Commit graph

36 commits

Author SHA1 Message Date
51be9d9778 [] Remove policies when delete bucket
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-09 17:30:20 +03:00
bcfbcdc82f [] acl: Update APE and fix using
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 12:42:43 +00:00
1f5f2bd3d5 [] In APE buckets forbid canned acl except private
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-19 16:56:32 +03:00
8050ca2d51 [] Use session token for container read operations
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-01 18:14:33 +03:00
c868af8a62 [] Add flag to enable old ACL bucket creation
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
bac1b3fb2d [] Use zero basic acl to mark APE containers
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c452d58ce2 [] Reduce number of policy contract invocations
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
d9d12debc3 [] Add tests
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
3d0d2032c6 [] acl: Handle put/get acl for APE buckets
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
8273af8bf8 [] Make PutBucketPolicy handler use policy contract
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:54 +03:00
40d7f844e3 [] Refactor context data retrievers
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2023-08-16 14:05:38 +00:00
fc90981c03 [] Update inner imports after moving middlewares
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-07-11 17:25:09 +03:00
d531b13866 [] Add more context to some s3 errors
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-30 12:08:33 +03:00
bd3164c57f [] Fix pre-commit issues
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-03-24 16:22:06 +03:00
64e7356acc [TrueCloudLab#32] Add custom policy unmarshaler
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-03-09 11:19:01 +00:00
813aa2f173 Rename package name
Due to source code relocation from GitHub.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 17:38:08 +03:00
96dff367db [] Build S3 Gateway with FrostFS dependencies
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2022-12-15 12:43:52 +03:00
Denis Kirillov
2886ac161c [] Fix forming policy by ast
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-11-10 15:33:03 +03:00
Denis Kirillov
cb55d36063 [] Update tests
Add bearer token to test context

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-10-11 15:26:42 +03:00
Denis Kirillov
4082cd6b54 [] Keep eacl records order on conflict
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-08 12:21:47 +03:00
Denis Kirillov
9cd4ef1ac4 [] Replace FileName with FilePath attribute
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-07 15:50:43 +03:00
Alex Vanin
66fe3fee7b [] Produce deny records for private objects
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-21 17:55:15 +03:00
Denis Kirillov
1e26cf1541 [] Use service records to save resource info
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 19:10:23 +03:00
Angira Kekteeva
74300a75a9 [] Add tests
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Denis Kirillov
1575da65a4 [] Fix object acl filters
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-14 13:33:11 +03:00
Alex Vanin
a57b8d34d3 [] Add more comments about eacl.RoleUnknown
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
d6065c64c4 [] Check group grantee based on stored list of users
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
c7de7d2928 [] Do not use user role with public keys in eacl target
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
36029ca864 [] Fix user removal in astOperation
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-06 17:40:41 +03:00
Leonard Lyubich
087d500c5f [] *: Refactor working with NeoFS identities
Pull latest changes from NeoFS SDK Go library. Decrease redundant and
unsafe usage of ID pointers. Use `EncodeToString` method in order to
calculate protocol strings.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-05-27 17:22:37 +04:00
Denis Kirillov
e3c16a32dd [] Update SDK
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-26 12:51:52 +04:00
Leonard Lyubich
34a221c5c9 [] Upgrade NeoFS SDK Go library
Core changes:
  - `object.ID` moved to new package `oid`;
  - `object.Address` moved to new package `address`;
  - `pool.Object` interface changes.

Additionally:
  - Set container owner in `Agent.IssueSecret`.
  - Remove no longer needed fields from `GetObjectParams`
  - `Length` and `Offset` are never assigned. These values
  are set in `Range` field.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-03-04 00:14:30 +03:00
Denis Kirillov
d36dfe8c61 [] Update neo-sdk-go to the latest version
Refactoring invoking pool methods for anonymous requests.

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-11-16 14:42:08 +03:00
Denis Kirillov
ae87effb28 [] Add random key for no sign requests
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-11-16 14:42:08 +03:00
Denis Kirillov
a9be642eaf [] Add object acl versioning
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-08-31 12:38:23 +03:00
Denis Kirillov
efe11c271f [] Add basic ACL translation
Implement functions:
GetBucketACL, PutBucketACL, GetObjectACL,
PutObjectACL, GetBucketPolicy, PutBucketPolicy

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-08-18 17:20:17 +03:00