TrueCloudLab/frostfs-node

Author	SHA1	Message	Date
Airat Arifullin	e890f1b4b1	[#1307 ] object: Implement `Patch` method Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-08-16 14:13:09 +00:00
Airat Arifullin	d5dc14c639	[#1243 ] object: Make APE checker set x-headers to request properties * Update go.mod, go.sum; * Add x-headers to request properties; * Add a unit-test. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-16 07:28:42 +00:00
Airat Arifullin	0c2b6f3dac	[#1216 ] ape: Make services use bearer chains fed router * Refactor object and tree service - they should instantiate chain router cheking the bearer token. If there are no bearer token rules, then defaul chain router is used. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-07-05 18:26:48 +00:00
Airat Arifullin	0b87388c18	[#1190 ] object: GroupIDs must also be target of APE checks * Also add new test case for ape middleware in container service. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-06-25 08:49:20 +00:00
Airat Arifullin	04a3f891fd	[#1157 ] object: Make APE checker use Bearer-token's APE overrides Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-06-07 12:11:11 +00:00
Airat Arifullin	952d13cd2b	[#1124 ] cli: Improve APE rule parsing All checks were successful Vulncheck / Vulncheck (pull_request) Successful in 1m25s Details DCO action / DCO (pull_request) Successful in 1m59s Details Build / Build Components (1.21) (pull_request) Successful in 2m27s Details Build / Build Components (1.22) (pull_request) Successful in 4m25s Details Pre-commit hooks / Pre-commit (pull_request) Successful in 4m57s Details Tests and linters / Staticcheck (pull_request) Successful in 5m38s Details Tests and linters / gopls check (pull_request) Successful in 5m57s Details Tests and linters / Lint (pull_request) Successful in 6m26s Details Tests and linters / Tests (1.22) (pull_request) Successful in 9m5s Details Tests and linters / Tests (1.21) (pull_request) Successful in 9m11s Details Tests and linters / Tests with -race (pull_request) Successful in 9m4s Details * Make APE rule parser to read condition's kind in unambiguous using lexemes `ResourceCondition`, `RequestCondition` instead confusing `Object.Request`, `Object.Resource`. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-14 12:23:26 +03:00
Dmitrii Stepanov	0144117cc9	[#1125 ] objectSvc: Add EC header APE check All checks were successful Build / Build Components (1.21) (pull_request) Successful in 6m27s Details DCO action / DCO (pull_request) Successful in 6m38s Details Build / Build Components (1.22) (pull_request) Successful in 8m54s Details Vulncheck / Vulncheck (pull_request) Successful in 8m37s Details Tests and linters / gopls check (pull_request) Successful in 10m32s Details Tests and linters / Staticcheck (pull_request) Successful in 11m3s Details Tests and linters / Lint (pull_request) Successful in 11m27s Details Pre-commit hooks / Pre-commit (pull_request) Successful in 14m16s Details Tests and linters / Tests (1.21) (pull_request) Successful in 14m26s Details Tests and linters / Tests (1.22) (pull_request) Successful in 15m14s Details Tests and linters / Tests with -race (pull_request) Successful in 15m45s Details Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-05-08 16:25:55 +03:00
aarifullin	6c76c9b457	[#1117 ] core: Introduce SubjectProvider interface for FrostfsID * Make tree, object and container services use SubjectProvider interface. * Fix unit-tests. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-05-07 10:01:21 +00:00
Airat Arifullin	c21d72ac23	[#1096 ] object: Make ape middleware fill request with user claim tags Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-04-16 15:12:44 +03:00
Evgenii Stratonikov	91e79c98ba	[#1089 ] ape: Provide request actor as an additional target Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-04-16 11:03:50 +00:00
Dmitrii Stepanov	d6534fd755	[#1016 ] frostfs-node: Fix gopls issues Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>	2024-03-01 12:13:43 +03:00
Airat Arifullin	7cc368e188	[#986 ] object: Introduce soft ape checks * Soft APE check means that APE should allow request even it gets status NoRuleFound for a request. Otherwise, it is interpreted as Deny. * Soft APE check is performed if basic ACL mask is not set. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-02-28 19:05:57 +00:00
Airat Arifullin	f2f3294fc3	[#919 ] ape: Improve error messages in ape service * Wrap all APE middleware errors in apeErr that makes errors more explicit with status AccessDenied. * Use denyingRuleErr for denying status from chain router. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-01-23 08:11:24 +00:00
Airat Arifullin	c8baf76fae	[#872 ] object: Introduce APE middlewar for object service All checks were successful DCO action / DCO (pull_request) Successful in 2m4s Details Vulncheck / Vulncheck (pull_request) Successful in 3m12s Details Build / Build Components (1.21) (pull_request) Successful in 4m1s Details Build / Build Components (1.20) (pull_request) Successful in 4m13s Details Tests and linters / Staticcheck (pull_request) Successful in 4m3s Details Tests and linters / Lint (pull_request) Successful in 8m7s Details Tests and linters / Tests (1.20) (pull_request) Successful in 8m14s Details Tests and linters / Tests (1.21) (pull_request) Successful in 8m18s Details Tests and linters / Tests with -race (pull_request) Successful in 8m24s Details Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>	2024-01-12 18:41:35 +03:00

14 commits