Commit graph

15 commits

Author SHA1 Message Date
b1a31281e4 [#1480] ape: Remove SoftAPECheck flag
Previous release was EACL-compatible.
Starting from now all EACL should've been migrated to APE chains.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-11-08 12:01:14 +00:00
9c5ddc4dfe [#1407] tree: Set ContainerOwner in parameter for CheckAPE
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-10-02 07:21:02 +00:00
a812932984 [#1362] ape: Move common APE check logic to separate package
* Tree and object service have the same log for checking APE. So,
  this check should be moved to common package.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-09-10 12:40:34 +00:00
b7acb34fa4 [#1319] treeSvc: Do not wrap error from APE
All checks were successful
Tests and linters / Run gofumpt (pull_request) Successful in 2m43s
DCO action / DCO (pull_request) Successful in 2m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 4m24s
Vulncheck / Vulncheck (pull_request) Successful in 4m12s
Tests and linters / Tests (1.22) (pull_request) Successful in 4m23s
Tests and linters / Staticcheck (pull_request) Successful in 4m18s
Pre-commit hooks / Pre-commit (pull_request) Successful in 4m32s
Tests and linters / Tests with -race (pull_request) Successful in 4m22s
Build / Build Components (1.21) (pull_request) Successful in 4m52s
Build / Build Components (1.22) (pull_request) Successful in 4m50s
Tests and linters / Lint (pull_request) Successful in 4m55s
Tests and linters / gopls check (pull_request) Successful in 4m59s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-08-19 18:38:27 +03:00
0c2b6f3dac [#1216] ape: Make services use bearer chains fed router
* Refactor object and tree service - they should instantiate
  chain router cheking the bearer token. If there are no bearer
  token rules, then defaul chain router is used.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-05 18:26:48 +00:00
4bd4667791 [#1218] tree: Fix bearer token validation
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-03 07:22:11 +00:00
11a38a0a84 [#1190] tree: GroupIDs must also be target of APE checks
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-25 08:49:20 +00:00
239323eeef [#1157] tree: Make tree service use Bearer token's APE overrides
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-07 12:11:11 +00:00
3627b44e92 [#1142] tree: Fill APE-request with source IP property
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-27 10:17:17 +00:00
b60a51b862 [#1117] ape: Introduce FormFrostfsIDRequestProperties method
* `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them
  as ape request properties.
* Make tree, container and object service use the method.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
6c76c9b457 [#1117] core: Introduce SubjectProvider interface for FrostfsID
* Make tree, object and container services use SubjectProvider interface.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
700e891b85 [#1103] Fix end of file and trim trailing whitespace
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-04-24 16:31:04 +03:00
10ee865e98 [#1096] tree: Make verifyClient fill ape request with user claim tags
All checks were successful
Vulncheck / Vulncheck (pull_request) Successful in 2m52s
DCO action / DCO (pull_request) Successful in 2m51s
Build / Build Components (1.21) (pull_request) Successful in 3m44s
Build / Build Components (1.22) (pull_request) Successful in 3m48s
Tests and linters / Staticcheck (pull_request) Successful in 4m34s
Tests and linters / gopls check (pull_request) Successful in 4m48s
Tests and linters / Lint (pull_request) Successful in 5m42s
Tests and linters / Tests with -race (pull_request) Successful in 8m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 9m7s
Tests and linters / Tests (1.22) (pull_request) Successful in 9m15s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-16 15:12:46 +03:00
91e79c98ba [#1089] ape: Provide request actor as an additional target
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-16 11:03:50 +00:00
6a46c6d229 [#1090] tree: Make workaround for APE checks
* Make `verifyClient` method perform APE check if a container
  was created with zero-filled basic ACL.
* Object verbs are used in APE, until tree verbs are introduced.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-15 07:45:45 +00:00