From 078a201fa412f7bf42183651e1ed9cd8eeefd463 Mon Sep 17 00:00:00 2001
From: Idan Novogroder <idan.novogroder@treeverse.io>
Date: Wed, 31 Jul 2024 12:47:41 +0300
Subject: [PATCH] WIP

---
 pkg/api/auth_middleware.go                    |  6 +-
 pkg/block/s3/testdata/chunk250_data500.input  |  0
 pkg/block/s3/testdata/chunk250_data500.output |  0
 pkg/block/s3/testdata/chunk250_data510.input  |  0
 pkg/block/s3/testdata/chunk250_data510.output |  0
 pkg/block/s3/testdata/chunk3000_data10.input  |  0
 pkg/block/s3/testdata/chunk3000_data10.output |  0
 pkg/block/s3/testdata/chunk5_data0.input      |  0
 pkg/block/s3/testdata/chunk5_data0.output     |  0
 pkg/block/s3/testdata/chunk5_data10.input     |  0
 pkg/block/s3/testdata/chunk5_data10.output    |  0
 pkg/block/s3/testdata/chunk600_data240.input  |  0
 pkg/block/s3/testdata/chunk600_data240.output |  0
 pkg/gateway/handler.go                        | 22 ++++---
 .../thrift_hive_metastore-remote.go           |  0
 pkg/permissions/actions.gen.go                | 63 -------------------
 16 files changed, 13 insertions(+), 78 deletions(-)
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk250_data500.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk250_data500.output
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk250_data510.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk250_data510.output
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk3000_data10.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk3000_data10.output
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk5_data0.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk5_data0.output
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk5_data10.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk5_data10.output
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk600_data240.input
 mode change 100755 => 100644 pkg/block/s3/testdata/chunk600_data240.output
 mode change 100755 => 100644 pkg/metastore/hive/gen-go/hive_metastore/thrift_hive_metastore-remote/thrift_hive_metastore-remote.go
 delete mode 100644 pkg/permissions/actions.gen.go

diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go
index 397ddba0c86..7fb9c7989a6 100644
--- a/pkg/api/auth_middleware.go
+++ b/pkg/api/auth_middleware.go
@@ -99,15 +99,11 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica
 				writeError(w, r, http.StatusBadRequest, err)
 				return
 			}
-			user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore, oidcConfig, cookieAuthConfig)
+			_, err = checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore, oidcConfig, cookieAuthConfig)
 			if err != nil {
 				writeError(w, r, http.StatusUnauthorized, err)
 				return
 			}
-			if user != nil {
-				ctx := logging.AddFields(r.Context(), logging.Fields{logging.UserFieldKey: user.Username})
-				r = r.WithContext(auth.WithUser(ctx, user))
-			}
 			next.ServeHTTP(w, r)
 		})
 	}
diff --git a/pkg/block/s3/testdata/chunk250_data500.input b/pkg/block/s3/testdata/chunk250_data500.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk250_data500.output b/pkg/block/s3/testdata/chunk250_data500.output
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk250_data510.input b/pkg/block/s3/testdata/chunk250_data510.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk250_data510.output b/pkg/block/s3/testdata/chunk250_data510.output
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk3000_data10.input b/pkg/block/s3/testdata/chunk3000_data10.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk3000_data10.output b/pkg/block/s3/testdata/chunk3000_data10.output
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk5_data0.input b/pkg/block/s3/testdata/chunk5_data0.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk5_data0.output b/pkg/block/s3/testdata/chunk5_data0.output
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk5_data10.input b/pkg/block/s3/testdata/chunk5_data10.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk5_data10.output b/pkg/block/s3/testdata/chunk5_data10.output
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk600_data240.input b/pkg/block/s3/testdata/chunk600_data240.input
old mode 100755
new mode 100644
diff --git a/pkg/block/s3/testdata/chunk600_data240.output b/pkg/block/s3/testdata/chunk600_data240.output
old mode 100755
new mode 100644
diff --git a/pkg/gateway/handler.go b/pkg/gateway/handler.go
index 5dbea1c5304..aa76b2da546 100644
--- a/pkg/gateway/handler.go
+++ b/pkg/gateway/handler.go
@@ -117,16 +117,18 @@ func NewHandler(region string, catalog *catalog.Catalog, multipartTracker multip
 
 	h = loggingMiddleware(h)
 
-	h = EnrichWithOperation(sc,
-		DurationHandler(
-			AuthenticationHandler(authService, EnrichWithParts(bareDomains,
-				EnrichWithRepositoryOrFallback(catalog, authService, fallbackHandler,
-					OperationLookupHandler(
-						h))))))
-	logging.ContextUnavailable().WithFields(logging.Fields{
-		"s3_bare_domain": bareDomains,
-		"s3_region":      region,
-	}).Info("initialized S3 Gateway handler")
+	if isCloud {
+		h = EnrichWithOperation(sc,
+			DurationHandler(
+				AuthenticationHandler(authService, EnrichWithParts(bareDomains,
+					EnrichWithRepositoryOrFallback(catalog, authService, fallbackHandler,
+						OperationLookupHandler(
+							h))))))
+		logging.ContextUnavailable().WithFields(logging.Fields{
+			"s3_bare_domain": bareDomains,
+			"s3_region":      region,
+		}).Info("initialized S3 Gateway handler")
+	}
 	return h
 }
 
diff --git a/pkg/metastore/hive/gen-go/hive_metastore/thrift_hive_metastore-remote/thrift_hive_metastore-remote.go b/pkg/metastore/hive/gen-go/hive_metastore/thrift_hive_metastore-remote/thrift_hive_metastore-remote.go
old mode 100755
new mode 100644
diff --git a/pkg/permissions/actions.gen.go b/pkg/permissions/actions.gen.go
deleted file mode 100644
index 34d84a96d13..00000000000
--- a/pkg/permissions/actions.gen.go
+++ /dev/null
@@ -1,63 +0,0 @@
-// Code generated by extract_actions. DO NOT EDIT.
-//
-package permissions
-
-var Actions = []string{
-	"fs:ReadRepository",
-	"fs:CreateRepository",
-	"fs:UpdateRepository",
-	"fs:AttachStorageNamespace",
-	"fs:ImportFromStorage",
-	"fs:ImportCancel",
-	"fs:DeleteRepository",
-	"fs:ListRepositories",
-	"fs:ReadObject",
-	"fs:WriteObject",
-	"fs:DeleteObject",
-	"fs:ListObjects",
-	"fs:CreateCommit",
-	"fs:CreateMetaRange",
-	"fs:ReadCommit",
-	"fs:ListCommits",
-	"fs:CreateBranch",
-	"fs:DeleteBranch",
-	"fs:ReadBranch",
-	"fs:RevertBranch",
-	"fs:ListBranches",
-	"fs:CreateTag",
-	"fs:DeleteTag",
-	"fs:ReadTag",
-	"fs:ListTags",
-	"fs:ReadConfig",
-	"auth:ReadUser",
-	"auth:CreateUser",
-	"auth:DeleteUser",
-	"auth:ListUsers",
-	"auth:ReadGroup",
-	"auth:CreateGroup",
-	"auth:DeleteGroup",
-	"auth:ListGroups",
-	"auth:AddGroupMember",
-	"auth:RemoveGroupMember",
-	"auth:ReadPolicy",
-	"auth:CreatePolicy",
-	"auth:UpdatePolicy",
-	"auth:DeletePolicy",
-	"auth:ListPolicies",
-	"auth:AttachPolicy",
-	"auth:DetachPolicy",
-	"auth:ReadCredentials",
-	"auth:CreateCredentials",
-	"auth:DeleteCredentials",
-	"auth:ListCredentials",
-	"auth:CreateUserExternalPrincipal",
-	"auth:DeleteUserExternalPrincipal",
-	"auth:ReadExternalPrincipal",
-	"ci:ReadAction",
-	"retention:PrepareGarbageCollectionCommits",
-	"retention:GetGarbageCollectionRules",
-	"retention:SetGarbageCollectionRules",
-	"retention:PrepareGarbageCollectionUncommitted",
-	"branches:GetBranchProtectionRules",
-	"branches:SetBranchProtectionRules",
-}