DCO action / DCO (pull_request) Successful in 1m31sDetails
Vulncheck / Vulncheck (pull_request) Successful in 2m52sDetails
Build / Build Components (1.21) (pull_request) Successful in 3m52sDetails
Build / Build Components (1.20) (pull_request) Successful in 4m16sDetails
Tests and linters / gopls check (pull_request) Successful in 11m54sDetails
Tests and linters / Staticcheck (pull_request) Successful in 12m31sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 12m49sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 13m8sDetails
Tests and linters / Tests with -race (pull_request) Successful in 13m14sDetails
Tests and linters / Lint (pull_request) Successful in 13m31sDetails
* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
DCO action / DCO (pull_request) Successful in 2m40sDetails
Vulncheck / Vulncheck (pull_request) Successful in 3m41sDetails
Build / Build Components (1.20) (pull_request) Successful in 4m27sDetails
Build / Build Components (1.21) (pull_request) Successful in 5m6sDetails
Tests and linters / Staticcheck (pull_request) Successful in 6m16sDetails
Tests and linters / gopls check (pull_request) Successful in 6m23sDetails
Tests and linters / Lint (pull_request) Successful in 6m48sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 9m4sDetails
Tests and linters / Tests with -race (pull_request) Successful in 9m9sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 9m23sDetails
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
DCO action / DCO (pull_request) Successful in 5m1sDetails
Vulncheck / Vulncheck (pull_request) Successful in 6m45sDetails
Tests and linters / Staticcheck (pull_request) Successful in 7m51sDetails
Build / Build Components (1.21) (pull_request) Successful in 7m29sDetails
Build / Build Components (1.20) (pull_request) Successful in 8m21sDetails
Tests and linters / gopls check (pull_request) Successful in 8m38sDetails
Tests and linters / Lint (pull_request) Successful in 14m27sDetails
Tests and linters / Tests with -race (pull_request) Successful in 17m35sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 3m11sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 2m38sDetails
Found by vulncheck:
Vulnerability #1: GO-2024-2611
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
More info: https://pkg.go.dev/vuln/GO-2024-2611
Module: google.golang.org/protobuf
Found in: google.golang.org/protobuf@v1.32.0
Fixed in: google.golang.org/protobuf@v1.33.0
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
* Inroduce workaround to create actor for contract storage interface
without passing a real alphabet wallet. This is made by creating
a dummy account.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Remove removed flag in service.proto for RemoveChainLocalOverrideResponse.
* Regenerate control API.
* Return error only if RemoveOverride returns non-NotFound code.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* If APE check returns NoRuleFound, then it is taken for request deny.
* Add more unit-test for ape container middleware.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Soft APE check means that APE should allow request even
it gets status NoRuleFound for a request. Otherwise,
it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
DCO action / DCO (pull_request) Successful in 4m56sDetails
Build / Build Components (1.21) (pull_request) Successful in 7m52sDetails
Build / Build Components (1.20) (pull_request) Successful in 8m11sDetails
Vulncheck / Vulncheck (pull_request) Successful in 8m9sDetails
Tests and linters / Staticcheck (pull_request) Successful in 9m58sDetails
Tests and linters / Lint (pull_request) Successful in 10m42sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 12m14sDetails
Tests and linters / Tests with -race (pull_request) Successful in 12m17sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 12m34sDetails
There may be a race condition between put an object and
flushing the writecache:
1. Put object to the writecache
2. Writecache flushes object to the blobstore and sets blobstore's
storageID
3. Put object to the metabase, set writecache's storageID
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Nothing is broken now, but will easily become if we change nnsMaxTokens,
thus this change.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Initial prefetch size can be arbitrary an restricted only by VM/RPC
limits. For TraverseIterator() there is an explicit check on the
server-side, though.
Introduced in df055fead5.
Refs #931.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
DCO action / DCO (pull_request) Successful in 2m28sDetails
Vulncheck / Vulncheck (pull_request) Successful in 2m52sDetails
Build / Build Components (1.21) (pull_request) Successful in 4m5sDetails
Build / Build Components (1.20) (pull_request) Successful in 4m12sDetails
Tests and linters / Lint (pull_request) Successful in 6m10sDetails
Tests and linters / Staticcheck (pull_request) Successful in 5m59sDetails
Tests and linters / Tests (1.20) (pull_request) Successful in 8m24sDetails
Tests and linters / Tests with -race (pull_request) Successful in 8m38sDetails
Tests and linters / Tests (1.21) (pull_request) Successful in 8m58sDetails
Proxy contract can now be used as an owner of NNS domains, thus we need
it not only to pay for the transaction but also to check domain
ownership. CalledByEntry is not enough, because we may register NNS
domains owned by proxy indirectly from the container contract.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Most of the time it exits, e.g. when it is per-container and use on each
object PUT. Bbolt implementation first tries to create bucket and then
returns it if it exists. Create operation uses cursor and thus is not
very lightweight, we can avoid it.
```
goos: linux
goarch: amd64
pkg: git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/metabase
cpu: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
│ old │ new │
│ sec/op │ sec/op vs base │
Put/parallel-8 174.4µ ± 3% 163.3µ ± 3% -6.39% (p=0.000 n=10)
Put/sequential-8 263.3µ ± 2% 259.0µ ± 1% -1.64% (p=0.000 n=10)
geomean 214.3µ 205.6µ -4.05%
│ old │ new │
│ B/op │ B/op vs base │
Put/parallel-8 275.3Ki ± 3% 281.1Ki ± 4% ~ (p=0.063 n=10)
Put/sequential-8 413.0Ki ± 2% 426.6Ki ± 2% +3.29% (p=0.003 n=10)
geomean 337.2Ki 346.3Ki +2.70%
│ old │ new │
│ allocs/op │ allocs/op vs base │
Put/parallel-8 678.0 ± 1% 524.5 ± 2% -22.64% (p=0.000 n=10)
Put/sequential-8 1.329k ± 0% 1.183k ± 0% -10.91% (p=0.000 n=10)
geomean 949.1 787.9 -16.98%
```
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Introduce path flag to make add-rule command read and parse
chain from file. File is binary/JSON-encoded chain.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>