diff --git a/docker-compose/s3-credentials.yaml b/docker-compose/s3-credentials.yaml index f33a01e..ed30df8 100644 --- a/docker-compose/s3-credentials.yaml +++ b/docker-compose/s3-credentials.yaml @@ -11,7 +11,6 @@ storage: secretAccessKey: fakeSecret provider: Other # https://rclone.org/s3/#configuration isMain: true # one of the storages in should be main - syncACLGrants: false # Set true to synchronize ACL Grants from source healthCheckInterval: 10s httpTimeout: 1m isSecure: false #set false for http address @@ -27,7 +26,6 @@ storage: secretAccessKey: fakeSecret2 provider: Other isMain: false - syncACLGrants: false healthCheckInterval: 10s httpTimeout: 1m isSecure: false diff --git a/docker-compose/worker-conf.yaml b/docker-compose/worker-conf.yaml index 2bacda8..9074e62 100644 --- a/docker-compose/worker-conf.yaml +++ b/docker-compose/worker-conf.yaml @@ -19,4 +19,5 @@ features: acl: false # sync object/bucket ACLs lifecycle: false # sync bucket Lifecycle policy: false # sync bucket Policies + preserveACLGrants: false # preserve object/bucket ACL Grants from source diff --git a/pkg/config/config.yaml b/pkg/config/config.yaml index 3145a4e..b227a32 100644 --- a/pkg/config/config.yaml +++ b/pkg/config/config.yaml @@ -35,3 +35,4 @@ features: acl: true # sync object/bucket ACLs lifecycle: false # sync bucket Lifecycle policy: false # sync bucket Policies + preserveACLGrants: false # preserve object/bucket ACL Grants from source diff --git a/pkg/features/features.go b/pkg/features/features.go index 67c6e01..cb19d8d 100644 --- a/pkg/features/features.go +++ b/pkg/features/features.go @@ -19,11 +19,12 @@ package features import "context" type Config struct { - Versioning bool `yaml:"versioning"` - Tagging bool `yaml:"tagging"` - ACL bool `yaml:"acl"` - Lifecycle bool `yaml:"lifecycle"` - Policy bool `yaml:"policy"` + Versioning bool `yaml:"versioning"` + Tagging bool `yaml:"tagging"` + ACL bool `yaml:"acl"` + Lifecycle bool `yaml:"lifecycle"` + Policy bool `yaml:"policy"` + PreserveACLGrants bool `yaml:"preserveACLGrants"` } var val *Config @@ -51,3 +52,7 @@ func Lifecycle(_ context.Context) bool { func Policy(_ context.Context) bool { return val.Policy } + +func PreserveACLGrants(_ context.Context) bool { + return val.PreserveACLGrants +} diff --git a/pkg/s3/config.go b/pkg/s3/config.go index cfce712..fcce99b 100644 --- a/pkg/s3/config.go +++ b/pkg/s3/config.go @@ -48,7 +48,6 @@ type Storage struct { HealthCheckInterval time.Duration `yaml:"healthCheckInterval"` HttpTimeout time.Duration `yaml:"httpTimeout"` IsSecure bool `yaml:"isSecure"` - SyncACLGrants bool `yaml:"syncACLGrants"` DefaultRegion string `yaml:"defaultRegion"` RateLimit RateLimit `yaml:"rateLimit"` diff --git a/service/worker/config.yaml b/service/worker/config.yaml index a427355..6f1dd05 100644 --- a/service/worker/config.yaml +++ b/service/worker/config.yaml @@ -47,7 +47,6 @@ storage: # secretAccessKey: # provider: # https://rclone.org/s3/#configuration # isMain: true # one of the storages in should be main - # syncACLGrants: false #set true to synchronize ACL Grants from source # healthCheckInterval: 10s # httpTimeout: 1m # isSecure: true #set false for http address @@ -66,7 +65,6 @@ storage: # secretAccessKey: # provider: # https://rclone.org/s3/#configuration # isMain: false # one of the storages in should be main - # syncACLGrants: false #set true to synchronize ACL Grants from source # healthCheckInterval: 10s # httpTimeout: 1m # isSecure: true #set false for http address diff --git a/service/worker/handler/acl.go b/service/worker/handler/acl.go index ab369a5..f1f8383 100644 --- a/service/worker/handler/acl.go +++ b/service/worker/handler/acl.go @@ -156,10 +156,8 @@ func (s *svc) syncBucketACL(ctx context.Context, fromClient, toClient s3client.C toOwnerID = toACL.Owner.ID } - var syncACLGrants bool = toClient.Config().SyncACLGrants - _, err = toClient.AWS().PutBucketAclWithContext(ctx, &aws_s3.PutBucketAclInput{ - AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, syncACLGrants), + AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, features.PreserveACLGrants(ctx)), Bucket: &bucket, }) if err != nil { @@ -220,10 +218,8 @@ func (s *svc) syncObjectACL(ctx context.Context, fromClient, toClient s3client.C toOwnerID = toACL.Owner.ID } - var syncACLGrants bool = toClient.Config().SyncACLGrants - _, err = toClient.AWS().PutObjectAclWithContext(ctx, &aws_s3.PutObjectAclInput{ - AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, syncACLGrants), + AccessControlPolicy: mappedOwnersACL(fromACL.Owner, fromACL.Grants, toOwnerID, features.PreserveACLGrants(ctx)), Bucket: &bucket, Key: &object, VersionId: nil, //todo: versioning @@ -248,11 +244,11 @@ func srcOwnerToDstOwner(owner, srcBucketOwner, dstBucketOwner *string) *string { return dstBucketOwner } -func mappedOwnersACL(srcOwner *aws_s3.Owner, srcGrants []*aws_s3.Grant, dstOwner *string, syncACLGrants bool) *aws_s3.AccessControlPolicy { +func mappedOwnersACL(srcOwner *aws_s3.Owner, srcGrants []*aws_s3.Grant, dstOwner *string, preserveACLGrants bool) *aws_s3.AccessControlPolicy { grants := make([]*aws_s3.Grant, len(srcGrants)) for i, grant := range srcGrants { var dstID *string - if syncACLGrants { + if preserveACLGrants { dstID = grant.Grantee.ID } else { dstID = srcOwnerToDstOwner(grant.Grantee.ID, srcOwner.ID, dstOwner)