0c2b6f3dac
[ #1216 ] ape: Make services use bearer chains fed router
...
* Refactor object and tree service - they should instantiate
chain router cheking the bearer token. If there are no bearer
token rules, then defaul chain router is used.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-05 18:26:48 +00:00
4bd4667791
[ #1218 ] tree: Fix bearer token validation
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-03 07:22:11 +00:00
11a38a0a84
[ #1190 ] tree: GroupIDs must also be target of APE checks
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-25 08:49:20 +00:00
239323eeef
[ #1157 ] tree: Make tree service use Bearer token's APE overrides
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-07 12:11:11 +00:00
3627b44e92
[ #1142 ] tree: Fill APE-request with source IP property
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-27 10:17:17 +00:00
b60a51b862
[ #1117 ] ape: Introduce FormFrostfsIDRequestProperties method
...
* `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them
as ape request properties.
* Make tree, container and object service use the method.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
6c76c9b457
[ #1117 ] core: Introduce SubjectProvider interface for FrostfsID
...
* Make tree, object and container services use SubjectProvider interface.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
700e891b85
[ #1103 ] Fix end of file and trim trailing whitespace
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-04-24 16:31:04 +03:00
10ee865e98
[ #1096 ] tree: Make verifyClient fill ape request with user claim tags
...
Vulncheck / Vulncheck (pull_request) Successful in 2m52s
DCO action / DCO (pull_request) Successful in 2m51s
Build / Build Components (1.21) (pull_request) Successful in 3m44s
Build / Build Components (1.22) (pull_request) Successful in 3m48s
Tests and linters / Staticcheck (pull_request) Successful in 4m34s
Tests and linters / gopls check (pull_request) Successful in 4m48s
Tests and linters / Lint (pull_request) Successful in 5m42s
Tests and linters / Tests with -race (pull_request) Successful in 8m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 9m7s
Tests and linters / Tests (1.22) (pull_request) Successful in 9m15s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-16 15:12:46 +03:00
91e79c98ba
[ #1089 ] ape: Provide request actor as an additional target
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-16 11:03:50 +00:00
6a46c6d229
[ #1090 ] tree: Make workaround for APE checks
...
* Make `verifyClient` method perform APE check if a container
was created with zero-filled basic ACL.
* Object verbs are used in APE, until tree verbs are introduced.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-15 07:45:45 +00:00
