diff --git a/app/api/endpoints/buckets.py b/app/api/endpoints/buckets.py
index 90b3f7e1955490a1bd88bedb50f9c165cd3d473d..b312ba123d86fde34d2326b8e08909b8d5ce3ded 100644
--- a/app/api/endpoints/buckets.py
+++ b/app/api/endpoints/buckets.py
@@ -4,7 +4,7 @@ from uuid import UUID
from botocore.exceptions import ClientError
from clowmdb.models import Bucket
-from fastapi import APIRouter, Depends, HTTPException, Query, status
+from fastapi import APIRouter, Body, Depends, HTTPException, Query, status
from opentelemetry import trace
from pydantic.json_schema import SkipJsonSchema
@@ -245,14 +245,15 @@ async def get_bucket(
return bucket
-@router.patch("/{bucket_name}/public", response_model=BucketOutSchema, summary="Toggle public status")
-@start_as_current_span_async("api_toggle_bucket_public_state", tracer=tracer)
+@router.patch("/{bucket_name}/public", response_model=BucketOutSchema, summary="update public status")
+@start_as_current_span_async("api_update_bucket_public_state", tracer=tracer)
async def update_bucket_public_state(
bucket: CurrentBucket,
current_user: CurrentUser,
authorization: Authorization,
db: DBSession,
s3: S3Resource,
+ public: Annotated[bool, Body(..., embed=True, description="New State")],
) -> Bucket:
"""
Toggle the buckets public state. A bucket with an owner constraint can't be made public.\n
@@ -271,28 +272,33 @@ async def update_bucket_public_state(
Current user. Dependency Injection.
s3 : boto3_type_annotations.s3.ServiceResource
S3 Service to perform operations on buckets in Ceph. Dependency Injection.
+ public : bool
+ The new public state. HTTP Body.
Returns
-------
bucket : clowmdb.models.Bucket
Bucket with the toggled public state.
"""
- trace.get_current_span().set_attributes({"bucket_name": bucket.name, "old_public_state": bucket.public})
+ trace.get_current_span().set_attributes({"bucket_name": bucket.name, "public": public})
rbac_operation = "update" if bucket.owner_id == current_user.uid else "update_any"
await authorization(rbac_operation)
if bucket.owner_constraint is not None:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
- detail=f"can't make a bucket with owner constraint {bucket.owner_constraint} public",
+ detail=f"can't change the public state of a bucket with owner constraint {bucket.owner_constraint}",
)
+ if bucket.public == public:
+ return bucket
s3_policy = get_s3_bucket_policy(s3, bucket_name=bucket.name)
json_policy = json.loads(s3_policy.policy)
- if bucket.public:
- json_policy["Statement"] = [stmt for stmt in json_policy["Statement"] if stmt["Sid"] != ANONYMOUS_ACCESS_SID]
- else:
+ if public:
json_policy["Statement"] += get_anonymously_bucket_policy(bucket.name)
+
+ else:
+ json_policy["Statement"] = [stmt for stmt in json_policy["Statement"] if stmt["Sid"] != ANONYMOUS_ACCESS_SID]
put_s3_bucket_policy(s3, bucket_name=bucket.name, policy=json.dumps(json_policy))
- await CRUDBucket.update_public_state(db=db, public=not bucket.public, bucket_name=bucket.name)
+ await CRUDBucket.update_public_state(db=db, public=public, bucket_name=bucket.name)
return bucket
diff --git a/app/tests/api/test_buckets.py b/app/tests/api/test_buckets.py
index 10b5f1434c15872e692889231b11218a293754fb..b771e86ee29fa52d72f462fff5df8ee0f3c4bc35 100644
--- a/app/tests/api/test_buckets.py
+++ b/app/tests/api/test_buckets.py
@@ -271,7 +271,9 @@ class TestBucketRoutesUpdate(_TestBucketRoutes):
mock_s3_service : app.tests.mocks.mock_s3_resource.MockS3ServiceResource
Mock S3 Service to manipulate objects.
"""
- response = await client.patch(f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers)
+ response = await client.patch(
+ f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers, json={"public": True}
+ )
assert response.status_code == status.HTTP_200_OK
bucket = BucketOut.model_validate_json(response.content)
@@ -307,7 +309,46 @@ class TestBucketRoutesUpdate(_TestBucketRoutes):
Async database session to perform query on.
"""
await make_bucket_public(db=db, s3=mock_s3_service, bucket_name=random_bucket.name)
- response = await client.patch(f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers)
+ response = await client.patch(
+ f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers, json={"public": False}
+ )
+ assert response.status_code == status.HTTP_200_OK
+
+ bucket = BucketOut.model_validate_json(response.content)
+
+ assert bucket.name == random_bucket.name
+ assert not bucket.public
+
+ assert ANONYMOUS_ACCESS_SID not in mock_s3_service.Bucket(bucket.name).Policy().policy
+
+ @pytest.mark.asyncio
+ async def test_make_private_bucket_private(
+ self,
+ client: AsyncClient,
+ random_bucket: Bucket,
+ random_user: UserWithAuthHeader,
+ mock_s3_service: MockS3ServiceResource,
+ db: AsyncSession,
+ ) -> None:
+ """
+ Test for getting a foreign public bucket.
+
+ Parameters
+ ----------
+ client : httpx.AsyncClient
+ HTTP Client to perform the request on.
+ random_bucket : clowmdb.models.Bucket
+ Random bucket for testing.
+ random_user : app.tests.utils.user.UserWithAuthHeader
+ Random user who is owner of the bucket.
+ mock_s3_service : app.tests.mocks.mock_s3_resource.MockS3ServiceResource
+ Mock S3 Service to manipulate objects.
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on.
+ """
+ response = await client.patch(
+ f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers, json={"public": False}
+ )
assert response.status_code == status.HTTP_200_OK
bucket = BucketOut.model_validate_json(response.content)
@@ -345,7 +386,9 @@ class TestBucketRoutesUpdate(_TestBucketRoutes):
await db.execute(update_stmt)
await db.commit()
- response = await client.patch(f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers)
+ response = await client.patch(
+ f"{self.base_path}/{random_bucket.name}/public", headers=random_user.auth_headers, json={"public": True}
+ )
assert response.status_code == status.HTTP_400_BAD_REQUEST