HDDS-14360. Move BucketEndpoint#getAcl to BucketAclHandler (#9607)

Author: echonesis

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketAclHandler.java

@@ -27,8 +27,11 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.EnumSet;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import javax.annotation.PostConstruct;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.ozone.OzoneAcl;
@@ -38,6 +41,7 @@
 import org.apache.hadoop.ozone.om.exceptions.OMException;
 import org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes;
 import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
+import org.apache.hadoop.ozone.s3.endpoint.S3BucketAcl.Grant;
 import org.apache.hadoop.ozone.s3.exception.OS3Exception;
 import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
 import org.apache.hadoop.ozone.s3.util.S3Consts.QueryParams;
@@ -66,6 +70,64 @@ private boolean shouldHandle() {
     return queryParams().get(QueryParams.ACL) != null;
   }
 
+  /**
+   * Implement acl get.
+   * <p>
+   * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
+   */
+  @Override
+  public Response handleGetRequest(String bucketName)
+      throws IOException, OS3Exception {
+
+    if (!shouldHandle()) {
+      return null;  // Not responsible for this request
+    }
+
+    long startNanos = Time.monotonicNowNanos();
+    S3GAction s3GAction = S3GAction.GET_ACL;
+
+    try {
+      OzoneBucket bucket = getBucket(bucketName);
+      S3Owner.verifyBucketOwnerCondition(getHeaders(), bucketName, bucket.getOwner());
+      S3Owner owner = S3Owner.of(bucket.getOwner());
+
+      S3BucketAcl result = new S3BucketAcl();
+      result.setOwner(owner);
+
+      // TODO: remove this duplication avoid logic when ACCESS and DEFAULT scope
+      // TODO: are merged.
+      // Use set to remove ACLs with different scopes(ACCESS and DEFAULT)
+      Set<Grant> grantSet = new HashSet<>();
+      // Return ACL list
+      for (OzoneAcl acl : bucket.getAcls()) {
+        List<Grant> grants = S3Acl.ozoneNativeAclToS3Acl(acl);
+        grantSet.addAll(grants);
+      }
+      ArrayList<Grant> grantList = new ArrayList<>();
+      grantList.addAll(grantSet);
+      result.setAclList(
+          new S3BucketAcl.AccessControlList(grantList));
+
+      getMetrics().updateGetAclSuccessStats(startNanos);
+      auditReadSuccess(s3GAction);
+      return Response.ok(result, MediaType.APPLICATION_XML_TYPE).build();
+    } catch (OMException ex) {
+      getMetrics().updateGetAclFailureStats(startNanos);
+      auditReadFailure(s3GAction, ex);
+      if (ex.getResult() == ResultCodes.BUCKET_NOT_FOUND) {
+        throw newError(S3ErrorTable.NO_SUCH_BUCKET, bucketName, ex);
+      } else if (isAccessDenied(ex)) {
+        throw newError(S3ErrorTable.ACCESS_DENIED, bucketName, ex);
+      } else {
+        throw newError(S3ErrorTable.INTERNAL_ERROR, bucketName, ex);
+      }
+    } catch (OS3Exception ex) {
+      getMetrics().updateGetAclFailureStats(startNanos);
+      auditReadFailure(s3GAction, ex);
+      throw ex;
+    }
+  }
+
   /**
    * Implement acl put.
    * <p>

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java

@@ -31,12 +31,10 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Set;
 import javax.annotation.PostConstruct;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@@ -50,7 +48,6 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.hadoop.ozone.OzoneAcl;
 import org.apache.hadoop.ozone.audit.AuditEventStatus;
 import org.apache.hadoop.ozone.audit.AuditMessage;
 import org.apache.hadoop.ozone.audit.S3GAction;
@@ -65,7 +62,6 @@
 import org.apache.hadoop.ozone.s3.endpoint.MultiDeleteRequest.DeleteObject;
 import org.apache.hadoop.ozone.s3.endpoint.MultiDeleteResponse.DeletedObject;
 import org.apache.hadoop.ozone.s3.endpoint.MultiDeleteResponse.Error;
-import org.apache.hadoop.ozone.s3.endpoint.S3BucketAcl.Grant;
 import org.apache.hadoop.ozone.s3.exception.OS3Exception;
 import org.apache.hadoop.ozone.s3.exception.S3ErrorTable;
 import org.apache.hadoop.ozone.s3.util.ContinueToken;
@@ -107,6 +103,14 @@ public Response get(
     S3GAction s3GAction = S3GAction.GET_BUCKET;
     PerformanceStringBuilder perf = new PerformanceStringBuilder();
 
+    // Chain of responsibility: let each handler try to handle the request
+    for (BucketOperationHandler handler : handlers) {
+      Response response = handler.handleGetRequest(bucketName);
+      if (response != null) {
+        return response;  // Handler handled the request
+      }
+    }
+
     final String continueToken = queryParams().get(QueryParams.CONTINUATION_TOKEN);
     final String delimiter = queryParams().get(QueryParams.DELIMITER);
     final String encodingType = queryParams().get(QueryParams.ENCODING_TYPE);
@@ -122,15 +126,6 @@ public Response get(
     OzoneBucket bucket = null;
 
     try {
-      final String aclMarker = queryParams().get(QueryParams.ACL);
-      if (aclMarker != null) {
-        s3GAction = S3GAction.GET_ACL;
-        S3BucketAcl result = getAcl(bucketName);
-        getMetrics().updateGetAclSuccessStats(startNanos);
-        auditReadSuccess(s3GAction);
-        return Response.ok(result, MediaType.APPLICATION_XML_TYPE).build();
-      }
-
       final String uploads = queryParams().get(QueryParams.UPLOADS);
       if (uploads != null) {
         s3GAction = S3GAction.LIST_MULTIPART_UPLOAD;
@@ -534,51 +529,6 @@ public MultiDeleteResponse multiDelete(
     return result;
   }
 
-  /**
-   * Implement acl get.
-   * <p>
-   * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
-   */
-  public S3BucketAcl getAcl(String bucketName)
-      throws OS3Exception, IOException {
-    long startNanos = Time.monotonicNowNanos();
-    S3BucketAcl result = new S3BucketAcl();
-    try {
-      OzoneBucket bucket = getBucket(bucketName);
-      S3Owner.verifyBucketOwnerCondition(getHeaders(), bucketName, bucket.getOwner());
-      S3Owner owner = S3Owner.of(bucket.getOwner());
-      result.setOwner(owner);
-
-      // TODO: remove this duplication avoid logic when ACCESS and DEFAULT scope
-      // TODO: are merged.
-      // Use set to remove ACLs with different scopes(ACCESS and DEFAULT)
-      Set<Grant> grantSet = new HashSet<>();
-      // Return ACL list
-      for (OzoneAcl acl : bucket.getAcls()) {
-        List<Grant> grants = S3Acl.ozoneNativeAclToS3Acl(acl);
-        grantSet.addAll(grants);
-      }
-      ArrayList<Grant> grantList = new ArrayList<>();
-      grantList.addAll(grantSet);
-      result.setAclList(
-          new S3BucketAcl.AccessControlList(grantList));
-      return result;
-    } catch (OMException ex) {
-      getMetrics().updateGetAclFailureStats(startNanos);
-      auditReadFailure(S3GAction.GET_ACL, ex);
-      if (ex.getResult() == ResultCodes.BUCKET_NOT_FOUND) {
-        throw newError(S3ErrorTable.NO_SUCH_BUCKET, bucketName, ex);
-      } else if (isAccessDenied(ex)) {
-        throw newError(S3ErrorTable.ACCESS_DENIED, bucketName, ex);
-      } else {
-        throw newError(S3ErrorTable.INTERNAL_ERROR, bucketName, ex);
-      }
-    } catch (OS3Exception ex) {
-      getMetrics().updateGetAclFailureStats(startNanos);
-      throw ex;
-    }
-  }
-
   private void addKey(ListObjectResponse response, OzoneKey next) {
     KeyMetadata keyMetadata = new KeyMetadata();
     keyMetadata.setKey(EncodingTypeObject.createNullable(next.getName(),

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketOperationHandler.java

@@ -47,4 +47,19 @@ default Response handlePutRequest(String bucketName, InputStream body)
       throws IOException, OS3Exception {
     return null;
   }
+
+  /**
+   * Handle the bucket GET operation if this handler is responsible for it.
+   * The handler inspects the request (query parameters, headers, etc.) to determine
+   * if it should handle the request.
+   *
+   * @param bucketName the name of the bucket
+   * @return Response if this handler handles the request, null otherwise
+   * @throws IOException if an I/O error occurs
+   * @throws OS3Exception if an S3-specific error occurs
+   */
+  default Response handleGetRequest(String bucketName)
+      throws IOException, OS3Exception {
+    return null;
+  }
 }

hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/endpoint/TestBucketAcl.java

@@ -21,6 +21,7 @@
 import static java.net.HttpURLConnection.HTTP_NOT_IMPLEMENTED;
 import static java.net.HttpURLConnection.HTTP_OK;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -79,6 +80,15 @@ public void clean() throws IOException {
     }
   }
 
+  /**
+   * Helper method to get ACL from bucket and validate response.
+   */
+  private S3BucketAcl getBucketAcl(String bucketName) throws Exception {
+    Response response = bucketEndpoint.get(bucketName);
+    assertEquals(HTTP_OK, response.getStatus());
+    return assertInstanceOf(S3BucketAcl.class, response.getEntity());
+  }
+
   @Test
   public void testGetAcl() throws Exception {
     when(parameterMap.containsKey(ACL_MARKER)).thenReturn(true);
@@ -105,7 +115,7 @@ public void testRead() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.READ.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -119,7 +129,7 @@ public void testWrite() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.WRITE.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -133,8 +143,7 @@ public void testReadACP() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse =
-        bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.READ_ACP.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -148,7 +157,7 @@ public void testWriteACP() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.WRITE_ACP.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -162,7 +171,7 @@ public void testFullControl() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.FULL_CONTROL.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -184,7 +193,7 @@ public void testCombination() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(5, getResponse.getAclList().getGrantList().size());
   }
 
@@ -197,7 +206,7 @@ public void testPutClearOldAcls() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.READ.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -214,7 +223,7 @@ public void testPutClearOldAcls() throws Exception {
     response =
         bucketEndpoint.put(BUCKET_NAME, null);
     assertEquals(HTTP_OK, response.getStatus());
-    getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(1, getResponse.getAclList().getGrantList().size());
     assertEquals(S3Acl.ACLType.WRITE.getValue(),
         getResponse.getAclList().getGrantList().get(0).getPermission());
@@ -241,7 +250,7 @@ public void testAclInBody() throws Exception {
     Response response =
         bucketEndpoint.put(BUCKET_NAME, inputBody);
     assertEquals(HTTP_OK, response.getStatus());
-    S3BucketAcl getResponse = bucketEndpoint.getAcl(BUCKET_NAME);
+    S3BucketAcl getResponse = getBucketAcl(BUCKET_NAME);
     assertEquals(2, getResponse.getAclList().getGrantList().size());
   }
 
@@ -251,7 +260,7 @@ public void testBucketNotExist() throws Exception {
     when(headers.getHeaderString(S3Acl.GRANT_READ))
         .thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
     OS3Exception e = assertThrows(OS3Exception.class, () ->
-        bucketEndpoint.getAcl("bucket-not-exist"));
+        bucketEndpoint.get("bucket-not-exist"));
     assertEquals(e.getHttpCode(), HTTP_NOT_FOUND);
   }
 }