TrueCloudLab/frostfs-s3-gw
18
3
Fork 20
Code Issues 29 Pull requests 8 Projects Releases 23 Packages Activity Actions

bugfix/306-use_APE_instead_eACL #310

Merged
alexvanin merged 15 commits from dkirillov/frostfs-s3-gw:bugfix/306-use_APE_instead_eACL into master 2024-09-04 19:51:13 +00:00
Conversation 1 Commits 15 Files changed 36 +1381 -583
dkirillov commented 2024-02-13 09:56:54 +00:00
Member
Copy link

close #306

This should work when we will start handle no rules found as deny

close #306 This should work when we will start handle `no rules found` as deny
dkirillov self-assigned this 2024-02-13 09:56:54 +00:00
dkirillov force-pushed bugfix/306-use_APE_instead_eACL from 548ce6d215 to 37d5ff84d3 2024-02-13 09:59:28 +00:00 Compare
dkirillov changed title from bugfix/306-use_APE_instead_eACL to WIP: bugfix/306-use_APE_instead_eACL 2024-02-13 11:37:43 +00:00
dkirillov commented 2024-02-13 11:38:43 +00:00
Author
Member
Copy link

Blocked until we know how to create new container (probably for this purpose new value for basic acl will be introduced) TrueCloudLab/frostfs-node#986

Blocked until we know how to create new container (probably for this purpose new value for basic acl will be introduced) https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/986
dkirillov added 2 commits 2024-02-14 14:10:47 +00:00 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
[#306] Add flag to enable old ACL bucket creation
Some checks failed
/ DCO (pull_request) Successful in 1m36s
Details
/ Vulncheck (pull_request) Successful in 1m59s
Details
/ Builds (1.20) (pull_request) Successful in 2m43s
Details
/ Builds (1.21) (pull_request) Successful in 2m41s
Details
/ Lint (pull_request) Failing after 2m51s
Details
/ Tests (1.20) (pull_request) Successful in 2m58s
Details
/ Tests (1.21) (pull_request) Successful in 1m40s
Details
4646f0f445 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
dkirillov changed title from WIP: bugfix/306-use_APE_instead_eACL to bugfix/306-use_APE_instead_eACL 2024-02-27 09:56:03 +00:00
alexvanin reviewed 2024-02-28 14:25:20 +00:00
alexvanin left a comment
Owner
Copy link

Overall looks good to me.

Overall looks good to me.
api/handler/acl.go Outdated
@ -335,0 +420,4 @@
}
}()
written, err := io.Copy(io.Discard, r.Body)
alexvanin commented 2024-02-28 14:21:48 +00:00
Owner
Copy link

thought: People without eACL -> APE transition context might be confused the heck is going on here 😄

thought: People without eACL -> APE transition context might be confused the heck is going on here 😄
👀 1
api/layer/container.go Outdated
@ -149,10 +156,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
bktInfo.CID = res.ContainerID
bktInfo.HomomorphicHashDisabled = res.HomomorphicHashDisabled
if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL, p.SessionEACL); err != nil {
alexvanin commented 2024-02-28 14:05:07 +00:00
Owner
Copy link

question: if p.APEEnabled == false, shouldn't we set EACLTable as it was before to keep previous behaviour?

question: if `p.APEEnabled == false`, shouldn't we set EACLTable as it was before to keep previous behaviour?
dkirillov commented 2024-02-28 14:48:22 +00:00
Author
Member
Copy link

We set here

We set [here](https://git.frostfs.info/dkirillov/frostfs-s3-gw/src/commit/f1cd70ca782d421535fe9d26dcf5abbfcf9a5b9b/api/handler/put.go#L911)
alexvanin marked this conversation as resolved
internal/frostfs/policy/morph_rule_chain_storage.go Outdated
@ -31,1 +28,3 @@
)
var _ engine.MorphRuleChainStorage = (*MorphRuleChainStorage)(nil)
const bucketPolicyPrefix = 'b'
alexvanin commented 2024-02-28 11:55:18 +00:00
Owner
Copy link

question: This prefix used to manage bucket policies, which are out of scope for 3rd party IAM services, therefore it should not be a part of policy-engine/iam library, right?

question: This prefix used to manage bucket policies, which are out of scope for 3rd party IAM services, therefore it should not be a part of [policy-engine/iam](https://git.frostfs.info/TrueCloudLab/policy-engine/src/branch/master/iam) library, right?
dkirillov commented 2024-02-28 14:45:47 +00:00
Author
Member
Copy link

policy-engine doesn't form chain id at all

policy-engine doesn't form chain id at all
alexvanin marked this conversation as resolved
dkirillov force-pushed bugfix/306-use_APE_instead_eACL from f1cd70ca78 to 7de1ffdbe9 2024-02-28 15:00:38 +00:00 Compare
alexvanin approved these changes 2024-02-29 06:41:57 +00:00
alexvanin merged commit 7de1ffdbe9 into master 2024-02-29 07:05:34 +00:00
alexvanin deleted branch bugfix/306-use_APE_instead_eACL 2024-02-29 07:05:35 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
alexvanin
Labels
Clear labels   
P0

Highest

  
P1

High

  
P2

Medium

  
P3

Low

  
good first issue

Good for newcomers

  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
P0
P1
P2
P3
good first issue
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
dkirillov
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-s3-gw#310
No description provided.
Delete branch "dkirillov/frostfs-s3-gw:bugfix/306-use_APE_instead_eACL"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?