[#1051] object: Ignore APE check for PutSingle with tombstone object
Some checks failed
Tests and linters / Tests with -race (pull_request) Failing after 4m21s
DCO action / DCO (pull_request) Successful in 6m58s
Vulncheck / Vulncheck (pull_request) Successful in 6m58s
Build / Build Components (1.21) (pull_request) Successful in 9m31s
Build / Build Components (1.20) (pull_request) Successful in 9m44s
Tests and linters / gopls check (pull_request) Successful in 10m4s
Tests and linters / Staticcheck (pull_request) Successful in 10m21s
Tests and linters / Lint (pull_request) Successful in 11m48s
Tests and linters / Tests (1.20) (pull_request) Successful in 13m18s
Tests and linters / Tests (1.21) (pull_request) Successful in 13m18s
Some checks failed
Tests and linters / Tests with -race (pull_request) Failing after 4m21s
DCO action / DCO (pull_request) Successful in 6m58s
Vulncheck / Vulncheck (pull_request) Successful in 6m58s
Build / Build Components (1.21) (pull_request) Successful in 9m31s
Build / Build Components (1.20) (pull_request) Successful in 9m44s
Tests and linters / gopls check (pull_request) Successful in 10m4s
Tests and linters / Staticcheck (pull_request) Successful in 10m21s
Tests and linters / Lint (pull_request) Successful in 11m48s
Tests and linters / Tests (1.20) (pull_request) Successful in 13m18s
Tests and linters / Tests (1.21) (pull_request) Successful in 13m18s
* When a client requests DeleteObject, delete service may send PutSingle with tombstone object type to several nodes. If APE allows deletes, but denies puts, then PutSingle cannot be performed although it is being performed in the delete context. So, check for putting tombstone is ignored. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
7278201753
commit
740cfe4ac1
1 changed files with 5 additions and 0 deletions
|
|
@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
|
|||
return fmt.Errorf("failed to create ape request: %w", err)
|
||||
}
|
||||
|
||||
if prm.Method == nativeschema.MethodPutObject &&
|
||||
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
|
||||
return nil
|
||||
}
|
||||
|
||||
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
|
||||
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue