Merge branch 'development/7.10' into bugfix/CLDSRV-269/policy-checks-…

…for-put-bucket-with-object-lock (cherry picked from commit 09c8cd0)
scality · Nov 24, 2022 · ea2d8d7 · ea2d8d7
1 parent 6861d7e
commit ea2d8d7
Showing 1 changed file with 20 additions and 51 deletions.
diff --git a/lib/api/bucketPut.js b/lib/api/bucketPut.js
@@ -167,21 +167,6 @@ function bucketPut(authInfo, request, log, callback) {
             'for internal purposes'));
     }
 
-    let authParams;
-    let ip;
-    let requestConstantParams;
-    if (authInfo.isRequesterAnIAMUser()) {
-        authParams = auth.server.extractParams(request, log, 's3', request.query);
-        ip = requestUtils.getClientIp(request, config);
-        requestConstantParams = {
-            authParams,
-            ip,
-            bucketName,
-            request,
-            authInfo,
-        };
-    }
-
     return waterfall([
         next => _parseXML(request, log, next),
         (locationConstraint, next) => {
@@ -190,47 +175,31 @@ function bucketPut(authInfo, request, log, callback) {
                 return next(null, locationConstraint);
             }
 
-            requestConstantParams.locationConstraint = locationConstraint;
-            requestConstantParams.apiMethod = 'bucketPut';
-
-            return vault.checkPolicies(
-                _buildConstantParams(requestConstantParams),
-                authInfo.getArn(),
-                log,
-                _handleAuthResults(locationConstraint, log, next),
-            );
-        },
-        (locationConstraint, next) => {
-            if (!authInfo.isRequesterAnIAMUser()) {
-                return next(null, locationConstraint);
-            }
+            const authParams = auth.server.extractParams(request, log, 's3', request.query);
+            const ip = requestUtils.getClientIp(request, config);
+            const requestConstantParams = [{
+                authParams,
+                ip,
+                bucketName,
+                request,
+                authInfo,
+                locationConstraint: locationConstraint,
+                apiMethod: 'bucketPut',
+            }];
 
             if (!_isObjectLockEnabled(request.headers)) {
-                return next(null, locationConstraint);
+                requestConstantParams.push({
+                    ...requestConstantParams[0],
+                    apiMethod: 'bucketPutObjectLock',
+                });
+                requestConstantParams.push({
+                    ...requestConstantParams[0],
+                    apiMethod: 'bucketPutVersioning',
+                });
             }
 
-            requestConstantParams.apiMethod = 'bucketPutObjectLock';
-
-            return vault.checkPolicies(
-                _buildConstantParams(requestConstantParams),
-                authInfo.getArn(),
-                log,
-                _handleAuthResults(locationConstraint, log, next),
-            );
-        },
-        (locationConstraint, next) => {
-            if (!authInfo.isRequesterAnIAMUser()) {
-                return next(null, locationConstraint);
-            }
-
-            if (!_isObjectLockEnabled(request.headers)) {
-                return next(null, locationConstraint);
-            }
-
-            requestConstantParams.apiMethod = 'bucketPutVersioning';
-
             return vault.checkPolicies(
-                _buildConstantParams(requestConstantParams),
+                requestConstantParams.map(_buildConstantParams),
                 authInfo.getArn(),
                 log,
                 _handleAuthResults(locationConstraint, log, next),