b1a31281e4
[ #1480 ] ape: Remove SoftAPECheck flag
...
Previous release was EACL-compatible.
Starting from now all EACL should've been migrated to APE chains.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-11-08 12:01:14 +00:00
9c5ddc4dfe
[ #1407 ] tree: Set ContainerOwner
in parameter for CheckAPE
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-10-02 07:21:02 +00:00
a812932984
[ #1362 ] ape: Move common APE check logic to separate package
...
* Tree and object service have the same log for checking APE. So,
this check should be moved to common package.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-09-10 12:40:34 +00:00
b7acb34fa4
[ #1319 ] treeSvc: Do not wrap error from APE
...
Tests and linters / Run gofumpt (pull_request) Successful in 2m43s
DCO action / DCO (pull_request) Successful in 2m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 4m24s
Vulncheck / Vulncheck (pull_request) Successful in 4m12s
Tests and linters / Tests (1.22) (pull_request) Successful in 4m23s
Tests and linters / Staticcheck (pull_request) Successful in 4m18s
Pre-commit hooks / Pre-commit (pull_request) Successful in 4m32s
Tests and linters / Tests with -race (pull_request) Successful in 4m22s
Build / Build Components (1.21) (pull_request) Successful in 4m52s
Build / Build Components (1.22) (pull_request) Successful in 4m50s
Tests and linters / Lint (pull_request) Successful in 4m55s
Tests and linters / gopls check (pull_request) Successful in 4m59s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-08-19 18:38:27 +03:00
0c2b6f3dac
[ #1216 ] ape: Make services use bearer chains fed router
...
* Refactor object and tree service - they should instantiate
chain router cheking the bearer token. If there are no bearer
token rules, then defaul chain router is used.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-05 18:26:48 +00:00
4bd4667791
[ #1218 ] tree: Fix bearer token validation
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-07-03 07:22:11 +00:00
11a38a0a84
[ #1190 ] tree: GroupIDs must also be target of APE checks
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-25 08:49:20 +00:00
239323eeef
[ #1157 ] tree: Make tree service use Bearer token's APE overrides
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-07 12:11:11 +00:00
3627b44e92
[ #1142 ] tree: Fill APE-request with source IP property
...
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-27 10:17:17 +00:00
b60a51b862
[ #1117 ] ape: Introduce FormFrostfsIDRequestProperties
method
...
* `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them
as ape request properties.
* Make tree, container and object service use the method.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
6c76c9b457
[ #1117 ] core: Introduce SubjectProvider interface for FrostfsID
...
* Make tree, object and container services use SubjectProvider interface.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-05-07 10:01:21 +00:00
700e891b85
[ #1103 ] Fix end of file and trim trailing whitespace
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-04-24 16:31:04 +03:00
10ee865e98
[ #1096 ] tree: Make verifyClient
fill ape request with user claim tags
...
Vulncheck / Vulncheck (pull_request) Successful in 2m52s
DCO action / DCO (pull_request) Successful in 2m51s
Build / Build Components (1.21) (pull_request) Successful in 3m44s
Build / Build Components (1.22) (pull_request) Successful in 3m48s
Tests and linters / Staticcheck (pull_request) Successful in 4m34s
Tests and linters / gopls check (pull_request) Successful in 4m48s
Tests and linters / Lint (pull_request) Successful in 5m42s
Tests and linters / Tests with -race (pull_request) Successful in 8m56s
Tests and linters / Tests (1.21) (pull_request) Successful in 9m7s
Tests and linters / Tests (1.22) (pull_request) Successful in 9m15s
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-16 15:12:46 +03:00
91e79c98ba
[ #1089 ] ape: Provide request actor as an additional target
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-16 11:03:50 +00:00
6a46c6d229
[ #1090 ] tree: Make workaround for APE checks
...
* Make `verifyClient` method perform APE check if a container
was created with zero-filled basic ACL.
* Object verbs are used in APE, until tree verbs are introduced.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-04-15 07:45:45 +00:00