b7e15402a1
[ #360 ] Use 'c' prefix for bucket policies instead of 'n'
...
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.
There is still issue with many IAM rules.
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:40:25 +03:00
bcfbcdc82f
[ #345 ] acl: Update APE and fix using
...
/ Lint (pull_request) Successful in 2m53s
/ Tests (1.20) (pull_request) Successful in 2m43s
/ Tests (1.21) (pull_request) Successful in 2m44s
/ DCO (pull_request) Successful in 2m40s
/ Vulncheck (pull_request) Failing after 3m10s
/ Builds (1.20) (pull_request) Successful in 3m18s
/ Builds (1.21) (pull_request) Successful in 3m33s
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 12:42:43 +00:00
7de1ffdbe9
[ #306 ] Fix billing tests
...
/ DCO (pull_request) Successful in 1m43s
/ Vulncheck (pull_request) Successful in 1m42s
/ Builds (1.20) (pull_request) Successful in 2m34s
/ Builds (1.21) (pull_request) Successful in 1m56s
/ Lint (pull_request) Successful in 3m50s
/ Tests (1.20) (pull_request) Successful in 2m20s
/ Tests (1.21) (pull_request) Successful in 2m9s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 18:00:27 +03:00
3285a2e105
[ #306 ] policy: Change default access strategy
...
Use access strategy based on bucket type and/or config flags.
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:53:13 +03:00
2981a47e99
[ #321 ] Use correct owner id in billing metrics
...
/ DCO (pull_request) Successful in 1m20s
/ Vulncheck (pull_request) Successful in 1m54s
/ Builds (1.20) (pull_request) Successful in 2m22s
/ Builds (1.21) (pull_request) Successful in 2m8s
/ Lint (pull_request) Successful in 4m32s
/ Tests (1.20) (pull_request) Successful in 2m27s
/ Tests (1.21) (pull_request) Successful in 2m13s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-02-28 14:52:44 +03:00
84af85ed67
[ #302 ] Update APE to support chain id as bytes
...
/ DCO (pull_request) Successful in 1m52s
/ Vulncheck (pull_request) Successful in 2m0s
/ Builds (1.20) (pull_request) Successful in 2m49s
/ Builds (1.21) (pull_request) Successful in 1m59s
/ Lint (pull_request) Successful in 2m44s
/ Tests (1.20) (pull_request) Successful in 2m30s
/ Tests (1.21) (pull_request) Successful in 2m24s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-02 12:53:45 +03:00
a17ff66975
[ #282 ] policy: Use prefixes to distinguish s3/iam actions/resources
...
/ DCO (pull_request) Successful in 1m37s
/ Vulncheck (pull_request) Successful in 1m50s
/ Builds (1.20) (pull_request) Successful in 2m24s
/ Builds (1.21) (pull_request) Successful in 2m2s
/ Lint (pull_request) Successful in 4m26s
/ Tests (1.20) (pull_request) Successful in 2m28s
/ Tests (1.21) (pull_request) Successful in 1m58s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 10:41:15 +03:00
8273af8bf8
[ #261 ] Make PutBucketPolicy handler use policy contract
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:54 +03:00
6dbb07f0fa
[ #261 ] Update policy-engine dependency
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-14 17:52:13 +03:00
9272f4e108
[ #259 ] Support contract based policies
...
/ DCO (pull_request) Successful in 1m21s
/ Vulncheck (pull_request) Successful in 1m41s
/ Builds (1.20) (pull_request) Successful in 2m19s
/ Builds (1.21) (pull_request) Successful in 2m1s
/ Lint (pull_request) Successful in 3m20s
/ Tests (1.20) (pull_request) Successful in 2m14s
/ Tests (1.21) (pull_request) Successful in 2m10s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-11 10:01:46 +03:00
43abf58068
[ #257 ] Support flag to deny access if policy rules not found
...
/ DCO (pull_request) Successful in 1m13s
/ Vulncheck (pull_request) Successful in 2m2s
/ Builds (1.20) (pull_request) Successful in 2m22s
/ Builds (1.21) (pull_request) Successful in 2m16s
/ Lint (pull_request) Successful in 3m26s
/ Tests (1.20) (pull_request) Successful in 2m21s
/ Tests (1.21) (pull_request) Successful in 1m37s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-06 17:47:58 +03:00
473239bf36
[ #257 ] Add policy checker
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-06 17:47:51 +03:00
055cc6a22a
[ #260 ] Use namespace as domain when resolve bucket
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-23 11:00:11 +03:00
6304d7bfda
[ #260 ] Support frostfsid validation
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-23 11:00:11 +03:00
0bed25816c
[ #224 ] Add conditional escaping for object name
...
Chi gives inconsistent results in terms of whether
the strings returned are URL coded or not
See:
* https://github.com/go-chi/chi/issues/641
* https://github.com/go-chi/chi/issues/642
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-10-31 13:58:51 +00:00
fcf1c45ad2
[ #188 ] Fix url escaping
...
/ Vulncheck (pull_request) Successful in 2m41s
/ Builds (1.19) (pull_request) Successful in 3m51s
/ Builds (1.20) (pull_request) Successful in 3m22s
/ DCO (pull_request) Successful in 5m9s
/ Lint (pull_request) Successful in 5m22s
/ Tests (1.19) (pull_request) Successful in 5m39s
/ Tests (1.20) (pull_request) Successful in 5m18s
Url escaping has already been done in `net/http/request.go`
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-08-22 11:27:39 +03:00
361d10cc78
[ #174 ] Fix query for listing multipart uploads
...
/ Builds (1.19) (pull_request) Successful in 3m2s
/ Builds (1.20) (pull_request) Successful in 2m50s
/ DCO (pull_request) Successful in 3m59s
/ Vulncheck (pull_request) Successful in 2m39s
/ Lint (pull_request) Successful in 3m56s
/ Tests (1.19) (pull_request) Successful in 3m5s
/ Tests (1.20) (pull_request) Successful in 3m12s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-07-20 12:30:17 +03:00
80c4982bd4
[ #174 ] Add router tests
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-07-20 12:30:17 +03:00
