* Introduce ContainerOwner field in RequestContext.
* Set ContainerOwner in aclv2 middleware.
* Set PropertyKeyContainerOwnerID for object ape request.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
DCO action / DCO (pull_request) Successful in 1m31sDetails
Vulncheck / Vulncheck (pull_request) Successful in 2m52sDetails
Build / Build Components (1.21) (pull_request) Successful in 3m52sDetails
Build / Build Components (1.20) (pull_request) Successful in 4m16sDetails
Tests and linters / gopls check (pull_request) Successful in 11m54sDetails
Tests and linters / Staticcheck (pull_request) Successful in 12m31sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 12m49sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 13m8sDetails
Tests and linters / Tests with -race (pull_request) Successful in 13m14sDetails
Tests and linters / Lint (pull_request) Successful in 13m31sDetails
* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
DCO action / DCO (pull_request) Successful in 2m40sDetails
Vulncheck / Vulncheck (pull_request) Successful in 3m41sDetails
Build / Build Components (1.20) (pull_request) Successful in 4m27sDetails
Build / Build Components (1.21) (pull_request) Successful in 5m6sDetails
Tests and linters / Staticcheck (pull_request) Successful in 6m16sDetails
Tests and linters / gopls check (pull_request) Successful in 6m23sDetails
Tests and linters / Lint (pull_request) Successful in 6m48sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 9m4sDetails
Tests and linters / Tests with -race (pull_request) Successful in 9m9sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 9m23sDetails
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
* Soft APE check means that APE should allow request even
it gets status NoRuleFound for a request. Otherwise,
it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Wrap all APE middleware errors in apeErr that
makes errors more explicit with status AccessDenied.
* Use denyingRuleErr for denying status from chain router.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>