728 commits

Author	SHA1	Message	Date
Denis Kirillov	280d11c794	[#407] Don't set full_control for bucket owner ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-06-19 10:55:24 +03:00
Roman Loginov	ed34b2cae4	[#402] auth: Extend test coverage ... Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-06-14 10:06:00 +00:00
Denis Kirillov	76f553d292	[#403] Set resource tags into resource properties ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-06-13 11:12:40 +03:00
Denis Kirillov	bb81afc14a	[#398] Support retryer ... Add two strategy for PutBucketSettings request retryer: * exponential backoff (increasing up to `max_backoff` delays with jitter) * constant backoff (always the same `max_backoff` delay between requests) Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-06-06 13:02:17 +00:00
Marina Biryukova	e25dc90c20	[#399] Add OPTIONS method for object operations ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-06-04 12:59:45 +00:00
Pavel Pogodaev	b5fae316cf	[#396] Add user to response ... Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-06-04 09:37:55 +00:00
Roman Loginov	9152b084ec	[#387] Fix typo ... Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-05-22 15:06:02 +00:00
Roman Loginov	21dbe3ea8e	[#387] api: Add tests for middleware ... Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-05-22 15:06:02 +00:00
Roman Loginov	f4d174e740	[#387] middleware: Extend test coverage ... Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-05-22 15:06:02 +00:00
Roman Loginov	8a758293b9	[#387] middleware: Delete unused code ... Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-05-22 15:06:02 +00:00
Denis Kirillov	fb521c7ac6	[#367] policy: Set IAM-MFA property to false by default ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-05-22 12:05:42 +03:00
Alex Vanin	87b9e97a80	[#354] Do not proceed on bucket remove error ... Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-05-17 20:38:39 +03:00
Artem Tataurov	d62d8f3874	[#385] Support the renaming of ObjectRequest and ObjectContainer ... Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>	2024-05-14 16:51:36 +03:00
Alex Vanin	6bf6a3b1a3	[#362] Check user and groups during policy check ... Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-05-08 15:25:14 +03:00
Marina Biryukova	c43ef040dc	[#382] Fix request type determination ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-05-07 15:17:22 +03:00
Marina Biryukova	2ab655b909	[#380] Add test for credentials versioning ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-05-03 07:24:13 +00:00
Pavel Pogodaev	db05021786	[#379] Add Iana CharsetReader for Oracle integration ... Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-04-25 17:44:38 +03:00
Marina Biryukova	034396d554	[#377] Add check of Source IP ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-22 15:29:18 +03:00
Pavel Pogodaev	3c436d8de9	[#365] Include iam user tags in query ... Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>	2024-04-22 10:47:43 +03:00
Marina Biryukova	45f77de8c8	[#371] Add custom Source IP header configuration ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-22 07:42:45 +00:00
Marina Biryukova	e22ff52165	[#367] Add check of AccessBox attributes ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-19 06:25:26 +00:00
Denis Kirillov	5315f7b733	[#269] Create frostfsid wrapper with cache ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-18 09:32:30 +03:00
Denis Kirillov	fec3b3f31e	[#269] Add frostfsid cache configuration ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-17 12:11:23 +03:00
Marina Biryukova	3ff027587c	[#357] Add check of request and resource tags ... Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-17 07:06:58 +00:00
Denis Kirillov	8307c73fef	[#364] Fix removing combined object ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-12 14:56:38 +03:00
Roman Loginov	d8889fca56	[#340] Fix encode object acl ... In the process of encode the acl of an object, we use a map. As a result, when traversing the map, we can get a different sequence of permissions each time. Therefore, a list is used instead of a map. Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-04-11 09:28:30 +00:00
Alex Vanin	61ff4702a2	[#360] Reuse single target during policy check ... Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-04-10 17:56:47 +03:00
Alex Vanin	6da1acc554	[#360] Use 'c' prefix for bucket policies instead of 'n' ... With 'c' prefix, acl chains become shorter, thus gateway receives shorter results and avoids sessions to neo-go. There is still issue with many IAM rules. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-04-10 17:56:47 +03:00
Denis Kirillov	9c012d0a66	[#355] Remove policies when delete bucket ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-09 15:49:46 +00:00
Marina Biryukova	37d05dcefd	[#353] Add check of listing parameters and versionID ... Add properties in policy check: * s3:delimiter * s3:prefix * s3:max-keys * s3:VersionId Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2024-04-08 17:57:55 +03:00
Denis Kirillov	8669bf6b50	[#346] acl: Update APE and fix using ... * Remove native policy when remove bucket policy * Allow policies that contain only s3 compatible statements (now deny rules cannot be converted to native rules) Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-02 12:43:04 +00:00
Denis Kirillov	fbe7a784e8	[#301] Support GetBucketPolicyStatus ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-28 09:13:25 +03:00
Denis Kirillov	80c7b73eb9	[#306] In APE buckets forbid canned acl except private ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-19 16:57:26 +03:00
Denis Kirillov	62cc5a04a7	[#328] Log error on failed response writing ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-15 11:02:26 +03:00
Denis Kirillov	4ee3648183	[#328] Log invalid lock enabled header ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-04 15:09:51 +03:00
Denis Kirillov	ee48d1dc85	[#325] Log error on failed request id generation ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-04 09:49:41 +00:00
Denis Kirillov	f958eef2b3	[#325] Use default empty data.LockInfo in get/head in case of error ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-04 09:49:41 +00:00
Denis Kirillov	81b44ab3d3	[#325] Fix mutex usage in controller ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-04 09:49:41 +00:00
Denis Kirillov	8050ca2d51	[#306] Use session token for container read operations ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-01 18:14:33 +03:00
Denis Kirillov	c12e264697	[#306] Simplify cid resolver for metrics ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-01 17:46:16 +03:00
Denis Kirillov	e9f38a49e4	[#306] Fix forming key for bucket cache ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-01 16:09:40 +03:00
Denis Kirillov	fabb4134bc	[#318] Use log msg from constants ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	e1ee36b979	[#318] Fix tests ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	937367caaf	[#318] Fix panic on invalid multipart form ... Previously, simple 'curl -X POST http://localhost:8084/test' leads to panic because of wrong handle matching Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	7b86bac6ee	[#318] Log unmatched requests ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	529ec7e0b9	[#318] Don't log empty bucket/name ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	4741e74210	[#318] Log successfully authenticated accessKeyIDs ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	f1470bab4a	[#318] auth: Add context for logged errors ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	6e5bcaef97	[#318] Log policy request checking ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00
Denis Kirillov	1522db05c5	[#318] Log namespace for requests ... Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-29 17:30:28 +03:00