TrueCloudLab/frostfs-node
20
1
Fork 27
Code Issues 92 Pull requests 4 Projects Releases 1 Activity Actions

WIP: object: Ignore APE check for PutSingle with tombstone object #1051

Closed
aarifullin wants to merge 1 commit from aarifullin/frostfs-node:fix/object_ape_ignore_tombstone into master
pull from: aarifullin/frostfs-node:fix/object_ape_ignore_tombstone
merge into: TrueCloudLab:master
Conversation 0 Commits 1 Files changed 1 +5
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/services/object/ape/checker.go
View file

@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
return fmt.Errorf("failed to create ape request: %w", err)
}
if prm.Method == nativeschema.MethodPutObject &&
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
fyrchik commented 2024-03-19 11:52:31 +00:00
Review
Copy link

So anyone can delete any object?

So anyone can delete any object?
aarifullin commented 2024-03-19 15:11:36 +00:00
Review
Copy link

This approach need to be reconsidered...

This approach need to be reconsidered...
return nil
}
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
if err != nil {