22 commits

Author	SHA1	Message	Date
Alex Vanin	6bf6a3b1a3	[#362] Check user and groups during policy check ... Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-05-08 15:25:14 +03:00
Marina Biryukova	c43ef040dc	[#382] Fix request type determination ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-05-07 15:17:22 +03:00
Pavel Pogodaev	db05021786	[#379] Add Iana CharsetReader for Oracle integration ... Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-04-25 17:44:38 +03:00
Marina Biryukova	034396d554	[#377] Add check of Source IP ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-22 15:29:18 +03:00
Pavel Pogodaev	3c436d8de9	[#365] Include iam user tags in query ... Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-04-22 10:47:43 +03:00
Marina Biryukova	e22ff52165	[#367] Add check of AccessBox attributes ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-19 06:25:26 +00:00
Marina Biryukova	3ff027587c	[#357] Add check of request and resource tags ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-17 07:06:58 +00:00
Alex Vanin	61ff4702a2	[#360] Reuse single target during policy check ... Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-04-10 17:56:47 +03:00
Alex Vanin	6da1acc554	[#360] Use 'c' prefix for bucket policies instead of 'n' ... With 'c' prefix, acl chains become shorter, thus gateway receives shorter results and avoids sessions to neo-go. There is still issue with many IAM rules. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-04-10 17:56:47 +03:00
Marina Biryukova	37d05dcefd	[#353] Add check of listing parameters and versionID ... Add properties in policy check: * s3:delimiter * s3:prefix * s3:max-keys * s3:VersionId Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-08 17:57:55 +03:00
Denis Kirillov	62cc5a04a7	[#328] Log error on failed response writing ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-15 11:02:26 +03:00
Denis Kirillov	c12e264697	[#306] Simplify cid resolver for metrics ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-01 17:46:16 +03:00
Denis Kirillov	fabb4134bc	[#318] Use log msg from constants ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	7b86bac6ee	[#318] Log unmatched requests ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	6e5bcaef97	[#318] Log policy request checking ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	3285a2e105	[#306] policy: Change default access strategy ... Use access strategy based on bucket type and/or config flags. Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:53:13 +03:00
Denis Kirillov	5698d5844e	[#283] Support frostfsid groups in policy request checking ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-21 14:21:36 +03:00
Denis Kirillov	a17ff66975	[#282] policy: Use prefixes to distinguish s3/iam actions/resources ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-20 10:41:15 +03:00
Denis Kirillov	8273af8bf8	[#261] Make PutBucketPolicy handler use policy contract ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-18 15:49:54 +03:00
Denis Kirillov	9272f4e108	[#259] Support contract based policies ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-11 10:01:46 +03:00
Denis Kirillov	43abf58068	[#257] Support flag to deny access if policy rules not found ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-06 17:47:58 +03:00
Denis Kirillov	473239bf36	[#257] Add policy checker ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-06 17:47:51 +03:00