Salt is used when generating encryption
keys for data (tokens) in the access box.
Now frostfs-s3-authmate always derivation
an encryption key with salt.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
OCI images will be built often (on each PR) to make sure our recipe
doesn't get rusty.
Publishing to the registry will happen only for `v*` tags.
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
We may have a situation where the domain
can be specified in the config without a
port, and the host in the header will be
with a port. As a result, the host will
not match. Now the port is not taken into
account when checking for a match.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
The problem is that with VHS requests,
the list-buckets operation does not work
because the request is filtered on
list-objects-v1. Since list-buckets can
also have query parameters, in the end it
is necessary to distinguish list-buckets
from list-objects-v1 only by the presence
of the bucket name in the URL (provided
that the request is in VHS style).
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
A situation may occur when the global
domain is already occupied when
creating the container. The error
comes from the nns smart contract.
This error actually means that the
bucket has already been created.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
If the service is accessed not through a proxy and the
default value of the parameter with the header key is
not empty, then the system administrator does not
control disabling TLS verification in any way, because
the client can simply add a known header, thereby
skipping the verification. Therefore, the default value
of the header parameter is made empty. If it is empty,
then TLS verification cannot be disabled in any way.
Thus, the system administrator will be able to control
the enabling/disabling of TLS.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
The new version of frostfs-sdk-go
contains a fix to solve the problem
of not being able to delete an EC object.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
The TLS termination header added for determining
whether TLS needs to be checked. If the system
requests come through a proxy server and TLS can
terminate at the proxy level, you should use this
header to disable TLS verification at SSE-C.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
Fix imports in order to apply new sdk changes caused by merging with frostfs-api-go and reimplementing tree service client
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
After using AddChain to provide access to container we have to wait:
* tx with APE chain be accepted by blockchain
* cache in storage node be updated
it takes a while. So we add retry
(the same as when we add bucket settings during bucket creation)
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
