[#553] authmate: Don't use basic acl #554

dkirillov · 2024-11-18T12:31:45Z

dkirillov commented

2024-11-18 12:31:45 +00:00

close #553

dkirillov self-assigned this 2024-11-18 12:31:45 +00:00

dkirillov added 1 commit 2024-11-18 12:31:45 +00:00

[#553 ] authmate: Don't use basic acl

/ DCO (pull_request) Successful in 1m44s

Details

/ Vulncheck (pull_request) Successful in 2m8s

Details

/ Builds (pull_request) Successful in 2m27s

Details

/ Lint (pull_request) Successful in 3m45s

Details

/ Tests (pull_request) Successful in 2m42s

Details

a45bbe9c14

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

dkirillov force-pushed featue/553-dont_use_basic_acl from a45bbe9c14 to 4253fc5b90

2024-11-18 12:32:20 +00:00

Compare

dkirillov added 1 commit 2024-11-19 08:22:48 +00:00

[#553 ] authmate: Add retryer to create access box

/ DCO (pull_request) Successful in 1m28s

Details

/ Vulncheck (pull_request) Successful in 1m45s

Details

/ Builds (pull_request) Successful in 1m48s

Details

/ Lint (pull_request) Successful in 2m23s

Details

/ Tests (pull_request) Successful in 1m49s

Details

ed4cc417b7

After using AddChain to provide access to container we have to wait:
* tx with APE chain be accepted by blockchain
* cache in storage node be updated

it takes a while. So we add retry
 (the same as when we add bucket settings during bucket creation)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

dkirillov changed title from ~~WIP: [#553] authmate: Don't use basic acl~~ to [#553] authmate: Don't use basic acl

2024-11-19 08:23:04 +00:00

dkirillov requested review from storage-services-developers 2024-11-19 08:23:12 +00:00

dkirillov requested review from storage-services-committers 2024-11-19 08:23:17 +00:00

alexvanin reviewed 2024-11-19 12:02:18 +00:00

api/layer/frostfs/frostfs.go Outdated

					
				@ -47,1 +44,4 @@

				type PrmAddContainerPolicyChain struct {

					ContainerID cid.ID

					Chain       chain.Chain

alexvanin commented

2024-11-19 11:48:18 +00:00

Don't you want to add comments like in other param structs?

dkirillov commented

2024-11-19 12:06:08 +00:00

Sure

internal/frostfs/authmate.go Outdated

					
				@ -73,0 +84,4 @@

									Op:    chain.CondStringEquals,

									Kind:  chain.KindRequest,

									Key:   native.PropertyKeyActorPublicKey,

									Value: hex.EncodeToString(prm.Owner.Bytes()),

alexvanin commented

2024-11-19 12:02:14 +00:00

Do we need explicit allow rule for container owner? As far as I understand, we can use frostfs-cli to create container and then upload object without additional APEs

dkirillov commented

2024-11-19 12:11:31 +00:00

Yes, we have to add explicit rule for container owner. We will create AccessBox there and we need access.

alexvanin marked this conversation as resolved

internal/frostfs/frostfs.go Outdated

					
				@ -138,0 +138,4 @@

				// AddContainerPolicyChain implements frostfs.FrostFS interface method.

				func (x *FrostFS) AddContainerPolicyChain(ctx context.Context, prm frostfs.PrmAddContainerPolicyChain) error {

					var prmAddAPEChain pool.PrmAddAPEChain

					prmAddAPEChain.Target = ape.ChainTarget{