Hack together a --allow-bucket-manipulation flag, disabled by default

wasix-org · Aug 2, 2024 · ab22c1c · ab22c1c
1 parent 8a915be
commit ab22c1c
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 6 deletions.
diff --git a/src/bin/s3-server.rs b/src/bin/s3-server.rs
@@ -53,6 +53,9 @@ struct Args {
 
     #[structopt(flatten)]
     verbose: structopt_flags::QuietVerbose,
+
+    #[structopt(long)]
+    allow_bucket_manipulation: bool,
 }
 
 fn setup_tracing(args: &Args) {
@@ -108,6 +111,11 @@ async fn main() -> Result<()> {
         service.set_auth(auth);
     }
 
+    s3_server::DISALLOW_BUCKET_MANIPULATION.store(
+        !args.allow_bucket_manipulation,
+        std::sync::atomic::Ordering::Relaxed,
+    );
+
     let server = {
         let service = service.into_shared();
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -159,3 +159,11 @@ pub(crate) type BoxStdError = Box<dyn std::error::Error + Send + Sync + 'static>
 pub(crate) use async_trait::async_trait;
 pub(crate) use hyper::{Body, Method, StatusCode};
 pub(crate) use mime::Mime;
+
+// I feel *TERRIBLE* about introducing such a hack into such an otherwise well-written code base.
+// The ops don't receive any kind of configuration by default, which means this is the easiest way
+// way to achieve this functionality short of commenting code out. There, I said it. Now, let's get
+// stuff working.
+#[allow(missing_docs)]
+pub static DISALLOW_BUCKET_MANIPULATION: std::sync::atomic::AtomicBool =
+    std::sync::atomic::AtomicBool::new(false);
diff --git a/src/ops/create_bucket.rs b/src/ops/create_bucket.rs
@@ -31,9 +31,13 @@ impl S3Handler for Handler {
         ctx: &mut ReqContext<'_>,
         storage: &(dyn S3Storage + Send + Sync),
     ) -> S3Result<Response> {
-        let input = extract(ctx).await?;
-        let output = storage.create_bucket(input).await;
-        output.try_into_response()
+        if crate::DISALLOW_BUCKET_MANIPULATION.load(std::sync::atomic::Ordering::Relaxed) {
+            S3Result::Err(invalid_request!("Bucket creation is not allowed"))
+        } else {
+            let input = extract(ctx).await?;
+            let output = storage.create_bucket(input).await;
+            output.try_into_response()
+        }
     }
 }
 

diff --git a/src/ops/delete_bucket.rs b/src/ops/delete_bucket.rs
@@ -25,9 +25,13 @@ impl S3Handler for Handler {
         ctx: &mut ReqContext<'_>,
         storage: &(dyn S3Storage + Send + Sync),
     ) -> S3Result<Response> {
-        let input = extract(ctx)?;
-        let output = storage.delete_bucket(input).await;
-        output.try_into_response()
+        if crate::DISALLOW_BUCKET_MANIPULATION.load(std::sync::atomic::Ordering::Relaxed) {
+            S3Result::Err(invalid_request!("Bucket deletion is not allowed"))
+        } else {
+            let input = extract(ctx)?;
+            let output = storage.delete_bucket(input).await;
+            output.try_into_response()
+        }
     }
 }