598 commits

Author	SHA1	Message	Date
Airat Arifullin	d5dc14c639	[#1243] object: Make APE checker set x-headers to request properties ... * Update go.mod, go.sum; * Add x-headers to request properties; * Add a unit-test. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-16 07:28:42 +00:00
Dmitrii Stepanov	84ecd61dfd	[#1233] putSvc: Try to put EC chunk to any node ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-07-09 07:54:29 +00:00
Airat Arifullin	d90aab5454	[#1229] util: Fix session token expiration check ... * Make session token expired at `current_epoch + 1` but not at `current_epoch` when it's still valid. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-08 08:15:56 +00:00
Airat Arifullin	0c2b6f3dac	[#1216] ape: Make services use bearer chains fed router ... * Refactor object and tree service - they should instantiate chain router cheking the bearer token. If there are no bearer token rules, then defaul chain router is used. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-05 18:26:48 +00:00
Airat Arifullin	f3a861806e	[#1218] object: Fix bearer token validation ... Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-03 07:22:11 +00:00
Airat Arifullin	a378ff9cf6	[#1218] object: Pass container owner for backward get method check ... * `getStreamBasicChecker` must define `containerOwner` for backward checks, otherwise bearer token cannot be validated for the token issuer. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-03 07:22:11 +00:00
Dmitrii Stepanov	dc2867682f	[#1213] deleteSvc: Do not allow to delete EC chunks ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-07-01 06:49:35 +00:00
Airat Arifullin	0b87388c18	[#1190] object: GroupIDs must also be target of APE checks ... * Also add new test case for ape middleware in container service. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-06-25 08:49:20 +00:00
Dmitrii Stepanov	ecd1ed7a5e	[#1184] node: Add audit middleware for grpc services ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-06-19 16:05:53 +03:00
Airat Arifullin	04a3f891fd	[#1157] object: Make APE checker use Bearer-token's APE overrides ... Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-06-07 12:11:11 +00:00
Anton Nikiforov	c1af13b47e	[#1147] node: Fix issue from gopls ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-30 08:13:04 +00:00
Anton Nikiforov	6130650bb6	[#1147] node: Implement Lock\Delete requests for EC object ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-30 08:13:04 +00:00
Anton Nikiforov	d355274cd0	[#1147] object: Use methods on pointer for searchsvc.execCtx ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-30 08:13:04 +00:00
Anton Nikiforov	3555c73225	[#1147] object: Use methods on pointer for deletesvc.execCtx ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-30 08:13:04 +00:00
Anton Nikiforov	e43e7bec3a	[#1147] log: Remove redundant address field from log ... Filled when logger created for `request` object from package `getsvc`. Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-30 08:13:04 +00:00
Airat Arifullin	482c5129ac	[#1142] object: Fill APE-request with source IP property ... Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-27 10:17:17 +00:00
Dmitrii Stepanov	436c9f5558	[#1129] policer: Restore EC object ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-17 14:36:18 +03:00
Dmitrii Stepanov	44f2e8f27f	[#1129] putSvc: Allow to put single unprepared object to EC container ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-16 16:28:49 +03:00
Dmitrii Stepanov	cbe9757490	[#1129] policer: Pull required EC chunks ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-16 16:28:49 +03:00
Evgenii Stratonikov	b3eaa8a9bc	[#1083] objsvc/v2: Check response status in RANGE_HASH forwarder ... Fixes #1083 Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-05-15 12:04:21 +03:00
Evgenii Stratonikov	0924b62a95	[#1083] objsvc/v2: Unify response verification after forwarding ... 1. Use the same routine for HEAD/GET_RANGE methods. 2. Make error message similar. Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-05-15 12:04:06 +03:00
Evgenii Stratonikov	300654b045	[#1083] objsvc/v2: Properly check response status after forwarding ... Previously we had cryptic error: ``` debug get/remote.go:38 remote call failed {"component": "Object.Get service", "request": "HEAD", "address": "9sTxoVrhJ7WBtXQfK2NJ7zDV5yCF7BPLKK1XTxYPdGsP/BbHV4KZZ8y2BPqAT5kyjdHRLkfbtY2xf5uYoMVqxACn1", "raw": false, "local": false, "with session": false, "with bearer": false, "error": "unexpected header type <nil>"} ``` Now we have and expected error: ``` debug get/remote.go:38 remote call failed {"component": "Object.Get service", "request": "HEAD", "address": "D2rqaMG4D2VHdv3HKky8UYSYmwQFH2v9oXXqtyRZPTMy/BbHV4KZZ8y2BPqAT5kyjdHRLkfbtY2xf5uYoMVqxACn1", "raw": false, "local": false, "with session": false, "with bearer": false, "error": "status: code = 2049 message = object not found"} ``` Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-05-15 12:04:06 +03:00
Airat Arifullin	952d13cd2b	[#1124] cli: Improve APE rule parsing ... * Make APE rule parser to read condition's kind in unambiguous using lexemes `ResourceCondition`, `RequestCondition` instead confusing `Object.Request`, `Object.Resource`. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-14 12:23:26 +03:00
Dmitrii Stepanov	0144117cc9	[#1125] objectSvc: Add EC header APE check ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-08 16:25:55 +03:00
Dmitrii Stepanov	ada1b9f737	[#1120] objectSvc: Fix EC put placement ... Use parent object ID to compute placement. Fix too many copies saving. Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-08 15:23:57 +03:00
Anton Nikiforov	fe2c1c926f	[#1112] node: Fix race warning for GetObjectAndWritePayload ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-07 14:47:21 +03:00
Anton Nikiforov	3e782527b8	[#1112] node: Add test for Range request for EC object ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-07 14:47:21 +03:00
Anton Nikiforov	21a490da8f	[#1112] Fix issue from gofumpt ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-07 14:47:21 +03:00
Evgenii Stratonikov	93c0ccad4f	[#1077] objectsvc: Fix possible panic in GetRange() ... Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-05-07 14:47:21 +03:00
Anton Nikiforov	00b2b77b26	[#1112] node: Implement Range\RangeHash requests for EC object ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-05-07 14:47:21 +03:00
aarifullin	b60a51b862	[#1117] ape: Introduce FormFrostfsIDRequestProperties method ... * `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them as ape request properties. * Make tree, container and object service use the method. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-07 10:01:21 +00:00
aarifullin	6c76c9b457	[#1117] core: Introduce SubjectProvider interface for FrostfsID ... * Make tree, object and container services use SubjectProvider interface. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-07 10:01:21 +00:00
Ekaterina Lebedeva	e07869a8cf	[#1100] Remove unused fields ... Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>	2024-05-06 10:14:36 +03:00
Evgenii Stratonikov	71789676d5	[#1114] aclsvc: Add tests for request ownership ... Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-05-02 11:57:39 +03:00
Anton Nikiforov	112a7c690f	[#1103] node: Implement Get\Head requests for EC object ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-24 18:15:53 +03:00
Airat Arifullin	c21d72ac23	[#1096] object: Make ape middleware fill request with user claim tags ... Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-04-16 15:12:44 +03:00
Evgenii Stratonikov	91e79c98ba	[#1089] ape: Provide request actor as an additional target ... Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-04-16 11:03:50 +00:00
aarifullin	f4dcb418f2	[#1090] ape: Move ape request and resource implementations to common package ... Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-04-15 07:45:45 +00:00
Evgenii Stratonikov	3dc81cb4fc	Reapply "[#972] Use min/max builtins" ... This reverts commit dad56d2e98. Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-04-10 12:09:34 +00:00
Dmitrii Stepanov	e74bdaa5d5	[#1080] ape: Use value for APE request ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-04-09 18:42:03 +03:00
Dmitrii Stepanov	338d8cbebd	[#1080] ape: Do not read object headers before Head/Get ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-04-09 15:27:40 +03:00
Anton Nikiforov	2b88361849	[#1062] object: Fix buffer allocation for PayloadRange ... Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-09 11:59:07 +03:00
Dmitrii Stepanov	1c5e0f90aa	[#1064] putsvc: Add EC put ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-04-09 07:08:53 +00:00
Dmitrii Stepanov	39da643354	[#1064] putsvc: Refactor distributed target ... Extract object builder. Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-04-09 07:08:53 +00:00
aarifullin	6959e617c4	[#1047] object: Set container owner ID property to ape request ... * Introduce ContainerOwner field in RequestContext. * Set ContainerOwner in aclv2 middleware. * Set PropertyKeyContainerOwnerID for object ape request. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-03-18 15:39:50 +00:00
aarifullin	d7be70e93f	[#1040] object: Wrap CheckAPE errors to status errors ... * All methods should wrap CheckAPE error, if it occurs, to status error. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-03-14 07:34:03 +00:00
Airat Arifullin	5c252c9193	[#1039] object: Skip APE check for certain request roles ... * Skip APE check if a role is Container. * Skip APE check if a role is IR and methods are get-like. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-03-12 16:15:20 +03:00
Dmitrii Stepanov	d433b49265	[#973] node: Resolve perfsprint linter ... `fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition` Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-03-11 17:55:50 +03:00
Dmitrii Stepanov	d6534fd755	[#1016] frostfs-node: Fix gopls issues ... Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-03-01 12:13:43 +03:00
Airat Arifullin	7cc368e188	[#986] object: Introduce soft ape checks ... * Soft APE check means that APE should allow request even it gets status NoRuleFound for a request. Otherwise, it is interpreted as Deny. * Soft APE check is performed if basic ACL mask is not set. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-02-28 19:05:57 +00:00