80c7b73eb9
[ #306 ] In APE buckets forbid canned acl except private
...
/ DCO (pull_request) Successful in 2m50s
/ Vulncheck (pull_request) Failing after 3m15s
/ Builds (1.20) (pull_request) Successful in 3m39s
/ Builds (1.21) (pull_request) Successful in 3m41s
/ Lint (pull_request) Successful in 5m48s
/ Tests (1.20) (pull_request) Successful in 4m0s
/ Tests (1.21) (pull_request) Successful in 3m53s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-19 16:57:26 +03:00
8f89f275bd
[ #306 ] Save bucket policy as native chain
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c868af8a62
[ #306 ] Add flag to enable old ACL bucket creation
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c452d58ce2
[ #306 ] Reduce number of policy contract invocations
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
d9d12debc3
[ #306 ] Add tests
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
3d0d2032c6
[ #306 ] acl: Handle put/get acl for APE buckets
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
37be8851b3
[ #306 ] Simplify namespaces configuration
...
Resolve ns alias at the beginning of the request just once.
Keep in ns map only one default ns key.
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c4c199defe
[ #306 ] Use s3 as chain id prefix to be consistent
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
a17ff66975
[ #282 ] policy: Use prefixes to distinguish s3/iam actions/resources
...
/ DCO (pull_request) Successful in 1m37s
/ Vulncheck (pull_request) Successful in 1m50s
/ Builds (1.20) (pull_request) Successful in 2m24s
/ Builds (1.21) (pull_request) Successful in 2m2s
/ Lint (pull_request) Successful in 4m26s
/ Tests (1.20) (pull_request) Successful in 2m28s
/ Tests (1.21) (pull_request) Successful in 1m58s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 10:41:15 +03:00
38c5503a02
[ #261 ] alc: Remove unused
...
/ Vulncheck (pull_request) Successful in 2m1s
/ DCO (pull_request) Successful in 1m49s
/ Builds (1.20) (pull_request) Successful in 2m21s
/ Builds (1.21) (pull_request) Successful in 2m4s
/ Lint (pull_request) Successful in 2m56s
/ Tests (1.20) (pull_request) Successful in 2m17s
/ Tests (1.21) (pull_request) Successful in 1m46s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:58 +03:00
8273af8bf8
[ #261 ] Make PutBucketPolicy handler use policy contract
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:54 +03:00
b28ecef43b
[ #219 ] Return ETag in quotes
...
/ Vulncheck (pull_request) Successful in 9m5s
/ Lint (pull_request) Successful in 11m1s
/ Tests (1.20) (pull_request) Successful in 9m59s
/ Tests (1.21) (pull_request) Successful in 9m53s
/ DCO (pull_request) Successful in 11m34s
/ Builds (1.20) (pull_request) Successful in 12m24s
/ Builds (1.21) (pull_request) Successful in 8m59s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-11-22 11:12:32 +00:00
298662df9d
[ #221 ] Expand xmlns field ignore
...
/ Vulncheck (pull_request) Successful in 1m38s
/ Lint (pull_request) Successful in 2m49s
/ Tests (1.20) (pull_request) Successful in 1m56s
/ Tests (1.21) (pull_request) Successful in 1m44s
/ DCO (pull_request) Successful in 3m56s
/ Builds (1.20) (pull_request) Successful in 6m25s
/ Builds (1.21) (pull_request) Successful in 1m36s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-10-13 16:21:13 +03:00
8efcc957ea
[ #96 ] Move log messages to constants
...
/ DCO (pull_request) Successful in 1m35s
/ Builds (1.19) (pull_request) Successful in 2m14s
/ Builds (1.20) (pull_request) Successful in 2m9s
/ Vulncheck (pull_request) Successful in 5m39s
/ Lint (pull_request) Successful in 2m49s
/ Tests (1.19) (pull_request) Successful in 7m34s
/ Tests (1.20) (pull_request) Successful in 1m44s
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2023-08-23 18:32:31 +03:00
40d7f844e3
[ #137 ] Refactor context data retrievers
...
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2023-08-16 14:05:38 +00:00
fc90981c03
[ #149 ] Update inner imports after moving middlewares
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-07-11 17:25:09 +03:00
d531b13866
[ #143 ] Add more context to some s3 errors
...
/ DCO (pull_request) Successful in 1m18s
/ Vulncheck (pull_request) Successful in 1m50s
/ Lint (pull_request) Successful in 3m1s
/ Tests (1.19) (pull_request) Successful in 2m47s
/ Tests (1.20) (pull_request) Successful in 3m2s
/ Builds (1.19) (pull_request) Successful in 2m54s
/ Builds (1.20) (pull_request) Successful in 7m58s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-30 12:08:33 +03:00
23593eee3d
[ #111 ] Use request scope logger
...
/ Lint (pull_request) Failing after 32s
/ Tests (1.19) (pull_request) Failing after 32s
/ Tests (1.20) (pull_request) Failing after 32s
/ Builds (1.19) (pull_request) Failing after 32s
/ Builds (1.20) (pull_request) Failing after 32s
/ Vulncheck (pull_request) Failing after 57s
/ DCO (pull_request) Failing after 1m0s
Store child zap logger with request scope fields into context.
Request scoped fields: request_id, api/method, bucket, object
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-19 13:54:51 +03:00
64e7356acc
[TrueCloudLab#32] Add custom policy unmarshaler
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-03-09 11:19:01 +00:00
813aa2f173
Rename package name
...
Due to source code relocation from GitHub.
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 17:38:08 +03:00
96dff367db
[ #1 ] Build S3 Gateway with FrostFS dependencies
...
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2022-12-15 12:43:52 +03:00
Denis Kirillov
2886ac161c
[ #740 ] Fix forming policy by ast
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-11-10 15:33:03 +03:00
Denis Kirillov
4082cd6b54
[ #606 ] Keep eacl records order on conflict
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-08 12:21:47 +03:00
Denis Kirillov
9cd4ef1ac4
[ #657 ] Replace FileName with FilePath attribute
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-07 15:50:43 +03:00
Denis Kirillov
e38bdae07a
[ #676 ] Fix object acl
...
Put object acl always add rules to specific version of object.
Get object acl consider READ rights as FULL_CONTROL
because WRITE cannot be applied to object
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-08-29 13:20:30 +03:00
Angira Kekteeva
dfd734b9ec
[ #577 ] Separate GetObjectInfo and GetExtendedObjectInfo
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-08-09 17:20:40 +04:00
Angira Kekteeva
3ac3f1cc9d
[ #577 ] Rename objectInfo.Version() to VersionID()
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-08-09 17:20:40 +04:00
Denis Kirillov
0057f6b7db
[ #546 ] Add size and etag in nodeVersionInfo
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-22 15:19:16 +03:00
Denis Kirillov
88c392d024
[ #490 ] Optimize GetObjectTaggingAndLock
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-22 15:19:16 +03:00
Alex Vanin
d7f77ce874
[ #574 ] Produce deny records for private objects in put-object-acl
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-21 17:55:15 +03:00
Alex Vanin
66fe3fee7b
[ #574 ] Produce deny records for private objects
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-21 17:55:15 +03:00
Denis Kirillov
7ba7e7dc4d
[ #590 ] Make service records valid
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 19:10:23 +03:00
Denis Kirillov
1e26cf1541
[ #590 ] Use service records to save resource info
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 19:10:23 +03:00
Angira Kekteeva
b144e50f7f
[ #584 ] Refactor formRecords func
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Angira Kekteeva
3f4a55f39e
[ #584 ] Fix order in astToTable
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Angira Kekteeva
260fb95677
[ #584 ] Fix order in tableToAst
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Denis Kirillov
1575da65a4
[ #573 ] Fix object acl filters
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-14 13:33:11 +03:00
Alex Vanin
a57b8d34d3
[ #553 ] Add more comments about eacl.RoleUnknown
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
06d043e1eb
[ #553 ] Optimize target formation with multiple keys
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
d6065c64c4
[ #553 ] Check group grantee based on stored list of users
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
c7de7d2928
[ #553 ] Do not use user role with public keys in eacl target
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
36029ca864
[ #580 ] Fix user removal in astOperation
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-06 17:40:41 +03:00
Denis Kirillov
6e1a1f3839
[ #522 ] Suppress CodeQL error
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-04 11:03:55 +03:00
Denis Kirillov
7ca519cb32
[ #539 ] Add context to errors
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-06-27 02:23:19 +04:00
Leonard Lyubich
028a152e04
[ #544 ] Upgrade NeoFS SDK Go with another approach of container sessions
...
After recent changes in NeoFS SDK Go library session tokens aren't
embedded into `container.Container` and `eacl.Table` structures.
Instead, the operations of storing given values in NeoFS are
parameterized by elements of the corresponding type.
Add dedicated session parameters to operations of bucket and eACL
setting.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-24 13:00:26 +03:00
Angira Kekteeva
cfe7591cf7
[ #523 ] Add putObjectACL notification
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-06-17 01:43:46 +04:00
Angira Kekteeva
dd0d21b690
[ #523 ] Fix typo
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-06-17 01:43:46 +04:00
Alex Vanin
ee0f3fb196
[ #489 ] Avoid sensitive data logging
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-06-02 19:42:31 +04:00
Leonard Lyubich
087d500c5f
[ #458 ] *: Refactor working with NeoFS identities
...
Pull latest changes from NeoFS SDK Go library. Decrease redundant and
unsafe usage of ID pointers. Use `EncodeToString` method in order to
calculate protocol strings.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-05-27 17:22:37 +04:00
Alex Vanin
80c6122f55
[ #450 ] Do not pass nil error to logAndSendError
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-05-25 00:36:42 +04:00