Commit graph

315 commits

Author SHA1 Message Date
f391966326 [#581] Clean up remaining NeoFS mentions
All checks were successful
/ DCO (pull_request) Successful in 4m7s
/ Vulncheck (pull_request) Successful in 4m17s
/ Builds (pull_request) Successful in 1m50s
/ Lint (pull_request) Successful in 2m41s
/ Tests (pull_request) Successful in 2m13s
/ Vulncheck (push) Successful in 1m43s
/ Builds (push) Successful in 2m1s
/ Lint (push) Successful in 6m19s
/ Tests (push) Successful in 5m50s
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-13 18:18:04 +03:00
d986e74897 [#147] Add Kludge profiles
All checks were successful
/ Vulncheck (push) Successful in 3m46s
/ Builds (push) Successful in 2m4s
/ Lint (push) Successful in 5m7s
/ Tests (push) Successful in 4m27s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-12-13 11:25:07 +00:00
04b8fc2b5f [#562] Empty default value for TLS termination header param
All checks were successful
/ Vulncheck (push) Successful in 1m28s
/ Builds (push) Successful in 2m14s
/ Lint (push) Successful in 3m59s
/ Tests (push) Successful in 3m17s
If the service is accessed not through a proxy and the
default value of the parameter with the header key is
not empty, then the system administrator does not
control disabling TLS verification in any way, because
the client can simply add a known header, thereby
skipping the verification. Therefore, the default value
of the header parameter is made empty. If it is empty,
then TLS verification cannot be disabled in any way.
Thus, the system administrator will be able to control
the enabling/disabling of TLS.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-12-13 11:12:58 +00:00
128939c01e [#562] Add tests for form encryption params
All checks were successful
/ DCO (pull_request) Successful in 1m29s
/ Vulncheck (pull_request) Successful in 1m37s
/ Builds (pull_request) Successful in 2m52s
/ Lint (pull_request) Successful in 3m47s
/ Tests (pull_request) Successful in 3m0s
/ Vulncheck (push) Successful in 1m22s
/ Builds (push) Successful in 2m2s
/ Lint (push) Successful in 3m41s
/ Tests (push) Successful in 2m51s
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-12-11 16:09:43 +03:00
4a4ce00994 [#562] Support TLS termination header for SSE-C
The TLS termination header added for determining
whether TLS needs to be checked. If the system
requests come through a proxy server and TLS can
terminate at the proxy level, you should use this
header to disable TLS verification at SSE-C.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-12-11 16:09:43 +03:00
ea714c2e9e [#339] Fix logging in authmate [pre]sign command
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-12-10 15:04:56 +03:00
c4c757eea6 [#339] Drop aws-sdk-go v1
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-12-10 15:04:56 +03:00
8da71c3ae0 [#339] sigv4a: Support presign
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-12-10 15:04:56 +03:00
8f7ccb0f62
[#570] Remove frostfs-api-go dependency
All checks were successful
/ DCO (pull_request) Successful in 2m11s
/ Vulncheck (pull_request) Successful in 2m50s
/ Builds (pull_request) Successful in 2m23s
/ Lint (pull_request) Successful in 3m42s
/ Tests (pull_request) Successful in 2m26s
/ Vulncheck (push) Successful in 4m19s
/ Lint (push) Successful in 2m58s
/ Tests (push) Successful in 2m50s
/ Builds (push) Successful in 4m40s
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-12-10 11:03:30 +03:00
f215d200e8 [#559] Remove multipart objects using tombstones
All checks were successful
/ DCO (pull_request) Successful in 1m33s
/ Vulncheck (pull_request) Successful in 2m38s
/ Builds (pull_request) Successful in 2m48s
/ Lint (pull_request) Successful in 4m6s
/ Tests (pull_request) Successful in 2m48s
/ Vulncheck (push) Successful in 1m19s
/ Builds (push) Successful in 2m14s
/ Lint (push) Successful in 3m40s
/ Tests (push) Successful in 2m21s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-12-04 11:03:01 +03:00
51322cccdf [#502] Add Dropped logs (by sampling) metric
All checks were successful
/ DCO (pull_request) Successful in 2m9s
/ Vulncheck (pull_request) Successful in 2m22s
/ Builds (pull_request) Successful in 2m0s
/ Lint (pull_request) Successful in 3m6s
/ Tests (pull_request) Successful in 2m2s
/ Vulncheck (push) Successful in 1m13s
/ Builds (push) Successful in 1m58s
/ Lint (push) Successful in 3m33s
/ Tests (push) Successful in 2m19s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-12-03 12:16:56 +00:00
b1775f9478 [#553] authmate: Add retryer to create access box
Some checks failed
/ DCO (pull_request) Successful in 1m20s
/ Vulncheck (pull_request) Successful in 1m34s
/ Builds (pull_request) Successful in 1m45s
/ Lint (pull_request) Successful in 2m17s
/ Tests (pull_request) Successful in 1m56s
/ Builds (push) Has been cancelled
/ Lint (push) Has been cancelled
/ Tests (push) Has been cancelled
/ Vulncheck (push) Has been cancelled
After using AddChain to provide access to container we have to wait:
* tx with APE chain be accepted by blockchain
* cache in storage node be updated

it takes a while. So we add retry
 (the same as when we add bucket settings during bucket creation)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-11-19 15:46:00 +03:00
4fa45bdac2 [#553] authmate: Don't use basic acl
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-11-19 15:45:54 +03:00
368c7d2acd [#549] Add tracing attributes
All checks were successful
/ Vulncheck (push) Successful in 1m4s
/ Builds (push) Successful in 1m44s
/ Lint (push) Successful in 2m42s
/ Tests (push) Successful in 2m0s
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-11-18 11:55:31 +00:00
979d85b046 [#505] authmate: Add flag for headers in generate-presigned-url cmd
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-11-02 08:53:54 +00:00
9e64304499 [#521] Use handler to register dial events
While frostfs-node uses dial handler to udpate metric
value, gateway starts with simple event logging.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-10-29 15:55:27 +03:00
94504e9746 [#521] Use source dialer for gRPC connection to storage
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-10-29 15:55:27 +03:00
3c7cb82553 [#509] Init resolvers before first resolving
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-10-23 15:01:31 +03:00
b78e55e101 [#509] Support custom AWS credentials
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-10-23 15:01:31 +03:00
25c24f5ce6 [#522] Add waiter to contract clients
All checks were successful
/ DCO (pull_request) Successful in 1m19s
/ Vulncheck (pull_request) Successful in 1m37s
/ Builds (pull_request) Successful in 1m42s
/ Lint (pull_request) Successful in 2m54s
/ Tests (pull_request) Successful in 1m49s
Signed-off-by: Vladimir Domnich <v.domnich@yadro.com>
2024-10-23 09:22:19 +03:00
aaed083d82 [#520] Support the continuous use of interceptors
All checks were successful
/ DCO (pull_request) Successful in 3m18s
/ Builds (pull_request) Successful in 3m28s
/ Vulncheck (pull_request) Successful in 3m25s
/ Lint (pull_request) Successful in 3m51s
/ Tests (pull_request) Successful in 3m29s
We can always add interceptors to the grpc
connection to the storage, since the actual
use will be controlled by the configuration
from the frostfs-observability library.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-10-21 11:49:22 +03:00
03481274f0 [#467] authmate: Add sign command
Support singing arbitrary data using aws sigv4 algorithm

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-10-02 13:42:22 +00:00
99f273f9af [#461] Configure logger sampling policy
All checks were successful
/ DCO (pull_request) Successful in 57s
/ Vulncheck (pull_request) Successful in 1m17s
/ Builds (pull_request) Successful in 2m3s
/ Lint (pull_request) Successful in 2m32s
/ Tests (pull_request) Successful in 2m4s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-09-26 10:34:44 +03:00
34c1426b9f [#484] Add root ca cert for telemetry configuration
Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
2024-09-19 11:07:13 +00:00
8ca73e2079 [#493] Fix of receiving VHS namespaces map
All checks were successful
/ Vulncheck (pull_request) Successful in 1m17s
/ Builds (pull_request) Successful in 1m35s
/ Lint (pull_request) Successful in 2m34s
/ Tests (pull_request) Successful in 1m36s
/ DCO (pull_request) Successful in 36s
In the process of forming a map with namespaces
for which VHS is enabled, we resolve the alias
of the namespace. The problem is that to resolve,
we need default namespace names, which in turn do
not have time to decide by this time. Therefore,
now the check for the default name takes place
directly in the prepareVHSNamespaces function
based on previously read default names.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-09-17 16:57:05 +03:00
d0e4d55772 [#460] Add network info cache
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-09-13 09:56:24 +00:00
62615d7ab7 [#369] Request reproducer
All checks were successful
/ DCO (pull_request) Successful in 47s
/ Builds (pull_request) Successful in 59s
/ Vulncheck (pull_request) Successful in 1m15s
/ Lint (pull_request) Successful in 2m15s
/ Tests (pull_request) Successful in 1m20s
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-09-11 15:25:09 +03:00
575ab4d294 [#369] Enhanced http requests logging
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-09-11 15:25:09 +03:00
d919e6cce2 [#482] Fix containers resolving
All checks were successful
/ DCO (pull_request) Successful in 1m8s
/ Builds (pull_request) Successful in 1m7s
/ Vulncheck (pull_request) Successful in 1m12s
/ Lint (pull_request) Successful in 2m24s
/ Tests (pull_request) Successful in 1m24s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-09-05 12:33:14 +03:00
136b5521fe [#475] Support graceful_close_on_switch_timeout param
This allows in-flight requests finish during rebalance

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-08-29 13:22:08 +00:00
a5f670d904 [#329] Reduce using mutex when update app settings
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-08-29 12:03:26 +00:00
bf00fa6aa9 [#449] Add support headers for vhs and servername
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-08-23 08:35:05 +00:00
534ae7f0f1 [#446] Add support virtual-hosted-style
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-08-23 08:35:05 +00:00
481520705a [#42] Support expiration lifecycle
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-08-21 10:38:35 +03:00
28723f4a68 [#447] Add tree pool request duration metric
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-08-21 06:36:55 +00:00
3dc989d7fe [#451] Support Location in CompleteMultipart response
All checks were successful
/ Vulncheck (pull_request) Successful in 1m15s
/ DCO (pull_request) Successful in 1m13s
/ Builds (1.21) (pull_request) Successful in 1m31s
/ Builds (1.22) (pull_request) Successful in 1m25s
/ Lint (pull_request) Successful in 2m26s
/ Tests (1.21) (pull_request) Successful in 1m40s
/ Tests (1.22) (pull_request) Successful in 1m43s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-08-06 15:45:09 +03:00
6cb0026007 [#427] layer: Split FrostFS ReadObject to separate methods
All checks were successful
/ Builds (1.21) (pull_request) Successful in 1m20s
/ Builds (1.22) (pull_request) Successful in 1m15s
/ Vulncheck (pull_request) Successful in 1m6s
/ DCO (pull_request) Successful in 57s
/ Lint (pull_request) Successful in 2m59s
/ Tests (1.21) (pull_request) Successful in 1m9s
/ Tests (1.22) (pull_request) Successful in 1m23s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-23 16:53:59 +03:00
971006a28c [#422] Support separate container for CORS
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-07-23 12:33:29 +00:00
70eedfc077 [#414] authmate: Add register-user command
All checks were successful
/ Builds (1.20) (pull_request) Successful in 14m30s
/ Builds (1.21) (pull_request) Successful in 14m25s
/ DCO (pull_request) Successful in 6m47s
/ Vulncheck (pull_request) Successful in 6m59s
/ Lint (pull_request) Successful in 11m52s
/ Tests (1.20) (pull_request) Successful in 8m24s
/ Tests (1.21) (pull_request) Successful in 8m19s
New command allows register user in frostfsid and
set allowed rules in policy contract

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-08 14:13:00 +03:00
9241954496 [#372] authmate: Don't create creds with eacl table
Allow only impersonate flag.
Don't allow SetEACL container session token.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-01 16:26:21 +03:00
77f8bdac58 [#372] Drop kludge.acl_enabled flag
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-01 16:26:19 +03:00
414f3943e2 [#410] Drop layer.Client interface
All checks were successful
/ DCO (pull_request) Successful in 2m1s
/ Vulncheck (pull_request) Successful in 2m31s
/ Builds (1.20) (pull_request) Successful in 2m39s
/ Builds (1.21) (pull_request) Successful in 2m31s
/ Lint (pull_request) Successful in 3m14s
/ Tests (1.20) (pull_request) Successful in 2m34s
/ Tests (1.21) (pull_request) Successful in 2m10s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-25 15:57:55 +03:00
9432782ce6 [#401] Drop notifications
All checks were successful
/ DCO (pull_request) Successful in 2m5s
/ Builds (1.20) (pull_request) Successful in 2m40s
/ Builds (1.21) (pull_request) Successful in 2m33s
/ Vulncheck (pull_request) Successful in 2m22s
/ Lint (pull_request) Successful in 4m24s
/ Tests (1.20) (pull_request) Successful in 2m48s
/ Tests (1.21) (pull_request) Successful in 2m45s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-25 15:49:37 +03:00
2b04fcb5ec [#406] Remove control api
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-21 06:36:56 +00:00
bb81afc14a [#398] Support retryer
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-06 13:02:17 +00:00
2ab655b909 [#380] Add test for credentials versioning
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-03 07:24:13 +00:00
db05021786 [#379] Add Iana CharsetReader for Oracle integration
All checks were successful
/ DCO (pull_request) Successful in 1m54s
/ Builds (1.20) (pull_request) Successful in 2m23s
/ Builds (1.21) (pull_request) Successful in 2m0s
/ Vulncheck (pull_request) Successful in 2m7s
/ Lint (pull_request) Successful in 4m16s
/ Tests (1.20) (pull_request) Successful in 2m38s
/ Tests (1.21) (pull_request) Successful in 2m29s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-25 17:44:38 +03:00
45f77de8c8 [#371] Add custom Source IP header configuration
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-22 07:42:45 +00:00
5315f7b733 [#269] Create frostfsid wrapper with cache
All checks were successful
/ DCO (pull_request) Successful in 2m10s
/ Vulncheck (pull_request) Successful in 2m0s
/ Builds (1.20) (pull_request) Successful in 2m31s
/ Builds (1.21) (pull_request) Successful in 1m31s
/ Lint (pull_request) Successful in 3m34s
/ Tests (1.20) (pull_request) Successful in 2m26s
/ Tests (1.21) (pull_request) Successful in 2m21s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-18 09:32:30 +03:00
43a687b572 [#269] authmate: Update frostfsid using
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 12:11:23 +03:00