eeab417dcf
[ #1307 ] object: Add APE check for Patch
handler
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-08-16 14:13:09 +00:00
e890f1b4b1
[ #1307 ] object: Implement Patch
method
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-08-16 14:13:09 +00:00
a4a1c3f18b
[ #1307 ] go.mod: Bump frostfs-sdk-go/frostfs-api-go/v2 versions
...
* Also, resolve dependencies and conflicts for object service
by creating stub for `Patch` method.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-08-16 14:13:09 +00:00
04a3f891fd
[ #1157 ] object: Make APE checker use Bearer-token's APE overrides
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-07 12:11:11 +00:00
e07869a8cf
[ #1100 ] Remove unused fields
...
DCO action / DCO (pull_request) Successful in 2m47s
Build / Build Components (1.21) (pull_request) Successful in 3m21s
Vulncheck / Vulncheck (pull_request) Successful in 3m33s
Build / Build Components (1.22) (pull_request) Successful in 5m25s
Tests and linters / gopls check (pull_request) Successful in 5m13s
Tests and linters / Staticcheck (pull_request) Successful in 6m13s
Tests and linters / Lint (pull_request) Successful in 7m2s
Tests and linters / Tests (1.21) (pull_request) Successful in 10m2s
Tests and linters / Tests with -race (pull_request) Successful in 9m55s
Tests and linters / Tests (1.22) (pull_request) Successful in 10m11s
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
2024-05-06 10:14:36 +03:00
71789676d5
[ #1114 ] aclsvc: Add tests for request ownership
...
DCO action / DCO (pull_request) Successful in 5m13s
Build / Build Components (1.21) (pull_request) Successful in 9m51s
Build / Build Components (1.22) (pull_request) Successful in 10m21s
Vulncheck / Vulncheck (pull_request) Successful in 12m9s
Tests and linters / Lint (pull_request) Successful in 16m50s
Tests and linters / gopls check (pull_request) Successful in 18m8s
Tests and linters / Staticcheck (pull_request) Successful in 19m1s
Tests and linters / Tests (1.22) (pull_request) Successful in 19m59s
Tests and linters / Tests with -race (pull_request) Successful in 20m5s
Tests and linters / Tests (1.21) (pull_request) Successful in 2m52s
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 11:57:39 +03:00
6959e617c4
[ #1047 ] object: Set container owner ID property to ape request
...
* Introduce ContainerOwner field in RequestContext.
* Set ContainerOwner in aclv2 middleware.
* Set PropertyKeyContainerOwnerID for object ape request.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-03-18 15:39:50 +00:00
7cc368e188
[ #986 ] object: Introduce soft ape checks
...
* Soft APE check means that APE should allow request even
it gets status NoRuleFound for a request. Otherwise,
it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-02-28 19:05:57 +00:00
a5446bc17d
[ #952 ] object: Pass namespace within context in ACL service
...
DCO action / DCO (pull_request) Successful in 6m23s
Vulncheck / Vulncheck (pull_request) Successful in 7m3s
Build / Build Components (1.21) (pull_request) Successful in 8m21s
Build / Build Components (1.20) (pull_request) Successful in 8m31s
Tests and linters / Staticcheck (pull_request) Successful in 11m1s
Tests and linters / Lint (pull_request) Successful in 11m26s
Tests and linters / Tests (1.20) (pull_request) Successful in 12m51s
Tests and linters / Tests (1.21) (pull_request) Successful in 13m14s
Tests and linters / Tests with -race (pull_request) Successful in 13m31s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-02-02 14:48:11 +03:00
5be2af881a
[ #934 ] container: Make container APE middleware read namespaces
...
* Those methods that can access already existing containers and thus
can get container properties should read namespace from Zone
property. If Zone is not set, take a namespace for root.
* Otherwise, define namespaces by owner ID via frostfs-id contract.
* Improve unit-tests, consider more cases.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-02-01 17:38:24 +00:00
c8baf76fae
[ #872 ] object: Introduce APE middlewar for object service
...
DCO action / DCO (pull_request) Successful in 2m4s
Vulncheck / Vulncheck (pull_request) Successful in 3m12s
Build / Build Components (1.21) (pull_request) Successful in 4m1s
Build / Build Components (1.20) (pull_request) Successful in 4m13s
Tests and linters / Staticcheck (pull_request) Successful in 4m3s
Tests and linters / Lint (pull_request) Successful in 8m7s
Tests and linters / Tests (1.20) (pull_request) Successful in 8m14s
Tests and linters / Tests (1.21) (pull_request) Successful in 8m18s
Tests and linters / Tests with -race (pull_request) Successful in 8m24s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-01-12 18:41:35 +03:00
bdd43f6211
[ #869 ] object: Pass just CID to chain router
...
* Do not convert CID from request to native-schema resource
format - this step is unneccessary for APE.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-14 11:01:20 +00:00
0f45e3d344
[ #804 ] ape: Implement boltdb storage for local overrides
...
DCO action / DCO (pull_request) Successful in 2m10s
Vulncheck / Vulncheck (pull_request) Successful in 3m26s
Build / Build Components (1.20) (pull_request) Successful in 5m41s
Build / Build Components (1.21) (pull_request) Successful in 5m44s
Tests and linters / Staticcheck (pull_request) Successful in 7m10s
Tests and linters / Lint (pull_request) Successful in 8m14s
Tests and linters / Tests (1.21) (pull_request) Successful in 14m24s
Tests and linters / Tests (1.20) (pull_request) Successful in 14m41s
Tests and linters / Tests with -race (pull_request) Successful in 14m38s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-07 19:08:41 +03:00
e361e017f3
[ #842 ] control: Pass target instead resource name
...
* Update policy-engine package version in go.mod, go.sum.
* Refactor CheckIfRequestPermitted: pass container target
instead container ID.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-07 14:21:55 +00:00
c516c7c5f4
[ #821 ] node: Pass user.ID by value
...
DCO action / DCO (pull_request) Successful in 3m45s
Build / Build Components (1.21) (pull_request) Successful in 5m18s
Build / Build Components (1.20) (pull_request) Successful in 5m28s
Tests and linters / Tests (1.20) (pull_request) Successful in 7m30s
Tests and linters / Tests (1.21) (pull_request) Successful in 7m42s
Tests and linters / Lint (pull_request) Successful in 8m25s
Vulncheck / Vulncheck (pull_request) Successful in 9m22s
Tests and linters / Staticcheck (pull_request) Successful in 10m57s
Tests and linters / Tests with -race (pull_request) Successful in 16m53s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-23 10:21:07 +03:00
4d5be5ccb5
[ #811 ] ape: Update policy-engine module version and rebase
...
DCO action / DCO (pull_request) Successful in 4m23s
Vulncheck / Vulncheck (pull_request) Successful in 5m31s
Build / Build Components (1.21) (pull_request) Successful in 7m33s
Build / Build Components (1.20) (pull_request) Successful in 7m40s
Tests and linters / Staticcheck (pull_request) Successful in 8m22s
Tests and linters / Lint (pull_request) Successful in 9m23s
Tests and linters / Tests with -race (pull_request) Successful in 11m20s
Tests and linters / Tests (1.21) (pull_request) Successful in 11m32s
Tests and linters / Tests (1.20) (pull_request) Successful in 11m41s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-16 11:31:37 +03:00
9133b4389e
[ #788 ] objectsvc: Fix formatting (gofumpt)
...
DCO action / DCO (pull_request) Successful in 3m19s
Vulncheck / Vulncheck (pull_request) Successful in 3m40s
Build / Build Components (1.21) (pull_request) Successful in 4m17s
Build / Build Components (1.20) (pull_request) Successful in 4m32s
Tests and linters / Staticcheck (pull_request) Successful in 4m46s
Tests and linters / Tests (1.21) (pull_request) Successful in 5m9s
Tests and linters / Lint (pull_request) Successful in 5m28s
Tests and linters / Tests (1.20) (pull_request) Successful in 5m24s
Tests and linters / Tests with -race (pull_request) Successful in 7m38s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-09 10:27:32 +03:00
3534d6d05b
[ #794 ] objectsvc: Return accidentally removed acl checks for Head
...
DCO action / DCO (pull_request) Successful in 1m42s
Vulncheck / Vulncheck (pull_request) Successful in 3m23s
Build / Build Components (1.21) (pull_request) Successful in 4m22s
Build / Build Components (1.20) (pull_request) Successful in 5m44s
Tests and linters / Staticcheck (pull_request) Successful in 6m3s
Tests and linters / Lint (pull_request) Successful in 6m35s
Tests and linters / Tests (1.20) (pull_request) Successful in 8m32s
Tests and linters / Tests with -race (pull_request) Successful in 8m47s
Tests and linters / Tests (1.21) (pull_request) Successful in 8m54s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-08 17:13:58 +03:00
66848d3288
[ #770 ] cli: Add methods to work with APE rules via control svc
...
* Add methods to frostfs-cli
* Implement rpc in control service
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-08 13:34:03 +00:00
8e11ef46b8
[ #770 ] object: Introduce ape chain checker for object svc
...
* Introduce Request type converted from RequestInfo type
to implement policy-engine's Request interface
* Implement basic ape checker to check if a request is
permitted to be performed
* Make put handlers use APE checker instead EACL
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-08 13:34:03 +00:00
79088baa06
[ #772 ] node: Apply gofumpt
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-10-31 17:03:03 +03:00
aeeb8193d2
[ #676 ] node: Fix header source creation when checking eacl
...
DCO action / DCO (pull_request) Successful in 2m55s
Build / Build Components (1.20) (pull_request) Successful in 4m53s
Vulncheck / Vulncheck (pull_request) Successful in 4m36s
Tests and linters / Staticcheck (pull_request) Successful in 6m35s
Tests and linters / Tests (1.21) (pull_request) Successful in 7m7s
Tests and linters / Tests (1.20) (pull_request) Successful in 7m47s
Tests and linters / Tests with -race (pull_request) Failing after 10m7s
Build / Build Components (1.21) (pull_request) Successful in 11m3s
Tests and linters / Lint (pull_request) Successful in 17m34s
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-09-06 17:06:54 +03:00
55b82e744b
[ #529 ] objectcore: Use common sender classifier
...
DCO action / DCO (pull_request) Successful in 2m19s
Vulncheck / Vulncheck (pull_request) Successful in 3m5s
Build / Build Components (1.21) (pull_request) Successful in 4m8s
Build / Build Components (1.20) (pull_request) Successful in 4m24s
Tests and linters / Tests (1.20) (pull_request) Successful in 4m57s
Tests and linters / Staticcheck (pull_request) Successful in 4m43s
Tests and linters / Tests (1.21) (pull_request) Successful in 5m2s
Tests and linters / Lint (pull_request) Successful in 5m21s
Tests and linters / Tests with -race (pull_request) Successful in 6m17s
Use common sender classifier for ACL service and format validator.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-29 10:33:06 +03:00
5b7e4a51b7
[ #481 ] Update frostfs-sdk-go and error pointer receivers
...
Signed-off-by: Alejandro Lopez <a.lopez@yadro.com>
2023-08-09 10:26:53 +00:00
b3695411d9
[ #553 ] eacl: Fix bug with casting to ObjectAccessDenied error
...
Signed-off-by: Airat Arifullin a.arifullin@yadro.com
2023-08-02 07:22:48 +00:00
70a1081988
[ #294 ] aclsvcv2: Refactor service constructor
...
Pass required deps as args.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-12 07:42:10 +00:00
18d8898b00
[ #294 ] aclsvc: Refactor service constructor
...
Pass required deps as args.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-12 07:42:10 +00:00
61541eaec2
[ #294 ] aclsvc: Refactor checker constructor
...
Pass required deps as args.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-12 07:42:10 +00:00
7b76527759
[ #486 ] node: Add PutSingle wrappers
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-10 15:49:21 +03:00
033eaf77e1
[ #496 ] node: Fix linter importas
...
Build / Build Components (1.20) (pull_request) Successful in 3m52s
Build / Build Components (1.19) (pull_request) Successful in 4m1s
ci/woodpecker/pr/pre-commit Pipeline was successful
Tests and linters / Tests with -race (pull_request) Successful in 5m36s
Tests and linters / Tests (1.20) (pull_request) Successful in 5m55s
Tests and linters / Lint (pull_request) Successful in 14m40s
Tests and linters / Tests (1.19) (pull_request) Successful in 15m29s
ci/woodpecker/push/pre-commit Pipeline was successful
Standardize the alias of the
import frostfs-sdk-go/object as objectSDK.
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2023-07-06 15:36:41 +03:00
8a4e250dae
[ #468 ] *: replace outdated TODO crypto-related links
...
ci/woodpecker/push/pre-commit Pipeline was successful
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-06-28 12:13:20 +00:00
c04f6c5e59
[ #229 ] acl: Allow Impersonate
...
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-04-26 10:23:33 +03:00
0e31c12e63
[ #240 ] logs: Move log messages to constants
...
Drop duplicate entities.
Format entities.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-04-14 05:06:09 +00:00
08769f413f
Revert "[ #135 ] acl: Add tracing spans"
...
This reverts commit b2ca730547
.
2023-04-12 16:54:13 +03:00
b2ca730547
[ #135 ] acl: Add tracing spans
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-12 06:52:00 +00:00
0920d848d0
[ #135 ] get-object: Add tracing spans
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-12 06:52:00 +00:00
4941926c9d
[ #207 ] aclsvc: Drop outdated tag
...
ci/woodpecker/push/pre-commit Pipeline was successful
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-04 13:22:14 +00:00
585415fa92
[ #207 ] aclsvc: Refactor send checker
...
Resolve funlen linter for putStreamBasicChecker.Send method.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-04 13:22:14 +00:00
9ef790f782
[ #207 ] aclsvc: Refactor object headers read
...
Resolve funlen linter for readObjectHeaders method.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-04 13:22:13 +00:00
cd33a57f44
[ #207 ] aclsvc: Refactor EACL check
...
Resolve funlen linter for CheckEACL method.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-04 13:22:13 +00:00
27bdddc48f
[ #199 ] putsvc: Refactor put object
...
Resolve containedctx linter for streamer and remote target
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-03 15:58:11 +00:00
97c36ed3ec
[ #148 ] linter: Add funlen linter
...
Long functions are hard to understand and source of errors
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-03-21 09:54:41 +03:00
20de74a505
Rename package name
...
Due to source code relocation from GitHub.
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 16:38:26 +03:00
cb5468abb8
[ #66 ] node: Replace interface{} with any
...
Signed-off-by: Alejandro Lopez <a.lopez@yadro.com>
2023-02-21 16:47:07 +03:00
cb016d53a6
[ #1 ] Fix comments and error messages
...
Signed-off-by: Stanislav Bogatyrev <s.bogatyrev@yadro.com>
2023-02-06 17:41:14 +03:00
0d8366f475
[ #2207 ] object/acl: Return status error for expired session token
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-01-25 15:31:47 +03:00
Pavel Karpy
923f84722a
Move to frostfs-node
...
Signed-off-by: Pavel Karpy <p.karpy@yadro.com>
2022-12-28 15:04:29 +03:00
Pavel Karpy
481b48b942
[ #2028 ] node: Check session token's NBF and IAT
...
ACL service did not check "Not Valid Before" and "Issued At" claims.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-11-19 11:01:04 +03:00
Pavel Karpy
aadd2ad050
[ #2028 ] node: Do not wrap malformed request errors
...
After presenting request statuses on the API level, all the errors are
unwrapped before sending to the caller side. It led to a losing invalid
request's context.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-11-19 11:01:04 +03:00
Pavel Karpy
f037022a7a
[ #1770 ] logger: Refactor Logger
component
...
Make it store its internal `zap.Logger`'s level. Also, make all the
components to accept internal `logger.Logger` instead of `zap.Logger`; it
will simplify future refactor.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-10-12 18:11:05 +03:00