Compare commits
merge into: TrueCloudLab:master
TrueCloudLab:master
TrueCloudLab:support/v0.42
TrueCloudLab:support/v0.38
TrueCloudLab:support/v0.37
TrueCloudLab:support/v0.36
TrueCloudLab:support/v0.34
TrueCloudLab:support/v0.30
TrueCloudLab:support/v0.27
aarifullin:fix/check_ape_ns
aarifullin:fix/patch_refactor
aarifullin:fix/patch/5
aarifullin:feat/ape/object_tree_refactor
aarifullin:fix/target_put
aarifullin:feat/patch/refactor/1
aarifullin:fix/apemanager/audit
aarifullin:fix/patch/3
aarifullin:feat/patch/1
aarifullin:fix/adm_ape
aarifullin:fix/wsreader_hang
aarifullin:fix/wsconn_invalid
aarifullin:fix/audit_logreq
aarifullin:fix/ape_attr
aarifullin:fix/cli_parse
aarifullin:fix/1229-sessiontok_exp
aarifullin:feat/bt_router
aarifullin:fix/bt_get
aarifullin:feat/groupids_target
aarifullin:feat/cli_eaclconv
aarifullin:feat/treesvc_verbs
aarifullin:feat/cli_bearer
aarifullin:fix/aperule_parser
aarifullin:feat/ec_search
aarifullin:feat/apemanager_refactor
aarifullin:feat/beartoken_ape
aarifullin:feat/ape_sourceip
aarifullin:feat/ape_manager
aarifullin:feat/ec_userobj
aarifullin:feat/improve_ape_parsing
aarifullin:master
aarifullin:feat/ape_fill_group_id
aarifullin:feat/ape_fill_groupid
aarifullin:fix/policy_engine_list_iterator
aarifullin:feat/ape_user_claim_tag
aarifullin:fix/tree_svc_ape
aarifullin:fix/1061_morph-cache-ttl
aarifullin:feat/validate_create_cnr_ec
aarifullin:fix/object_ape_ignore_tombstone
aarifullin:fix/object_ape_cnr_owner
aarifullin:fix/revert_async_notary_deposit
aarifullin:fix/status_ape_errors
aarifullin:fix/check_ape_role
aarifullin:fix/963-control_svc_iface_down
aarifullin:fix/ape_read_withot_wallet
aarifullin:fix/1012-ape_msg
aarifullin:fix/898_removed-true
aarifullin:fix/strict_ape_checks
aarifullin:feat/cli_parse_json
aarifullin:feat/cli_parse_json_any
aarifullin:feat/cli-ape
aarifullin:fix/chainbase_chain_decoding
aarifullin:fix/object_svc_req_ctx
aarifullin:fix/934-invalid_ape_request
aarifullin:fix/rpc-actor-guard
aarifullin:feature/ape_errors
aarifullin:fix/915-ape_get_object_bug
aarifullin:fix/control-svc-root-ns
aarifullin:feature/872-object_svc_ape
aarifullin:feature/851-use_policy_contract
aarifullin:fix/dont_convert_cid_to_native_fmt
aarifullin:feature/851-policy_contract
aarifullin:fix/dont_convert_cid_to_native_format
aarifullin:feature/804_override_storage
aarifullin:feature/chain_control_api
aarifullin:development/frostfs-adm-policy
aarifullin:feature/chain_id_add_rule
aarifullin:feature/rebase_updated_ape
aarifullin:feature/prm_init_prm_dial
aarifullin:fix/bforest_tree_drop
aarifullin:fix/object_head_eacl
aarifullin:feature/ape_rules_impl
aarifullin:feature/prm_balance_get
aarifullin:feature/121-client/object_put_single
aarifullin:fix/subscriber_ch_sizes
aarifullin:fix/unsubcribe-all
aarifullin:fix/OBJECT-4461_unsubcribe
aarifullin:aarifullin/debug/2
aarifullin:aarifullin/example/subscriber
aarifullin:feature/667-cache_unittest_logs
aarifullin:feature/121-client/prm_announce
aarifullin:feature/121-client/delete
aarifullin:feature/561-init_count
aarifullin:feature/121-client/object_read
aarifullin:fix/574-cnt_ever_existed
aarifullin:feature/121-client/set_eacl
aarifullin:fix/574-tree_del_info
aarifullin:feature/121-client/eacl
aarifullin:feature/121-client/container_delete
aarifullin:fix/sdk_types_usage
aarifullin:feature/5177-get_op_log_meta
aarifullin:fix/eacl_errors
aarifullin:feature/121-client/container_put
aarifullin:fix/119-update_modules
aarifullin:feature/refactor_sdk_api_types
aarifullin:feature/390-tree_cli
aarifullin:feature/390-tree_cli-backup
aarifullin:aarifullin/refactor/1
aarifullin:fix/113-list_name_flag
aarifullin:fix/197-correct_delete_status
aarifullin:feature/371-morph_cache_metr
aarifullin:feature/325-policer_off
aarifullin:feature/19-list_mul_cursor
aarifullin:feature/166-batch_tree_apply
aarifullin:fix/118-unit_test
aarifullin:feature/blobstor_concurrent_tests
aarifullin:feature/113-get_cnr_by_name
aarifullin:fix/use_uber_atomic
aarifullin:fix/116-generated_extra_files
aarifullin:feature/116-engine_constructor
aarifullin:feature/166-sync_tree
aarifullin:bug/use_uber_sync
aarifullin:feature/180-factor_out_panics
aarifullin:fix/86-fix_unittests
aarifullin:refactor/86-move_test_utils
aarifullin:fyrchik/simplify-services
aarifullin:carpawell/upd/neo-go-subs
aarifullin:KirillovDenis/poc/impersonate
aarifullin:carpawell/optional-profiles
aarifullin:carpawell/fix/multiple-cache-update-requests-FROST
aarifullin:support/v0.34
aarifullin:neofs-adm-fix-update
aarifullin:support/v0.30
aarifullin:experimental
aarifullin:neofs-adm-notary-disabled
aarifullin:support/v0.27
TrueCloudLab:v0.43.1
TrueCloudLab:v0.43.0
TrueCloudLab:v0.42.15
TrueCloudLab:v0.42.14
TrueCloudLab:v0.42.13
TrueCloudLab:v0.42.12
TrueCloudLab:v0.42.11
TrueCloudLab:v0.42.10
TrueCloudLab:v0.42.9
TrueCloudLab:v0.42.8
TrueCloudLab:v0.42.7
TrueCloudLab:v0.42.6
TrueCloudLab:v0.42.5
TrueCloudLab:v0.42.4
TrueCloudLab:v0.42.3
TrueCloudLab:v0.42.2
TrueCloudLab:v0.42.1
TrueCloudLab:v0.42.0
TrueCloudLab:v0.42.0-rc.9
TrueCloudLab:v0.42.0-rc.8
TrueCloudLab:v0.42.0-rc.7
TrueCloudLab:v0.38.9
TrueCloudLab:v0.42.0-rc.6
TrueCloudLab:v0.42.0-rc.5
TrueCloudLab:v0.42.0-rc.4
TrueCloudLab:v0.42.0-rc.3
TrueCloudLab:v0.42.0-rc.2
TrueCloudLab:v0.42.0-rc.1
TrueCloudLab:v0.38.8
TrueCloudLab:v0.41.0
TrueCloudLab:v0.38.7
TrueCloudLab:v0.40.0
TrueCloudLab:v0.39.0
TrueCloudLab:v0.38.6
TrueCloudLab:v0.38.5
TrueCloudLab:v0.38.4
TrueCloudLab:v0.38.3
TrueCloudLab:v0.38.2
TrueCloudLab:v0.38.1
TrueCloudLab:v0.38.0
TrueCloudLab:v0.38.0-rc.2
TrueCloudLab:v0.38.0-rc.1
TrueCloudLab:v0.37.0
TrueCloudLab:v0.37.0-rc.1
TrueCloudLab:v0.36.0
TrueCloudLab:v0.34.0
TrueCloudLab:v0.22.1
TrueCloudLab:v0.22.0
TrueCloudLab:v0.21.1
TrueCloudLab:v0.21.0
TrueCloudLab:v0.20.0
TrueCloudLab:v0.19.0
TrueCloudLab:v0.18.0
TrueCloudLab:v0.17.0
TrueCloudLab:v0.16.0
TrueCloudLab:v0.15.0
TrueCloudLab:v0.14.3
TrueCloudLab:v0.14.2
TrueCloudLab:v0.14.1
TrueCloudLab:v0.14.0
TrueCloudLab:v0.14.0-rc.1
TrueCloudLab:v0.13.2
TrueCloudLab:v0.13.1
TrueCloudLab:v0.13.0
TrueCloudLab:v0.13.0-rc.1
TrueCloudLab:v0.12.1
TrueCloudLab:v0.12.0
TrueCloudLab:v0.12.0-rc3
TrueCloudLab:v0.12.0-rc2
TrueCloudLab:v0.12.0-rc1
TrueCloudLab:v0.11.0
TrueCloudLab:v0.10.0
aarifullin:v0.22.1
aarifullin:v0.22.0
aarifullin:v0.21.1
aarifullin:v0.21.0
aarifullin:v0.20.0
aarifullin:v0.19.0
aarifullin:v0.18.0
aarifullin:v0.17.0
aarifullin:v0.16.0
aarifullin:v0.15.0
aarifullin:v0.14.3
aarifullin:v0.14.2
aarifullin:v0.14.1
aarifullin:v0.14.0
aarifullin:v0.14.0-rc.1
aarifullin:v0.13.2
aarifullin:v0.13.1
aarifullin:v0.13.0
aarifullin:v0.13.0-rc.1
aarifullin:v0.12.1
aarifullin:v0.12.0
aarifullin:v0.12.0-rc3
aarifullin:v0.12.0-rc2
aarifullin:v0.12.0-rc1
aarifullin:v0.11.0
aarifullin:v0.10.0
...
pull from: aarifullin:fix/object_ape_ignore_tombstone
aarifullin:fix/check_ape_ns
aarifullin:fix/patch_refactor
aarifullin:fix/patch/5
aarifullin:feat/ape/object_tree_refactor
aarifullin:fix/target_put
aarifullin:feat/patch/refactor/1
aarifullin:fix/apemanager/audit
aarifullin:fix/patch/3
aarifullin:feat/patch/1
aarifullin:fix/adm_ape
aarifullin:fix/wsreader_hang
aarifullin:fix/wsconn_invalid
aarifullin:fix/audit_logreq
aarifullin:fix/ape_attr
aarifullin:fix/cli_parse
aarifullin:fix/1229-sessiontok_exp
aarifullin:feat/bt_router
aarifullin:fix/bt_get
aarifullin:feat/groupids_target
aarifullin:feat/cli_eaclconv
aarifullin:feat/treesvc_verbs
aarifullin:feat/cli_bearer
aarifullin:fix/aperule_parser
aarifullin:feat/ec_search
aarifullin:feat/apemanager_refactor
aarifullin:feat/beartoken_ape
aarifullin:feat/ape_sourceip
aarifullin:feat/ape_manager
aarifullin:feat/ec_userobj
aarifullin:feat/improve_ape_parsing
aarifullin:master
aarifullin:feat/ape_fill_group_id
aarifullin:feat/ape_fill_groupid
aarifullin:fix/policy_engine_list_iterator
aarifullin:feat/ape_user_claim_tag
aarifullin:fix/tree_svc_ape
aarifullin:fix/1061_morph-cache-ttl
aarifullin:feat/validate_create_cnr_ec
aarifullin:fix/object_ape_ignore_tombstone
aarifullin:fix/object_ape_cnr_owner
aarifullin:fix/revert_async_notary_deposit
aarifullin:fix/status_ape_errors
aarifullin:fix/check_ape_role
aarifullin:fix/963-control_svc_iface_down
aarifullin:fix/ape_read_withot_wallet
aarifullin:fix/1012-ape_msg
aarifullin:fix/898_removed-true
aarifullin:fix/strict_ape_checks
aarifullin:feat/cli_parse_json
aarifullin:feat/cli_parse_json_any
aarifullin:feat/cli-ape
aarifullin:fix/chainbase_chain_decoding
aarifullin:fix/object_svc_req_ctx
aarifullin:fix/934-invalid_ape_request
aarifullin:fix/rpc-actor-guard
aarifullin:feature/ape_errors
aarifullin:fix/915-ape_get_object_bug
aarifullin:fix/control-svc-root-ns
aarifullin:feature/872-object_svc_ape
aarifullin:feature/851-use_policy_contract
aarifullin:fix/dont_convert_cid_to_native_fmt
aarifullin:feature/851-policy_contract
aarifullin:fix/dont_convert_cid_to_native_format
aarifullin:feature/804_override_storage
aarifullin:feature/chain_control_api
aarifullin:development/frostfs-adm-policy
aarifullin:feature/chain_id_add_rule
aarifullin:feature/rebase_updated_ape
aarifullin:feature/prm_init_prm_dial
aarifullin:fix/bforest_tree_drop
aarifullin:fix/object_head_eacl
aarifullin:feature/ape_rules_impl
aarifullin:feature/prm_balance_get
aarifullin:feature/121-client/object_put_single
aarifullin:fix/subscriber_ch_sizes
aarifullin:fix/unsubcribe-all
aarifullin:fix/OBJECT-4461_unsubcribe
aarifullin:aarifullin/debug/2
aarifullin:aarifullin/example/subscriber
aarifullin:feature/667-cache_unittest_logs
aarifullin:feature/121-client/prm_announce
aarifullin:feature/121-client/delete
aarifullin:feature/561-init_count
aarifullin:feature/121-client/object_read
aarifullin:fix/574-cnt_ever_existed
aarifullin:feature/121-client/set_eacl
aarifullin:fix/574-tree_del_info
aarifullin:feature/121-client/eacl
aarifullin:feature/121-client/container_delete
aarifullin:fix/sdk_types_usage
aarifullin:feature/5177-get_op_log_meta
aarifullin:fix/eacl_errors
aarifullin:feature/121-client/container_put
aarifullin:fix/119-update_modules
aarifullin:feature/refactor_sdk_api_types
aarifullin:feature/390-tree_cli
aarifullin:feature/390-tree_cli-backup
aarifullin:aarifullin/refactor/1
aarifullin:fix/113-list_name_flag
aarifullin:fix/197-correct_delete_status
aarifullin:feature/371-morph_cache_metr
aarifullin:feature/325-policer_off
aarifullin:feature/19-list_mul_cursor
aarifullin:feature/166-batch_tree_apply
aarifullin:fix/118-unit_test
aarifullin:feature/blobstor_concurrent_tests
aarifullin:feature/113-get_cnr_by_name
aarifullin:fix/use_uber_atomic
aarifullin:fix/116-generated_extra_files
aarifullin:feature/116-engine_constructor
aarifullin:feature/166-sync_tree
aarifullin:bug/use_uber_sync
aarifullin:feature/180-factor_out_panics
aarifullin:fix/86-fix_unittests
aarifullin:refactor/86-move_test_utils
aarifullin:fyrchik/simplify-services
aarifullin:carpawell/upd/neo-go-subs
aarifullin:KirillovDenis/poc/impersonate
aarifullin:carpawell/optional-profiles
aarifullin:carpawell/fix/multiple-cache-update-requests-FROST
aarifullin:support/v0.34
aarifullin:neofs-adm-fix-update
aarifullin:support/v0.30
aarifullin:experimental
aarifullin:neofs-adm-notary-disabled
aarifullin:support/v0.27
TrueCloudLab:master
TrueCloudLab:support/v0.42
TrueCloudLab:support/v0.38
TrueCloudLab:support/v0.37
TrueCloudLab:support/v0.36
TrueCloudLab:support/v0.34
TrueCloudLab:support/v0.30
TrueCloudLab:support/v0.27
aarifullin:v0.22.1
aarifullin:v0.22.0
aarifullin:v0.21.1
aarifullin:v0.21.0
aarifullin:v0.20.0
aarifullin:v0.19.0
aarifullin:v0.18.0
aarifullin:v0.17.0
aarifullin:v0.16.0
aarifullin:v0.15.0
aarifullin:v0.14.3
aarifullin:v0.14.2
aarifullin:v0.14.1
aarifullin:v0.14.0
aarifullin:v0.14.0-rc.1
aarifullin:v0.13.2
aarifullin:v0.13.1
aarifullin:v0.13.0
aarifullin:v0.13.0-rc.1
aarifullin:v0.12.1
aarifullin:v0.12.0
aarifullin:v0.12.0-rc3
aarifullin:v0.12.0-rc2
aarifullin:v0.12.0-rc1
aarifullin:v0.11.0
aarifullin:v0.10.0
TrueCloudLab:v0.43.1
TrueCloudLab:v0.43.0
TrueCloudLab:v0.42.15
TrueCloudLab:v0.42.14
TrueCloudLab:v0.42.13
TrueCloudLab:v0.42.12
TrueCloudLab:v0.42.11
TrueCloudLab:v0.42.10
TrueCloudLab:v0.42.9
TrueCloudLab:v0.42.8
TrueCloudLab:v0.42.7
TrueCloudLab:v0.42.6
TrueCloudLab:v0.42.5
TrueCloudLab:v0.42.4
TrueCloudLab:v0.42.3
TrueCloudLab:v0.42.2
TrueCloudLab:v0.42.1
TrueCloudLab:v0.42.0
TrueCloudLab:v0.42.0-rc.9
TrueCloudLab:v0.42.0-rc.8
TrueCloudLab:v0.42.0-rc.7
TrueCloudLab:v0.38.9
TrueCloudLab:v0.42.0-rc.6
TrueCloudLab:v0.42.0-rc.5
TrueCloudLab:v0.42.0-rc.4
TrueCloudLab:v0.42.0-rc.3
TrueCloudLab:v0.42.0-rc.2
TrueCloudLab:v0.42.0-rc.1
TrueCloudLab:v0.38.8
TrueCloudLab:v0.41.0
TrueCloudLab:v0.38.7
TrueCloudLab:v0.40.0
TrueCloudLab:v0.39.0
TrueCloudLab:v0.38.6
TrueCloudLab:v0.38.5
TrueCloudLab:v0.38.4
TrueCloudLab:v0.38.3
TrueCloudLab:v0.38.2
TrueCloudLab:v0.38.1
TrueCloudLab:v0.38.0
TrueCloudLab:v0.38.0-rc.2
TrueCloudLab:v0.38.0-rc.1
TrueCloudLab:v0.37.0
TrueCloudLab:v0.37.0-rc.1
TrueCloudLab:v0.36.0
TrueCloudLab:v0.34.0
TrueCloudLab:v0.22.1
TrueCloudLab:v0.22.0
TrueCloudLab:v0.21.1
TrueCloudLab:v0.21.0
TrueCloudLab:v0.20.0
TrueCloudLab:v0.19.0
TrueCloudLab:v0.18.0
TrueCloudLab:v0.17.0
TrueCloudLab:v0.16.0
TrueCloudLab:v0.15.0
TrueCloudLab:v0.14.3
TrueCloudLab:v0.14.2
TrueCloudLab:v0.14.1
TrueCloudLab:v0.14.0
TrueCloudLab:v0.14.0-rc.1
TrueCloudLab:v0.13.2
TrueCloudLab:v0.13.1
TrueCloudLab:v0.13.0
TrueCloudLab:v0.13.0-rc.1
TrueCloudLab:v0.12.1
TrueCloudLab:v0.12.0
TrueCloudLab:v0.12.0-rc3
TrueCloudLab:v0.12.0-rc2
TrueCloudLab:v0.12.0-rc1
TrueCloudLab:v0.11.0
TrueCloudLab:v0.10.0
1 commit
master
...
fix/object
Author | SHA1 | Message | Date | |
---|---|---|---|---|
740cfe4ac1 |
[#1051] object: Ignore APE check for PutSingle with tombstone object
* When a client requests DeleteObject, delete service may send PutSingle with tombstone object type to several nodes. If APE allows deletes, but denies puts, then PutSingle cannot be performed although it is being performed in the delete context. So, check for putting tombstone is ignored. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com> |
1 changed files with 5 additions and 0 deletions
|
@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
|
|||
return fmt.Errorf("failed to create ape request: %w", err)
|
||||
}
|
||||
|
||||
if prm.Method == nativeschema.MethodPutObject &&
|
||||
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
|
||||
return nil
|
||||
}
|
||||
|
||||
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
|
||||
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
|
||||
if err != nil {
|
||||
|
|
Write
Preview
Loading…
Reference in a new issue