Commit graph

51 commits

Author SHA1 Message Date
aarifullin
8354a074c4 [#49] engine: Fix target considering order
All checks were successful
DCO action / DCO (pull_request) Successful in 1m3s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m12s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m18s
Tests and linters / Staticcheck (pull_request) Successful in 1m23s
Tests and linters / Tests with -race (pull_request) Successful in 1m32s
Tests and linters / Lint (pull_request) Successful in 2m16s
* Namespace target rules should be considered first

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-02-06 14:12:36 +03:00
4a989d6bb7 [#50] .fordejo: Update DCO action
All checks were successful
DCO action / DCO (pull_request) Successful in 1m38s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m31s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m49s
Tests and linters / Tests with -race (pull_request) Successful in 1m59s
Tests and linters / Staticcheck (pull_request) Successful in 2m0s
Tests and linters / Lint (pull_request) Successful in 3m21s
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-02-06 12:58:42 +03:00
0edc002441 [#46] iam: Handle s3 complex actions
All checks were successful
DCO action / DCO (pull_request) Successful in 59s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m11s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m17s
Tests and linters / Staticcheck (pull_request) Successful in 1m24s
Tests and linters / Tests with -race (pull_request) Successful in 1m33s
Tests and linters / Lint (pull_request) Successful in 2m17s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:19:00 +03:00
1cdb3e5a4a [#46] iam: Support more s3 to native actions mapping
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:18:55 +03:00
af388779a3 [#46] iam: Shrink rules for wildcard cases
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8cc5173d73 [#46] iam: Support namespaces when forming native rules
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
2af381ae81 [#46] iam: Error if policy doesn't have actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8d21ab2d99 [#43] engine: Extend with target listing method
All checks were successful
DCO action / DCO (pull_request) Successful in 1m0s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m1s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m16s
Tests and linters / Staticcheck (pull_request) Successful in 1m24s
Tests and linters / Tests with -race (pull_request) Successful in 1m33s
Tests and linters / Lint (pull_request) Successful in 2m15s
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-29 09:41:40 +03:00
0a28f0a992 [#1] gitattributes: Add easyjson files rules
All checks were successful
DCO action / DCO (pull_request) Successful in 1m11s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m3s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m18s
Tests and linters / Tests with -race (pull_request) Successful in 1m35s
Tests and linters / Staticcheck (pull_request) Successful in 1m31s
Tests and linters / Lint (pull_request) Successful in 2m16s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
dd0f582fc3 [#1] chain: Fix ID type from string to bytes
ID may be non UTF-8 string, so from developers POV
it is just byte slice.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
5f13d91c0d [#1] native: Fix typo in owner value
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
88c2a476b0 [#1] chain: Add json marshal/unmarshal
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
58386edf58 [#1] chain: Add binary marshal/unmarshal
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
06cbfe8691 [#876] policy: Add resource\request for container
All checks were successful
Tests and linters / Tests (1.21) (pull_request) Successful in 1m31s
DCO action / DCO (pull_request) Successful in 1m16s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m41s
Tests and linters / Tests with -race (pull_request) Successful in 1m33s
Tests and linters / Staticcheck (pull_request) Successful in 1m34s
Tests and linters / Lint (pull_request) Successful in 2m17s
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-22 13:47:24 +03:00
c80c99b13e [#41] chain: Fix ID serialization
All checks were successful
DCO action / DCO (pull_request) Successful in 1m35s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m34s
Tests and linters / Staticcheck (pull_request) Successful in 1m50s
Tests and linters / Tests (1.20) (pull_request) Successful in 2m6s
Tests and linters / Tests with -race (pull_request) Successful in 2m2s
Tests and linters / Lint (pull_request) Successful in 3m22s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-12 10:56:04 +03:00
ed93bb5cc5 [#35] local_storage: Make thread safe
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-21 12:13:54 +00:00
06e9c91014 [#33] pkg/chain: Support CondSliceContains condition
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-21 11:13:52 +00:00
b82544b0fe [#876] policy: Fix SetAdmin
All checks were successful
DCO action / DCO (pull_request) Successful in 1m5s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m14s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m32s
Tests and linters / Tests with -race (pull_request) Successful in 1m34s
Tests and linters / Staticcheck (pull_request) Successful in 1m34s
Tests and linters / Lint (pull_request) Successful in 2m23s
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-12-21 07:54:42 +03:00
641a1429ef [#876] policy: Add methods Get/SetAdmin for wrapper
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-12-21 04:51:21 +00:00
02e50307df [#34] native: Add container methods
All checks were successful
Tests and linters / Tests (1.21) (pull_request) Successful in 1m28s
DCO action / DCO (pull_request) Successful in 1m13s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m37s
Tests and linters / Tests with -race (pull_request) Successful in 1m34s
Tests and linters / Staticcheck (pull_request) Successful in 1m40s
Tests and linters / Lint (pull_request) Successful in 2m18s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-20 14:22:01 +03:00
3128352693 [#36] iam: Keep s3/iam prefixes in resources
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
ec39d8371a [#36] iam: Support iam actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
aarifullin
e57d213595 [#26] schema: Add resource name validation method
Close #26

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-12-19 16:40:59 +00:00
aarifullin
62ea96b82c [#32] morph: Remove name transformer in morph policy client
* It is not required to transform long names because
  container chains will be added by container ID
  but not by a resource name.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-12-14 12:22:53 +00:00
1d07331f5d [#28] iam: Fix converters
Handle resource without object as bucket name instead of bucket with any object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-13 13:20:38 +00:00
3b107e9413 [#28] chain: Add S3 chain name
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-13 13:20:38 +00:00
8c673ee4f4 [#21] chain: Allow to return first match result
All checks were successful
DCO action / DCO (pull_request) Successful in 1m3s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m23s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m33s
Tests and linters / Tests with -race (pull_request) Successful in 1m31s
Tests and linters / Staticcheck (pull_request) Successful in 1m35s
Tests and linters / Lint (pull_request) Successful in 2m19s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-11 11:03:03 +03:00
1375e8f7fd [#21] router: Make Deny the highest priority
All checks were successful
DCO action / DCO (pull_request) Successful in 1m5s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m15s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m34s
Tests and linters / Tests with -race (pull_request) Successful in 1m31s
Tests and linters / Staticcheck (pull_request) Successful in 1m32s
Tests and linters / Lint (pull_request) Successful in 2m22s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-08 12:37:29 +03:00
aarifullin
156018bcba [#3] policy: Introduce policy contract interface wrapper
All checks were successful
DCO action / DCO (pull_request) Successful in 46s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m16s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m17s
Tests and linters / Tests with -race (pull_request) Successful in 1m33s
Tests and linters / Staticcheck (pull_request) Successful in 1m44s
Tests and linters / Lint (pull_request) Successful in 3m14s
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-12-07 14:01:27 +03:00
aarifullin
df15b38c63 [#3] engine: Refactor MorphRuleChainStorage
* Make changing state methods like AddMorphRuleChain,
  RemoveMorphRuleChain return transaction hash and VUB.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-06 12:25:55 +03:00
aarifullin
2d4a9fc6dc [#25] engine: Refactor ChainRouter interface
* Pass RequestTarget instead only namespace
* Refactor unit-tests and dependencies

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-12-05 09:20:54 +00:00
aarifullin
4d8242584a [#25] engine: Refactor LocalOverrideStorage
* Make LocalOverrideStorage methods to receive Target type
  instead resource
* Refactor unit-tests and dependencies
* Make default chain router check local overrides not
  only for container but also for namespaces

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-12-05 09:20:54 +00:00
a0a35bf4bf [#22] iam: Fix converters
All checks were successful
DCO action / DCO (pull_request) Successful in 1m9s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m8s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m25s
Tests and linters / Tests with -race (pull_request) Successful in 1m21s
Tests and linters / Staticcheck (pull_request) Successful in 1m22s
Tests and linters / Lint (pull_request) Successful in 2m18s
Validate that actions and resources contain wildcard only at the end

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-28 17:56:36 +03:00
5fa9d91903 [#17] iam: Add converter to native/s3 policy
All checks were successful
DCO action / DCO (pull_request) Successful in 3m18s
Tests and linters / Tests (1.21) (pull_request) Successful in 3m35s
Tests and linters / Tests (1.20) (pull_request) Successful in 3m46s
Tests and linters / Tests with -race (pull_request) Successful in 3m45s
Tests and linters / Staticcheck (pull_request) Successful in 3m49s
Tests and linters / Lint (pull_request) Successful in 5m15s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-21 11:45:41 +03:00
5db67021e1 [#20] schema: Drop root from namespace definition
All checks were successful
DCO action / DCO (pull_request) Successful in 1m1s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m23s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m18s
Tests and linters / Tests with -race (pull_request) Successful in 1m20s
Tests and linters / Staticcheck (pull_request) Successful in 1m23s
Tests and linters / Lint (pull_request) Successful in 2m4s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-15 12:47:36 +03:00
aarifullin
17453d3cda [#7] engine: Revise CachedChainStorage interface
* Nuke out CachedChainStorage interface
* Introduce LocalOverrideStorage interface to manage
  local overrides
* Introduce MorphRuleChainStorage interface to manage
  chains in the policy contract
* Extend Engine interface

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-11-15 09:22:42 +00:00
aarifullin
a08f600d97 [#7] engine: Set project structure pattern for files
* Create pkg package
* Move chain-relates structures to pkg/chain package
* Move inmemory and interface files to pkg/engine package
* Move resource structures to pkg/resource package
* Move GlobMatch to util package

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-11-15 09:22:42 +00:00
aarifullin
9472a7123e [#7] engine: Move globMatch to common util package
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-11-15 09:22:42 +00:00
38985e4ec8 [#19] schema: Add native schema consts
All checks were successful
DCO action / DCO (pull_request) Successful in 1m4s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m9s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m27s
Tests and linters / Tests with -race (pull_request) Successful in 1m20s
Tests and linters / Staticcheck (pull_request) Successful in 1m28s
Tests and linters / Lint (pull_request) Successful in 2m9s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-14 13:09:51 +03:00
b7645489d0 [#18] chain: Drop Actor object type
All checks were successful
DCO action / DCO (pull_request) Successful in 58s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m32s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m27s
Tests and linters / Tests with -race (pull_request) Successful in 1m26s
Tests and linters / Staticcheck (pull_request) Successful in 1m35s
Tests and linters / Lint (pull_request) Successful in 3m3s
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-13 17:41:08 +03:00
63ecf63a08 [#11] iam: Support 'NotPrincipal', 'NotAction', 'NotResource'
All checks were successful
Tests and linters / Tests (1.21) (pull_request) Successful in 1m39s
Tests and linters / Tests (1.20) (pull_request) Successful in 2m11s
DCO action / DCO (pull_request) Successful in 2m31s
Tests and linters / Staticcheck (pull_request) Successful in 2m27s
Tests and linters / Tests with -race (pull_request) Successful in 2m35s
Tests and linters / Lint (pull_request) Successful in 3m55s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-02 14:55:48 +03:00
8d291039d8 [#11] Support inverted action and resource
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-02 12:24:37 +03:00
5eee1a7334 [#14] pre-commit: Add gofumpt
All checks were successful
DCO action / DCO (pull_request) Successful in 57s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m9s
Tests and linters / Staticcheck (pull_request) Successful in 1m21s
Tests and linters / Tests with -race (pull_request) Successful in 1m27s
Tests and linters / Lint (pull_request) Successful in 2m8s
Tests and linters / Tests (1.21) (pull_request) Successful in 2m36s
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-11-01 11:24:25 +03:00
8dc9d9fa58 [#14] .forgejo: Add tests and lint workflows
All checks were successful
DCO action / DCO (pull_request) Successful in 43s
Tests and linters / Tests (1.20) (pull_request) Successful in 53s
Tests and linters / Tests (1.21) (pull_request) Successful in 49s
Tests and linters / Staticcheck (pull_request) Successful in 59s
Tests and linters / Tests with -race (pull_request) Successful in 1m14s
Tests and linters / Lint (pull_request) Successful in 1m55s
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-11-01 11:18:57 +03:00
7f6ee39cb8 [#14] Fix linter warnings
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-11-01 11:05:03 +03:00
aarifullin
76372aac04 [#13] interface: Add methods to CachedChainStorage interface
* Introduce GetOverride, RemoveOverride, ListOverrides
* Implement them in inmemory struct

Signed-off-by: aarifullin <aarifullin@yadro.com>
2023-10-31 17:21:34 +03:00
aarifullin
35f24627f0 [#13] chain: Introduce ChainID type
Signed-off-by: aarifullin <aarifullin@yadro.com>
2023-10-31 17:21:28 +03:00
31a308ea61 [#4] Reduce number of condition types 2023-10-23 15:44:34 +03:00
88cf807951 [#4] Add IAM policy unmarshaler 2023-10-23 15:44:34 +03:00
5ebb2e694c [#2] Initial implementation
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-10-23 10:45:15 +03:00