Commit graph

1343 commits

Author SHA1 Message Date
9787b29542 [#392] go.mod: Update APE to drop private IPs checking
All checks were successful
/ Vulncheck (pull_request) Successful in 2m8s
/ DCO (pull_request) Successful in 2m38s
/ Builds (1.20) (pull_request) Successful in 2m48s
/ Builds (1.21) (pull_request) Successful in 3m22s
/ Lint (pull_request) Successful in 5m17s
/ Tests (1.20) (pull_request) Successful in 3m37s
/ Tests (1.21) (pull_request) Successful in 2m59s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-27 11:26:15 +03:00
9152b084ec [#387] Fix typo
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
21dbe3ea8e [#387] api: Add tests for middleware
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
f4d174e740 [#387] middleware: Extend test coverage
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
8a758293b9 [#387] middleware: Delete unused code
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-05-22 15:06:02 +00:00
fb521c7ac6 [#367] policy: Set IAM-MFA property to false by default
All checks were successful
/ DCO (pull_request) Successful in 2m34s
/ Vulncheck (pull_request) Successful in 2m41s
/ Builds (1.20) (pull_request) Successful in 4m26s
/ Builds (1.21) (pull_request) Successful in 4m19s
/ Lint (pull_request) Successful in 5m48s
/ Tests (1.20) (pull_request) Successful in 3m55s
/ Tests (1.21) (pull_request) Successful in 3m53s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-22 12:05:42 +03:00
87b9e97a80 [#354] Do not proceed on bucket remove error
All checks were successful
/ DCO (pull_request) Successful in 2m22s
/ Vulncheck (pull_request) Successful in 2m37s
/ Builds (1.20) (pull_request) Successful in 3m42s
/ Builds (1.21) (pull_request) Successful in 3m12s
/ Lint (pull_request) Successful in 4m51s
/ Tests (1.20) (pull_request) Successful in 3m13s
/ Tests (1.21) (pull_request) Successful in 3m6s
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-05-17 20:38:39 +03:00
d62d8f3874 [#385] Support the renaming of ObjectRequest and ObjectContainer
All checks were successful
/ DCO (pull_request) Successful in 1m33s
/ Builds (1.20) (pull_request) Successful in 2m7s
/ Builds (1.21) (pull_request) Successful in 1m24s
/ Vulncheck (pull_request) Successful in 1m58s
/ Lint (pull_request) Successful in 4m26s
/ Tests (1.20) (pull_request) Successful in 2m35s
/ Tests (1.21) (pull_request) Successful in 2m42s
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
2024-05-14 16:51:36 +03:00
6bf6a3b1a3 [#362] Check user and groups during policy check
All checks were successful
/ DCO (pull_request) Successful in 4m8s
/ Vulncheck (pull_request) Successful in 4m10s
/ Builds (1.20) (pull_request) Successful in 5m33s
/ Builds (1.21) (pull_request) Successful in 5m24s
/ Lint (pull_request) Successful in 8m32s
/ Tests (1.20) (pull_request) Successful in 5m9s
/ Tests (1.21) (pull_request) Successful in 4m52s
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-05-08 15:25:14 +03:00
2f108c9951 [#362] Expand control service
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-05-08 15:15:49 +03:00
c43ef040dc [#382] Fix request type determination
All checks were successful
/ DCO (pull_request) Successful in 1m36s
/ Builds (1.20) (pull_request) Successful in 2m15s
/ Builds (1.21) (pull_request) Successful in 2m9s
/ Lint (pull_request) Successful in 3m22s
/ Tests (1.20) (pull_request) Successful in 2m18s
/ Tests (1.21) (pull_request) Successful in 2m6s
/ Vulncheck (pull_request) Successful in 57s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-07 15:17:22 +03:00
2ab655b909 [#380] Add test for credentials versioning
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-03 07:24:13 +00:00
1c398551e5 [#380] creds: Increase test coverage
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-05-03 07:24:13 +00:00
db05021786 [#379] Add Iana CharsetReader for Oracle integration
All checks were successful
/ DCO (pull_request) Successful in 1m54s
/ Builds (1.20) (pull_request) Successful in 2m23s
/ Builds (1.21) (pull_request) Successful in 2m0s
/ Vulncheck (pull_request) Successful in 2m7s
/ Lint (pull_request) Successful in 4m16s
/ Tests (1.20) (pull_request) Successful in 2m38s
/ Tests (1.21) (pull_request) Successful in 2m29s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-25 17:44:38 +03:00
034396d554 [#377] Add check of Source IP
All checks were successful
/ DCO (pull_request) Successful in 1m55s
/ Builds (1.20) (pull_request) Successful in 2m16s
/ Builds (1.21) (pull_request) Successful in 2m26s
/ Vulncheck (pull_request) Successful in 2m24s
/ Lint (pull_request) Successful in 4m17s
/ Tests (1.20) (pull_request) Successful in 2m42s
/ Tests (1.21) (pull_request) Successful in 2m32s
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-22 15:29:18 +03:00
3c436d8de9 [#365] Include iam user tags in query
All checks were successful
/ Vulncheck (pull_request) Successful in 1m48s
/ Builds (1.20) (pull_request) Successful in 2m30s
/ Builds (1.21) (pull_request) Successful in 1m25s
/ Lint (pull_request) Successful in 3m52s
/ Tests (1.20) (pull_request) Successful in 2m24s
/ Tests (1.21) (pull_request) Successful in 2m22s
/ DCO (pull_request) Successful in 45s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-22 10:47:43 +03:00
45f77de8c8 [#371] Add custom Source IP header configuration
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-22 07:42:45 +00:00
d903de2457 [#370] Fix fetching attributes from tree
All checks were successful
/ DCO (pull_request) Successful in 2m6s
/ Vulncheck (pull_request) Successful in 2m48s
/ Builds (1.20) (pull_request) Successful in 3m19s
/ Builds (1.21) (pull_request) Successful in 3m15s
/ Lint (pull_request) Successful in 4m50s
/ Tests (1.20) (pull_request) Successful in 3m13s
/ Tests (1.21) (pull_request) Successful in 3m4s
Port #374

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-19 17:33:55 +03:00
e22ff52165 [#367] Add check of AccessBox attributes
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-19 06:25:26 +00:00
5315f7b733 [#269] Create frostfsid wrapper with cache
All checks were successful
/ DCO (pull_request) Successful in 2m10s
/ Vulncheck (pull_request) Successful in 2m0s
/ Builds (1.20) (pull_request) Successful in 2m31s
/ Builds (1.21) (pull_request) Successful in 1m31s
/ Lint (pull_request) Successful in 3m34s
/ Tests (1.20) (pull_request) Successful in 2m26s
/ Tests (1.21) (pull_request) Successful in 2m21s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-18 09:32:30 +03:00
43a687b572 [#269] authmate: Update frostfsid using
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 12:11:23 +03:00
29a2dae40c [#269] Move frostfsid client to separate package
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 12:11:23 +03:00
fec3b3f31e [#269] Add frostfsid cache configuration
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 12:11:23 +03:00
7db89c840b [#368] Update vulnerable dependencies
All checks were successful
/ DCO (pull_request) Successful in 3m41s
/ Vulncheck (pull_request) Successful in 3m28s
/ Builds (1.20) (pull_request) Successful in 4m41s
/ Builds (1.21) (pull_request) Successful in 4m35s
/ Lint (pull_request) Successful in 5m57s
/ Tests (1.20) (pull_request) Successful in 4m8s
/ Tests (1.21) (pull_request) Successful in 3m58s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-17 11:29:09 +03:00
3ff027587c [#357] Add check of request and resource tags
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-17 07:06:58 +00:00
9f29fcbd52 [#353] docs: Add bucket policy docs
Some checks failed
/ DCO (pull_request) Successful in 1m35s
/ Builds (1.20) (pull_request) Successful in 2m12s
/ Builds (1.21) (pull_request) Successful in 1m51s
/ Vulncheck (pull_request) Failing after 2m8s
/ Lint (pull_request) Successful in 3m2s
/ Tests (1.20) (pull_request) Successful in 2m40s
/ Tests (1.21) (pull_request) Successful in 2m34s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-15 11:41:19 +03:00
8307c73fef [#364] Fix removing combined object
Some checks failed
/ Vulncheck (pull_request) Failing after 3m8s
/ DCO (pull_request) Successful in 3m49s
/ Builds (1.20) (pull_request) Successful in 5m35s
/ Builds (1.21) (pull_request) Successful in 4m16s
/ Lint (pull_request) Successful in 6m55s
/ Tests (1.20) (pull_request) Successful in 5m14s
/ Tests (1.21) (pull_request) Successful in 4m29s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 14:56:38 +03:00
d8889fca56 [#340] Fix encode object acl
In the process of encode the acl of an object,
we use a map. As a result, when traversing the
map, we can get a different sequence of permissions
each time. Therefore, a list is used instead of a map.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-04-11 09:28:30 +00:00
61ff4702a2 [#360] Reuse single target during policy check
Some checks failed
/ DCO (pull_request) Successful in 1m38s
/ Vulncheck (pull_request) Failing after 2m4s
/ Builds (1.20) (pull_request) Successful in 2m33s
/ Builds (1.21) (pull_request) Successful in 2m12s
/ Lint (pull_request) Successful in 3m6s
/ Tests (1.20) (pull_request) Successful in 2m57s
/ Tests (1.21) (pull_request) Successful in 2m6s
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:56:47 +03:00
6da1acc554 [#360] Use 'c' prefix for bucket policies instead of 'n'
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:56:47 +03:00
3ea3f971e1 [#359] Update APE to allow put tombstone on delete object
Some checks failed
/ Vulncheck (pull_request) Failing after 4m0s
/ DCO (pull_request) Successful in 4m33s
/ Builds (1.20) (pull_request) Successful in 4m59s
/ Builds (1.21) (pull_request) Successful in 4m58s
/ Lint (pull_request) Successful in 6m17s
/ Tests (1.20) (pull_request) Successful in 4m57s
/ Tests (1.21) (pull_request) Successful in 4m7s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 15:12:30 +03:00
cb83f7646f [#347] port: Explicitly specify sorting order of subtree for object listing
Some checks failed
/ DCO (pull_request) Successful in 1m56s
/ Vulncheck (pull_request) Failing after 4m57s
/ Builds (1.20) (pull_request) Successful in 5m54s
/ Builds (1.21) (pull_request) Successful in 5m56s
/ Lint (pull_request) Successful in 13m10s
/ Tests (1.20) (pull_request) Successful in 5m34s
/ Tests (1.21) (pull_request) Successful in 3m22s
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-09 18:57:47 +03:00
9c012d0a66 [#355] Remove policies when delete bucket
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-09 15:49:46 +00:00
bda014b7b4 [#355] Update frostfs-contract to terminate session iterator
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-09 15:49:46 +00:00
37d05dcefd [#353] Add check of listing parameters and versionID
Some checks failed
/ DCO (pull_request) Successful in 1m36s
/ Vulncheck (pull_request) Failing after 2m17s
/ Builds (1.20) (pull_request) Successful in 3m27s
/ Builds (1.21) (pull_request) Successful in 3m22s
/ Lint (pull_request) Successful in 5m4s
/ Tests (1.20) (pull_request) Successful in 2m53s
/ Tests (1.21) (pull_request) Successful in 2m47s
Add properties in policy check:
* s3:delimiter
* s3:prefix
* s3:max-keys
* s3:VersionId

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-08 17:57:55 +03:00
8407b3ea4c [#352] policy: Use iterators to list chains
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-04 12:51:12 +00:00
e537675223 [#341] Update CHANGELOG
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-03 12:04:48 +00:00
789464e134 [#341] Add "h2" as next proto to allow HTTP/2 requests in http.Serve
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-03 12:04:48 +00:00
a138f4954b [#341] Test HTTP/2 requests
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-03 12:04:48 +00:00
8669bf6b50 [#346] acl: Update APE and fix using
All checks were successful
/ DCO (pull_request) Successful in 2m57s
/ Vulncheck (pull_request) Successful in 3m33s
/ Lint (pull_request) Successful in 4m44s
/ Tests (1.20) (pull_request) Successful in 3m38s
/ Tests (1.21) (pull_request) Successful in 3m29s
/ Builds (1.20) (pull_request) Successful in 1m12s
/ Builds (1.21) (pull_request) Successful in 3m23s
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 12:43:04 +00:00
6b8095182e [#343] docs: Actualize s3 compatibility table
All checks were successful
/ Builds (1.20) (pull_request) Successful in 13m52s
/ Builds (1.21) (pull_request) Successful in 13m40s
/ Lint (pull_request) Successful in 19m2s
/ Tests (1.20) (pull_request) Successful in 14m18s
/ Tests (1.21) (pull_request) Successful in 14m23s
/ DCO (pull_request) Successful in 2m55s
/ Vulncheck (pull_request) Successful in 1m9s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 15:02:51 +03:00
348126b3b8 [#301] go.mod: Update sdk-go
All checks were successful
/ Vulncheck (pull_request) Successful in 1m52s
/ Builds (1.20) (pull_request) Successful in 3m0s
/ Builds (1.21) (pull_request) Successful in 2m57s
/ DCO (pull_request) Successful in 2m50s
/ Lint (pull_request) Successful in 4m21s
/ Tests (1.20) (pull_request) Successful in 1m41s
/ Tests (1.21) (pull_request) Successful in 1m35s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-28 09:13:27 +03:00
fbe7a784e8 [#301] Support GetBucketPolicyStatus
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-28 09:13:25 +03:00
bfcde09f07 [#291] server auto re-binding
Some checks failed
/ Vulncheck (pull_request) Failing after 1m38s
/ DCO (pull_request) Successful in 1m43s
/ Builds (1.20) (pull_request) Successful in 2m17s
/ Builds (1.21) (pull_request) Successful in 1m57s
/ Lint (pull_request) Successful in 5m7s
/ Tests (1.20) (pull_request) Successful in 2m32s
/ Tests (1.21) (pull_request) Successful in 2m8s
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-03-27 14:28:50 +03:00
94bd1dfe28 [#334] Add auth doc
Some checks failed
/ DCO (pull_request) Successful in 1m18s
/ Vulncheck (pull_request) Failing after 1m42s
/ Builds (1.20) (pull_request) Successful in 2m16s
/ Builds (1.21) (pull_request) Successful in 1m51s
/ Lint (pull_request) Successful in 4m4s
/ Tests (1.20) (pull_request) Successful in 2m34s
/ Tests (1.21) (pull_request) Successful in 2m23s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-21 12:12:29 +03:00
80c7b73eb9 [#306] In APE buckets forbid canned acl except private
Some checks failed
/ DCO (pull_request) Successful in 2m50s
/ Vulncheck (pull_request) Failing after 3m15s
/ Builds (1.20) (pull_request) Successful in 3m39s
/ Builds (1.21) (pull_request) Successful in 3m41s
/ Lint (pull_request) Successful in 5m48s
/ Tests (1.20) (pull_request) Successful in 4m0s
/ Tests (1.21) (pull_request) Successful in 3m53s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-19 16:57:26 +03:00
62cc5a04a7 [#328] Log error on failed response writing
Some checks failed
/ DCO (pull_request) Successful in 3m34s
/ Vulncheck (pull_request) Failing after 4m18s
/ Builds (1.20) (pull_request) Successful in 4m58s
/ Builds (1.21) (pull_request) Successful in 4m24s
/ Lint (pull_request) Successful in 7m27s
/ Tests (1.20) (pull_request) Successful in 5m24s
/ Tests (1.21) (pull_request) Successful in 5m0s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-15 11:02:26 +03:00
6788306998 [#328] Log invalid tree service KVs
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 15:35:23 +03:00
4ee3648183 [#328] Log invalid lock enabled header
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 15:09:51 +03:00
ee48d1dc85 [#325] Log error on failed request id generation
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-04 09:49:41 +00:00