rgw: cors rules num limit

According to AWS S3, an cors rules can
have up to 100 rules.

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
(cherry picked from commit c97ee932f380a673b52ffcb1986b015e06246844)

diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h
index a664e9b18f468634127de9b5dad19791f52c22b5..1dee2cbea1b47638640e034a32fd7b613773849a 100644 (file)
--- a/src/common/legacy_config_opts.h
+++ b/src/common/legacy_config_opts.h
@@ -1532,3 +1532,4 @@ OPTION(rgw_max_objs_per_shard, OPT_INT)
 OPTION(rgw_reshard_thread_interval, OPT_U32) // maximum time between rounds of reshard thread processing
 
 OPTION(rgw_acl_grants_max_num, OPT_INT) // According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html), An ACL can have up to 100 grants.
+OPTION(rgw_cors_rules_max_num, OPT_INT) // According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html), An cors can have up to 100 rules.

diff --git a/src/common/options.cc b/src/common/options.cc
index 8bf2f24830cbf89303c6cc6f4fff1f50d7292b3f..9ae3d74d2d2d644995fa6311f78f51db8d51206c 100644 (file)
--- a/src/common/options.cc
+++ b/src/common/options.cc
@@ -4939,6 +4939,10 @@ std::vector<Option> get_rgw_options() {
     .set_default(100)
     .set_description("Max number of ACL grants in a single request"),
 
+    Option("rgw_cors_rules_max_num", Option::TYPE_INT, Option::LEVEL_ADVANCED)
+    .set_default(100)
+    .set_description("Max number of cors rules in a single request"),
+
     Option("rgw_rados_tracing", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
     .set_default(false)
     .set_description("true if LTTng-UST tracepoints should be enabled"),

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 5a84bf4d22f64930ca6ad910af5e05a0f2f369fb..4aafccaf499d99c31ae222ae72f08465869f6e1a 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -73,6 +73,7 @@ rgw_http_errors rgw_http_s3_errors({
     { ERR_MALFORMED_DOC, {400, "MalformedPolicyDocument"}},
     { ERR_INVALID_TAG, {400, "InvalidTag"}},
     { ERR_MALFORMED_ACL_ERROR, {400, "MalformedACLError" }},
+    { ERR_INVALID_CORS_RULES_ERROR, {400, "InvalidRequest" }},
     { ERR_INVALID_ENCRYPTION_ALGORITHM, {400, "InvalidEncryptionAlgorithmError" }},
     { ERR_LENGTH_REQUIRED, {411, "MissingContentLength" }},
     { EACCES, {403, "AccessDenied" }},

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 820085233758b3954617ea0ae8d77b797fcd954c..7afee9f7087e5e89cbdba98f928f5cf2a1683746 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -218,6 +218,7 @@ using ceph::crypto::MD5;
 #define ERR_MALFORMED_ACL_ERROR  2212
 #define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213
 #define ERR_INVALID_ENCRYPTION_ALGORITHM                 2214
+#define ERR_INVALID_CORS_RULES_ERROR                     2215
 
 #define ERR_BUSY_RESHARDING      2300
 

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index efed2da0b245e11f687c50f5aa6bb08dc341b05d..9679a34986b6b28293ce6a691a0a5cee57df1a97 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2389,6 +2389,23 @@ int RGWPutCORS_ObjStore_S3::get_params()
     return -EINVAL;
   }
 
+#define CORS_RULES_MAX_NUM      100
+  int max_num = s->cct->_conf->rgw_cors_rules_max_num;
+  if (max_num < 0) {
+    max_num = CORS_RULES_MAX_NUM;
+  }
+  int cors_rules_num = cors_config->get_rules().size();
+  if (cors_rules_num > max_num) {
+    ldout(s->cct, 4) << "An cors config can have up to "
+                     << max_num
+                     << " rules, request cors rules num: "
+                     << cors_rules_num << dendl;
+    op_ret = -ERR_INVALID_CORS_RULES_ERROR;
+    s->err.message = "The number of CORS rules should not exceed allowed limit of "
+                     + std::to_string(max_num) + " rules.";
+    return -ERR_INVALID_REQUEST;
+  }
+
   // forward bucket cors requests to meta master zone
   if (!store->is_meta_master()) {
     /* only need to keep this data around if we're not meta master */