a5f76a609d
[ #1689 ] ape: Fix bearer token validation
...
Vulncheck / Vulncheck (push) Successful in 1m12s
Pre-commit hooks / Pre-commit (push) Successful in 1m32s
Build / Build Components (push) Successful in 1m47s
Tests and linters / Lint (push) Successful in 3m25s
Tests and linters / Run gofumpt (push) Successful in 3m18s
Tests and linters / Tests (push) Successful in 3m26s
Tests and linters / Staticcheck (push) Successful in 3m28s
Tests and linters / Tests with -race (push) Successful in 3m50s
Tests and linters / gopls check (push) Successful in 3m54s
OCI image / Build container images (push) Successful in 4m6s
* Request's sender is set to the token's issuer's public key if
it's impersonated. Thus, token's user assertion must be fixed;
* Add unit-test: check impersonated token but set user with `ForUser`.
Change-Id: I5e299947761e237b1b4b339cf2d1278ef518239d
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2025-05-05 17:46:28 +03:00
64b46746e4
[ #1689 ] ape: Fix validation for overrides in bearer
...
Tests and linters / Run gofumpt (push) Successful in 32s
Vulncheck / Vulncheck (push) Successful in 1m33s
Build / Build Components (push) Successful in 2m21s
Pre-commit hooks / Pre-commit (push) Successful in 2m29s
Tests and linters / Staticcheck (push) Successful in 2m48s
Tests and linters / Tests (push) Successful in 3m18s
Tests and linters / Lint (push) Successful in 3m49s
Tests and linters / Tests with -race (push) Successful in 4m37s
Tests and linters / gopls check (push) Successful in 5m7s
OCI image / Build container images (push) Successful in 4m28s
* APE-overrides are optional for bearer. So, it should validate only set override;
* Bearer can set overrides for containers, not only the one container - validation
expects for any target type for set override. Basically, APE-overrides for all
container must be set for namespace target;
* Add unit-test cases to check bearer token validation.
Change-Id: I6b8e19eb73d24f8cd8799bf99b6c551287da67d9
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2025-04-29 16:34:17 +03:00
8e2f919df0
[ #1689 ] go.mod: Bump SDK version
...
* Fix `APEOverride` method usage in ape checker.
* Fix linter errors: factor out deprecated methods and packages.
Change-Id: I8c939f4c58c2a4e3c4e795c7224d935d40ce6f24
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2025-04-29 16:00:23 +03:00
b0f39dca16
[ #1721 ] object: Make CheckAPE always validate bearer token
...
Vulncheck / Vulncheck (push) Successful in 1m13s
Pre-commit hooks / Pre-commit (push) Successful in 1m42s
Build / Build Components (push) Successful in 1m53s
Tests and linters / gopls check (push) Successful in 3m39s
Tests and linters / Run gofumpt (push) Successful in 3m49s
Tests and linters / Tests (push) Successful in 3m54s
Tests and linters / Staticcheck (push) Successful in 4m8s
Tests and linters / Lint (push) Successful in 4m16s
OCI image / Build container images (push) Successful in 5m0s
Tests and linters / Tests with -race (push) Successful in 5m18s
* The bearer token must always be validated, regardless of whether it has been impersonated;
* Fix unit-tests for tree service which check verification with bearer token.
Close #1721
Change-Id: I5f715c498ae10b2e758244e60b8f21849328a04f
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2025-04-22 19:36:42 +03:00
9b113c3156
[ #1613 ] morph: Add tracing for morph queries to neo-go
...
DCO action / DCO (pull_request) Successful in 59s
Vulncheck / Vulncheck (pull_request) Successful in 1m4s
Pre-commit hooks / Pre-commit (pull_request) Successful in 1m55s
Build / Build Components (pull_request) Successful in 2m4s
Tests and linters / Staticcheck (pull_request) Successful in 2m38s
Tests and linters / Lint (pull_request) Successful in 3m16s
Tests and linters / Run gofumpt (pull_request) Successful in 3m54s
Tests and linters / Tests (pull_request) Successful in 4m12s
Tests and linters / gopls check (pull_request) Successful in 4m31s
Tests and linters / Tests with -race (pull_request) Successful in 4m38s
OCI image / Build container images (push) Failing after 18s
Vulncheck / Vulncheck (push) Successful in 1m2s
Pre-commit hooks / Pre-commit (push) Successful in 1m39s
Build / Build Components (push) Successful in 1m45s
Tests and linters / Staticcheck (push) Successful in 2m18s
Tests and linters / Run gofumpt (push) Successful in 2m46s
Tests and linters / Lint (push) Successful in 3m5s
Tests and linters / Tests with -race (push) Successful in 3m23s
Tests and linters / Tests (push) Successful in 3m52s
Tests and linters / gopls check (push) Successful in 4m18s
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2025-02-05 16:38:20 +03:00
7ac3542714
[ #1563 ] ape: Introduce ChainRouterError error type
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-12-16 15:12:30 +03:00
bba1892fa1
[ #1524 ] ape: Make APE checker return error without status
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-11-29 10:48:16 +00:00
b1a31281e4
[ #1480 ] ape: Remove SoftAPECheck flag
...
Previous release was EACL-compatible.
Starting from now all EACL should've been migrated to APE chains.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-11-08 12:01:14 +00:00
99be4c83a7
[ #1368 ] *: Run gofumpt
...
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
2024-09-12 10:00:28 +03:00
a812932984
[ #1362 ] ape: Move common APE check logic to separate package
...
* Tree and object service have the same log for checking APE. So,
this check should be moved to common package.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-09-10 12:40:34 +00:00
