete_object_by_id(obj._id);
@@ -1873,7 +1828,6 @@ async function _delete_object_version(req) {
             // we need to find the previous and make it the new latest
             const prev_version = await MDStore.instance().find_object_prev_version(req.bucket._id, req.rpc_params.key);
             if (prev_version) {
-                check_md_conditions(req.rpc_params.md_conditions, prev_version);
                 // 2, 3, 4, 8
                 await MDStore.instance().remove_object_move_latest(obj, prev_version);
                 return { obj, reply: _get_delete_obj_reply(obj) };
@@ -1891,8 +1845,8 @@ async function _delete_object_only_key(req) {
 
     if (bucket_versioning === 'DISABLED') {
         const obj = await MDStore.instance().find_object_latest(req.bucket._id, req.rpc_params.key);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
         if (!obj) return { reply: {} };
-        check_md_conditions(req.rpc_params.md_conditions, obj);
         if (obj.delete_marker) dbg.error('versioning disabled bucket null objects should not have delete_markers', obj);
         // 2, 3, 8
         await MDStore.instance().remove_object_and_unset_latest(obj);
@@ -1901,8 +1855,8 @@ async function _delete_object_only_key(req) {
 
     if (bucket_versioning === 'ENABLED') {
         const obj = await MDStore.instance().find_object_latest(req.bucket._id, req.rpc_params.key);
+        http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
         if (obj) {
-            check_md_conditions(req.rpc_params.md_conditions, obj);
             // 3, 5
             const delete_marker = await MDStore.instance().insert_object_delete_marker_move_latest(
                 obj, /* version_enabled: */ true);
@@ -1922,12 +1876,11 @@ async function _delete_object_only_key(req) {
     if (bucket_versioning === 'SUSPENDED') {
         const obj = await MDStore.instance().find_object_null_version(req.bucket._id, req.rpc_params.key);
         if (obj) {
-            check_md_conditions(req.rpc_params.md_conditions, obj);
             if (obj.version_past) {
                 const latest_obj = await MDStore.instance().find_object_latest(req.bucket._id, req.rpc_params.key);
                 if (latest_obj) {
-                    check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                     // 3, 5
+                    http_utils.check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                     const delete_marker = await MDStore.instance().insert_object_delete_marker_move_latest_with_delete(obj, latest_obj);
                     return { obj, reply: _get_delete_obj_reply(obj, delete_marker) };
                 } else {
@@ -1936,13 +1889,14 @@ async function _delete_object_only_key(req) {
                 }
             } else {
                 // 2, 3, 5
+                http_utils.check_md_conditions(req.rpc_params.md_conditions, obj);
                 const delete_marker = await MDStore.instance().insert_object_delete_marker_move_latest_with_delete(obj);
                 return { obj, reply: _get_delete_obj_reply(obj, delete_marker) };
             }
         } else {
             const latest_obj = await MDStore.instance().find_object_latest(req.bucket._id, req.rpc_params.key);
+            http_utils.check_md_conditions(req.rpc_params.md_conditions, latest_obj);
             if (latest_obj) {
-                check_md_conditions(req.rpc_params.md_conditions, latest_obj);
                 // 3, 5
                 const delete_marker = await MDStore.instance().insert_object_delete_marker_move_latest(latest_obj);
                 return { reply: _get_delete_obj_reply(null, delete_marker) };

src/test/system_tests/ceph_s3_tests/s3-tests-lists/nsfs_s3_tests_pending_list.txt

@@ -116,10 +116,6 @@ s3tests_boto3/functional/test_s3.py::test_multi_object_delete_key_limit
 s3tests_boto3/functional/test_s3.py::test_multi_objectv2_delete_key_limit
 s3tests_boto3/functional/test_s3.py::test_object_write_check_etag
 s3tests_boto3/functional/test_s3.py::test_object_metadata_replaced_on_put
-s3tests_boto3/functional/test_s3.py::test_get_object_ifmatch_failed
-s3tests_boto3/functional/test_s3.py::test_get_object_ifnonematch_good
-s3tests_boto3/functional/test_s3.py::test_get_object_ifmodifiedsince_failed
-s3tests_boto3/functional/test_s3.py::test_get_object_ifunmodifiedsince_good
 s3tests_boto3/functional/test_s3.py::test_put_object_ifmatch_failed
 s3tests_boto3/functional/test_s3.py::test_put_object_ifnonmatch_failed
 s3tests_boto3/functional/test_s3.py::test_put_object_ifnonmatch_overwrite_existed_failed

src/test/system_tests/ceph_s3_tests/s3-tests-lists/s3_tests_black_list.txt

@@ -123,7 +123,6 @@ s3tests_boto3/functional/test_s3.py::test_post_object_missing_content_length_arg
 s3tests_boto3/functional/test_s3.py::test_post_object_invalid_content_length_argument
 s3tests_boto3/functional/test_s3.py::test_post_object_upload_size_below_minimum
 s3tests_boto3/functional/test_s3.py::test_post_object_empty_conditions
-s3tests_boto3/functional/test_s3.py::test_put_object_ifmatch_nonexisted_failed
 s3tests_boto3/functional/test_s3.py::test_object_raw_get_bucket_gone
 s3tests_boto3/functional/test_s3.py::test_object_raw_get
 s3tests_boto3/functional/test_s3.py::test_object_delete_key_bucket_gone

src/test/system_tests/ceph_s3_tests/s3-tests-lists/s3_tests_pending_list.txt

@@ -129,8 +129,6 @@ s3tests/functional/test_headers.py::test_object_create_bad_authorization_invalid
 s3tests/functional/test_headers.py::test_object_create_bad_date_none_aws2
 s3tests/functional/test_headers.py::test_bucket_create_bad_authorization_invalid_aws2
 s3tests/functional/test_headers.py::test_bucket_create_bad_date_none_aws2
-s3tests_boto3/functional/test_s3.py::test_get_object_ifnonematch_good
-s3tests_boto3/functional/test_s3.py::test_get_object_ifmodifiedsince_failed
 s3tests_boto3/functional/test_s3.py::test_post_object_wrong_bucket
 s3tests_boto3/functional/test_s3.py::test_cors_presigned_put_object_tenant
 s3tests_boto3/functional/test_s3.py::test_object_presigned_put_object_with_acl_tenant