bugfix/306-use_APE_instead_eACL #310

dkirillov · 2024-02-13T09:56:54Z

dkirillov commented

2024-02-13 09:56:54 +00:00

close #306

This should work when we will start handle no rules found as deny

close #306 This should work when we will start handle `no rules found` as deny

dkirillov self-assigned this 2024-02-13 09:56:54 +00:00

dkirillov force-pushed bugfix/306-use_APE_instead_eACL from 548ce6d215 to 37d5ff84d3

2024-02-13 09:59:28 +00:00

Compare

dkirillov changed title from ~~bugfix/306-use_APE_instead_eACL~~ to WIP: bugfix/306-use_APE_instead_eACL

2024-02-13 11:37:43 +00:00

dkirillov commented

2024-02-13 11:38:43 +00:00

Blocked until we know how to create new container (probably for this purpose new value for basic acl will be introduced) TrueCloudLab/frostfs-node#986

Blocked until we know how to create new container (probably for this purpose new value for basic acl will be introduced) https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/986

dkirillov changed title from ~~WIP: bugfix/306-use_APE_instead_eACL~~ to bugfix/306-use_APE_instead_eACL

2024-02-27 09:56:03 +00:00

alexvanin reviewed 2024-02-28 14:25:20 +00:00

alexvanin left a comment

Overall looks good to me.

api/handler/acl.go Outdated

					
				@ -335,0 +420,4 @@

						}

					}()

					written, err := io.Copy(io.Discard, r.Body)

alexvanin commented

2024-02-28 14:21:48 +00:00

thought: People without eACL -> APE transition context might be confused the heck is going on here 😄

👀 1

api/layer/container.go Outdated

					
				@ -149,10 +156,6 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da

					bktInfo.CID = res.ContainerID

					bktInfo.HomomorphicHashDisabled = res.HomomorphicHashDisabled

					if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL, p.SessionEACL); err != nil {

alexvanin commented

2024-02-28 14:05:07 +00:00

question: if p.APEEnabled == false, shouldn't we set EACLTable as it was before to keep previous behaviour?

question: if `p.APEEnabled == false`, shouldn't we set EACLTable as it was before to keep previous behaviour?

dkirillov commented

2024-02-28 14:48:22 +00:00

We set here

We set [here](https://git.frostfs.info/dkirillov/frostfs-s3-gw/src/commit/f1cd70ca782d421535fe9d26dcf5abbfcf9a5b9b/api/handler/put.go#L911)

alexvanin marked this conversation as resolved

internal/frostfs/policy/morph_rule_chain_storage.go Outdated

					
				@ -31,1 +28,3 @@

				)

				var _ engine.MorphRuleChainStorage = (*MorphRuleChainStorage)(nil)

				const bucketPolicyPrefix = 'b'

alexvanin commented

2024-02-28 11:55:18 +00:00

question: This prefix used to manage bucket policies, which are out of scope for 3rd party IAM services, therefore it should not be a part of policy-engine/iam library, right?

question: This prefix used to manage bucket policies, which are out of scope for 3rd party IAM services, therefore it should not be a part of [policy-engine/iam](https://git.frostfs.info/TrueCloudLab/policy-engine/src/branch/master/iam) library, right?

dkirillov commented

2024-02-28 14:45:47 +00:00

policy-engine doesn't form chain id at all

alexvanin marked this conversation as resolved

dkirillov force-pushed bugfix/306-use_APE_instead_eACL from f1cd70ca78 to 7de1ffdbe9

2024-02-28 15:00:38 +00:00

Compare

alexvanin approved these changes 2024-02-29 06:41:57 +00:00

alexvanin merged commit 7de1ffdbe9 into master

2024-02-29 07:05:34 +00:00

alexvanin deleted branch bugfix/306-use_APE_instead_eACL

2024-02-29 07:05:35 +00:00