aarifullin/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#1051] object: Ignore APE check for PutSingle with tombstone object

Browse source 
* When a client requests DeleteObject, delete service may send PutSingle
  with tombstone object type to several nodes. If APE allows deletes,
  but denies puts, then PutSingle cannot be performed although it is
  being performed in the delete context. So, check for putting tombstone
  is ignored.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
Airat Arifullin 2024-03-19 14:32:58 +03:00
parent 7278201753
commit 740cfe4ac1
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/services/object/ape/checker.go
View file

@ -77,6 +77,11 @@ func (c *checkerImpl) CheckAPE(ctx context.Context, prm Prm) error {
return fmt.Errorf("failed to create ape request: %w", err)
}
if prm.Method == nativeschema.MethodPutObject &&
r.Resource().Property(nativeschema.PropertyKeyObjectType) == objectV2.TypeTombstone.String() {
return nil
}
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress,
policyengine.NewRequestTarget(prm.Namespace, prm.Container.EncodeToString()), r)
if err != nil {