Commit graph

739 commits

Author SHA1 Message Date
689f7ee818 [#437] tree: Support removing old split system nodes
All checks were successful
/ DCO (pull_request) Successful in 1m47s
/ Builds (1.21) (pull_request) Successful in 2m20s
/ Builds (1.22) (pull_request) Successful in 2m22s
/ Vulncheck (pull_request) Successful in 2m6s
/ Lint (pull_request) Successful in 4m43s
/ Tests (1.21) (pull_request) Successful in 2m30s
/ Tests (1.22) (pull_request) Successful in 2m25s
It's need to fit user expectation on deleting CORs for example.
Previously after removing cors (that was uploaded in split manner)
we can still get some data (from other node)
because deletion worked only for latest node version.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-22 10:42:11 +03:00
977a20760b [#430] Delete all split version at once
All checks were successful
/ DCO (pull_request) Successful in 8m40s
/ Vulncheck (pull_request) Successful in 13m10s
/ Builds (1.21) (pull_request) Successful in 14m11s
/ Builds (1.22) (pull_request) Successful in 14m18s
/ Lint (pull_request) Successful in 16m31s
/ Tests (1.21) (pull_request) Successful in 10m48s
/ Tests (1.22) (pull_request) Successful in 14m31s
Previously after split we can get two `null` versioned object with the same key
and deleting such key removes only one node/object.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-19 11:26:51 +03:00
c0011ebb8d [#430] tree: Fix multipart having system name
Previously if multipart key has the same name as some system node
(e.g. bucket-settings, bucket-cors etc.) it shadows real system node
and bucket started to be unversioned again for example.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-19 11:24:50 +03:00
456319d2f1 [#430] Fix split tree
Update tree service to fix split tree problem.
Tree intermediate nodes can be duplicated, so we must handle this.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-19 11:24:46 +03:00
f86b82351a [#398] Fix parameter parsing in bucket retryer
Some checks failed
/ Builds (1.20) (pull_request) Successful in 2m7s
/ Builds (1.21) (pull_request) Successful in 1m38s
/ DCO (pull_request) Successful in 2m3s
/ Vulncheck (pull_request) Failing after 2m23s
/ Lint (pull_request) Successful in 4m21s
/ Tests (1.20) (pull_request) Successful in 2m46s
/ Tests (1.21) (pull_request) Successful in 2m42s
RetryStrategyExponential should use jitter backoff
instead of constant delay function

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-07-03 13:42:24 +03:00
465eaa816a [#372] Drop [e]ACL related code
All checks were successful
/ DCO (pull_request) Successful in 2m15s
/ Vulncheck (pull_request) Successful in 2m55s
/ Builds (1.20) (pull_request) Successful in 3m46s
/ Builds (1.21) (pull_request) Successful in 3m48s
/ Lint (pull_request) Successful in 5m26s
/ Tests (1.20) (pull_request) Successful in 3m34s
/ Tests (1.21) (pull_request) Successful in 3m18s
Always consider buckets as APE compatible

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-01 16:58:44 +03:00
77f8bdac58 [#372] Drop kludge.acl_enabled flag
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-01 16:26:19 +03:00
91541a432d [#411] Check uniqueness in DeleteMultipleObjects
All checks were successful
/ Builds (1.20) (pull_request) Successful in 4m57s
/ Builds (1.21) (pull_request) Successful in 4m42s
/ DCO (pull_request) Successful in 4m52s
/ Vulncheck (pull_request) Successful in 4m38s
/ Lint (pull_request) Successful in 6m46s
/ Tests (1.20) (pull_request) Successful in 4m28s
/ Tests (1.21) (pull_request) Successful in 4m7s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-26 16:39:06 +03:00
943b30d9f4 [#411] Don't check object tags on deletion
By specification https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
we shouldn't check object tags on PUT and DELETE

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-26 16:38:56 +03:00
414f3943e2 [#410] Drop layer.Client interface
All checks were successful
/ DCO (pull_request) Successful in 2m1s
/ Vulncheck (pull_request) Successful in 2m31s
/ Builds (1.20) (pull_request) Successful in 2m39s
/ Builds (1.21) (pull_request) Successful in 2m31s
/ Lint (pull_request) Successful in 3m14s
/ Tests (1.20) (pull_request) Successful in 2m34s
/ Tests (1.21) (pull_request) Successful in 2m10s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-25 15:57:55 +03:00
9432782ce6 [#401] Drop notifications
All checks were successful
/ DCO (pull_request) Successful in 2m5s
/ Builds (1.20) (pull_request) Successful in 2m40s
/ Builds (1.21) (pull_request) Successful in 2m33s
/ Vulncheck (pull_request) Successful in 2m22s
/ Lint (pull_request) Successful in 4m24s
/ Tests (1.20) (pull_request) Successful in 2m48s
/ Tests (1.21) (pull_request) Successful in 2m45s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-25 15:49:37 +03:00
280d11c794 [#407] Don't set full_control for bucket owner
All checks were successful
/ DCO (pull_request) Successful in 1m29s
/ Builds (1.20) (pull_request) Successful in 2m14s
/ Builds (1.21) (pull_request) Successful in 1m47s
/ Vulncheck (pull_request) Successful in 1m57s
/ Lint (pull_request) Successful in 4m16s
/ Tests (1.20) (pull_request) Successful in 2m46s
/ Tests (1.21) (pull_request) Successful in 2m29s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-19 10:55:24 +03:00
ed34b2cae4 [#402] auth: Extend test coverage
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-06-14 10:06:00 +00:00
76f553d292 [#403] Set resource tags into resource properties
All checks were successful
/ DCO (pull_request) Successful in 6m17s
/ Vulncheck (pull_request) Successful in 8m13s
/ Builds (1.20) (pull_request) Successful in 9m45s
/ Builds (1.21) (pull_request) Successful in 9m8s
/ Lint (pull_request) Successful in 18m4s
/ Tests (1.20) (pull_request) Successful in 9m52s
/ Tests (1.21) (pull_request) Successful in 9m5s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-13 11:12:40 +03:00
bb81afc14a [#398] Support retryer
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-06 13:02:17 +00:00
e25dc90c20 [#399] Add OPTIONS method for object operations
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-06-04 12:59:45 +00:00
b5fae316cf [#396] Add user to response
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-06-04 09:37:55 +00:00
9152b084ec [#387] Fix typo
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
21dbe3ea8e [#387] api: Add tests for middleware
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
f4d174e740 [#387] middleware: Extend test coverage
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
8a758293b9 [#387] middleware: Delete unused code
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
fb521c7ac6 [#367] policy: Set IAM-MFA property to false by default
All checks were successful
/ DCO (pull_request) Successful in 2m34s
/ Vulncheck (pull_request) Successful in 2m41s
/ Builds (1.20) (pull_request) Successful in 4m26s
/ Builds (1.21) (pull_request) Successful in 4m19s
/ Lint (pull_request) Successful in 5m48s
/ Tests (1.20) (pull_request) Successful in 3m55s
/ Tests (1.21) (pull_request) Successful in 3m53s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-22 12:05:42 +03:00
87b9e97a80 [#354] Do not proceed on bucket remove error
All checks were successful
/ DCO (pull_request) Successful in 2m22s
/ Vulncheck (pull_request) Successful in 2m37s
/ Builds (1.20) (pull_request) Successful in 3m42s
/ Builds (1.21) (pull_request) Successful in 3m12s
/ Lint (pull_request) Successful in 4m51s
/ Tests (1.20) (pull_request) Successful in 3m13s
/ Tests (1.21) (pull_request) Successful in 3m6s
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-05-17 20:38:39 +03:00
d62d8f3874 [#385] Support the renaming of ObjectRequest and ObjectContainer
All checks were successful
/ DCO (pull_request) Successful in 1m33s
/ Builds (1.20) (pull_request) Successful in 2m7s
/ Builds (1.21) (pull_request) Successful in 1m24s
/ Vulncheck (pull_request) Successful in 1m58s
/ Lint (pull_request) Successful in 4m26s
/ Tests (1.20) (pull_request) Successful in 2m35s
/ Tests (1.21) (pull_request) Successful in 2m42s
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
2024-05-14 16:51:36 +03:00
6bf6a3b1a3 [#362] Check user and groups during policy check
All checks were successful
/ DCO (pull_request) Successful in 4m8s
/ Vulncheck (pull_request) Successful in 4m10s
/ Builds (1.20) (pull_request) Successful in 5m33s
/ Builds (1.21) (pull_request) Successful in 5m24s
/ Lint (pull_request) Successful in 8m32s
/ Tests (1.20) (pull_request) Successful in 5m9s
/ Tests (1.21) (pull_request) Successful in 4m52s
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-05-08 15:25:14 +03:00
c43ef040dc [#382] Fix request type determination
All checks were successful
/ DCO (pull_request) Successful in 1m36s
/ Builds (1.20) (pull_request) Successful in 2m15s
/ Builds (1.21) (pull_request) Successful in 2m9s
/ Lint (pull_request) Successful in 3m22s
/ Tests (1.20) (pull_request) Successful in 2m18s
/ Tests (1.21) (pull_request) Successful in 2m6s
/ Vulncheck (pull_request) Successful in 57s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-07 15:17:22 +03:00
2ab655b909 [#380] Add test for credentials versioning
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-03 07:24:13 +00:00
db05021786 [#379] Add Iana CharsetReader for Oracle integration
All checks were successful
/ DCO (pull_request) Successful in 1m54s
/ Builds (1.20) (pull_request) Successful in 2m23s
/ Builds (1.21) (pull_request) Successful in 2m0s
/ Vulncheck (pull_request) Successful in 2m7s
/ Lint (pull_request) Successful in 4m16s
/ Tests (1.20) (pull_request) Successful in 2m38s
/ Tests (1.21) (pull_request) Successful in 2m29s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-25 17:44:38 +03:00
034396d554 [#377] Add check of Source IP
All checks were successful
/ DCO (pull_request) Successful in 1m55s
/ Builds (1.20) (pull_request) Successful in 2m16s
/ Builds (1.21) (pull_request) Successful in 2m26s
/ Vulncheck (pull_request) Successful in 2m24s
/ Lint (pull_request) Successful in 4m17s
/ Tests (1.20) (pull_request) Successful in 2m42s
/ Tests (1.21) (pull_request) Successful in 2m32s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-22 15:29:18 +03:00
3c436d8de9 [#365] Include iam user tags in query
All checks were successful
/ Vulncheck (pull_request) Successful in 1m48s
/ Builds (1.20) (pull_request) Successful in 2m30s
/ Builds (1.21) (pull_request) Successful in 1m25s
/ Lint (pull_request) Successful in 3m52s
/ Tests (1.20) (pull_request) Successful in 2m24s
/ Tests (1.21) (pull_request) Successful in 2m22s
/ DCO (pull_request) Successful in 45s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-22 10:47:43 +03:00
45f77de8c8 [#371] Add custom Source IP header configuration
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-22 07:42:45 +00:00
e22ff52165 [#367] Add check of AccessBox attributes
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-19 06:25:26 +00:00
5315f7b733 [#269] Create frostfsid wrapper with cache
All checks were successful
/ DCO (pull_request) Successful in 2m10s
/ Vulncheck (pull_request) Successful in 2m0s
/ Builds (1.20) (pull_request) Successful in 2m31s
/ Builds (1.21) (pull_request) Successful in 1m31s
/ Lint (pull_request) Successful in 3m34s
/ Tests (1.20) (pull_request) Successful in 2m26s
/ Tests (1.21) (pull_request) Successful in 2m21s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-18 09:32:30 +03:00
fec3b3f31e [#269] Add frostfsid cache configuration
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 12:11:23 +03:00
3ff027587c [#357] Add check of request and resource tags
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-17 07:06:58 +00:00
8307c73fef [#364] Fix removing combined object
Some checks failed
/ Vulncheck (pull_request) Failing after 3m8s
/ DCO (pull_request) Successful in 3m49s
/ Builds (1.20) (pull_request) Successful in 5m35s
/ Builds (1.21) (pull_request) Successful in 4m16s
/ Lint (pull_request) Successful in 6m55s
/ Tests (1.20) (pull_request) Successful in 5m14s
/ Tests (1.21) (pull_request) Successful in 4m29s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 14:56:38 +03:00
d8889fca56 [#340] Fix encode object acl
In the process of encode the acl of an object,
we use a map. As a result, when traversing the
map, we can get a different sequence of permissions
each time. Therefore, a list is used instead of a map.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-04-11 09:28:30 +00:00
61ff4702a2 [#360] Reuse single target during policy check
Some checks failed
/ DCO (pull_request) Successful in 1m38s
/ Vulncheck (pull_request) Failing after 2m4s
/ Builds (1.20) (pull_request) Successful in 2m33s
/ Builds (1.21) (pull_request) Successful in 2m12s
/ Lint (pull_request) Successful in 3m6s
/ Tests (1.20) (pull_request) Successful in 2m57s
/ Tests (1.21) (pull_request) Successful in 2m6s
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:56:47 +03:00
6da1acc554 [#360] Use 'c' prefix for bucket policies instead of 'n'
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:56:47 +03:00
9c012d0a66 [#355] Remove policies when delete bucket
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-09 15:49:46 +00:00
37d05dcefd [#353] Add check of listing parameters and versionID
Some checks failed
/ DCO (pull_request) Successful in 1m36s
/ Vulncheck (pull_request) Failing after 2m17s
/ Builds (1.20) (pull_request) Successful in 3m27s
/ Builds (1.21) (pull_request) Successful in 3m22s
/ Lint (pull_request) Successful in 5m4s
/ Tests (1.20) (pull_request) Successful in 2m53s
/ Tests (1.21) (pull_request) Successful in 2m47s
Add properties in policy check:
* s3:delimiter
* s3:prefix
* s3:max-keys
* s3:VersionId

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-08 17:57:55 +03:00
8669bf6b50 [#346] acl: Update APE and fix using
All checks were successful
/ DCO (pull_request) Successful in 2m57s
/ Vulncheck (pull_request) Successful in 3m33s
/ Lint (pull_request) Successful in 4m44s
/ Tests (1.20) (pull_request) Successful in 3m38s
/ Tests (1.21) (pull_request) Successful in 3m29s
/ Builds (1.20) (pull_request) Successful in 1m12s
/ Builds (1.21) (pull_request) Successful in 3m23s
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 12:43:04 +00:00
fbe7a784e8 [#301] Support GetBucketPolicyStatus
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-28 09:13:25 +03:00
80c7b73eb9 [#306] In APE buckets forbid canned acl except private
Some checks failed
/ DCO (pull_request) Successful in 2m50s
/ Vulncheck (pull_request) Failing after 3m15s
/ Builds (1.20) (pull_request) Successful in 3m39s
/ Builds (1.21) (pull_request) Successful in 3m41s
/ Lint (pull_request) Successful in 5m48s
/ Tests (1.20) (pull_request) Successful in 4m0s
/ Tests (1.21) (pull_request) Successful in 3m53s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-19 16:57:26 +03:00
62cc5a04a7 [#328] Log error on failed response writing
Some checks failed
/ DCO (pull_request) Successful in 3m34s
/ Vulncheck (pull_request) Failing after 4m18s
/ Builds (1.20) (pull_request) Successful in 4m58s
/ Builds (1.21) (pull_request) Successful in 4m24s
/ Lint (pull_request) Successful in 7m27s
/ Tests (1.20) (pull_request) Successful in 5m24s
/ Tests (1.21) (pull_request) Successful in 5m0s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-15 11:02:26 +03:00
4ee3648183 [#328] Log invalid lock enabled header
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 15:09:51 +03:00
ee48d1dc85 [#325] Log error on failed request id generation
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 09:49:41 +00:00
f958eef2b3 [#325] Use default empty data.LockInfo in get/head in case of error
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 09:49:41 +00:00
81b44ab3d3 [#325] Fix mutex usage in controller
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 09:49:41 +00:00
8050ca2d51 [#306] Use session token for container read operations
All checks were successful
/ DCO (pull_request) Successful in 1m54s
/ Vulncheck (pull_request) Successful in 1m55s
/ Builds (1.20) (pull_request) Successful in 2m49s
/ Builds (1.21) (pull_request) Successful in 1m56s
/ Lint (pull_request) Successful in 3m59s
/ Tests (1.20) (pull_request) Successful in 2m30s
/ Tests (1.21) (pull_request) Successful in 2m19s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-01 18:14:33 +03:00