Ensure needQuota flag is sent as part of request contexts

We were relying on the default value from the constructor, but for special API calls, the flag may be needed when the default value is false. Issue: ARSN-450
scality · Dec 7, 2024 · b405ea4 · b405ea4
1 parent 7402f09
commit b405ea4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/lib/policyEvaluator/RequestContext.ts b/lib/policyEvaluator/RequestContext.ts
@@ -228,6 +228,7 @@ export default class RequestContext {
         existingObjTag?: string,
         needTagEval?: false,
         objectLockRetentionDays?: number,
+        needQuota?: boolean,
     ) {
         this._headers = headers;
         this._query = query;
@@ -256,7 +257,7 @@ export default class RequestContext {
         this._securityToken = securityToken;
         this._policyArn = policyArn;
         this._action = action;
-        this._needQuota = actionNeedQuotaCheck[apiMethod] === true
+        this._needQuota = needQuota || actionNeedQuotaCheck[apiMethod] === true
             || actionWithDataDeletion[apiMethod] === true;
         this._requestObjTags = requestObjTags || null;
         this._existingObjTag = existingObjTag || null;
@@ -294,6 +295,7 @@ export default class RequestContext {
             existingObjTag: this._existingObjTag,
             needTagEval: this._needTagEval,
             objectLockRetentionDays: this._objectLockRetentionDays,
+            needQuota: this._needQuota,
         };
         return JSON.stringify(requestInfo);
     }
@@ -335,6 +337,7 @@ export default class RequestContext {
             obj.existingObjTag,
             obj.needTagEval,
             obj.objectLockRetentionDays,
+            obj.needQuota,
         );
     }
 

diff --git a/tests/unit/policyEvaluator/RequestContext.spec.js b/tests/unit/policyEvaluator/RequestContext.spec.js
@@ -28,6 +28,8 @@ describe('RequestContext', () => {
         'reqTagOne=valueOne&reqTagTwo=valueTwo', // requestObjTags
         'existingTagOne=valueOne&existingTagTwo=valueTwo', // existingObjTag
         true, // needTagEval
+        5, // objectLockRetentionDays
+        true, // needQuota
     ];
     const rc = new RequestContext(...constructorParams);
 
@@ -62,10 +64,12 @@ describe('RequestContext', () => {
         { name: 'getMultiFactorAuthAge', expectedValue: null },
         { name: 'getSecurityToken', expectedValue: 'security-token' },
         { name: 'getPolicyArn', expectedValue: 'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess' },
-        { name: 'isQuotaCheckNeeded', expectedValue: false },
         { name: 'getRequestObjTags', expectedValue: 'reqTagOne=valueOne&reqTagTwo=valueTwo' },
         { name: 'getExistingObjTag', expectedValue: 'existingTagOne=valueOne&existingTagTwo=valueTwo' },
         { name: 'getNeedTagEval', expectedValue: true },
+        { name: 'getObjectLockRetentionDays', expectedValue: 5 },
+        { name: 'isQuotaCheckNeeded', expectedValue: true },
+
     ];
     GetterTests.forEach(testCase => {
         it(`getter:${testCase.name}`, () => {
@@ -111,7 +115,8 @@ describe('RequestContext', () => {
         specificResource: 'specific-resource',
         sslEnabled: true,
         tokenIssueTime: null,
-        objectLockRetentionDays: null,
+        objectLockRetentionDays: 5,
+        needQuota: true,
     };
     it('serialize()', () => {
         assert.deepStrictEqual(JSON.parse(rc.serialize()), SerializedFields);