aarifullin/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity
4760 commits 130 branches 26 tags 52 MiB
Commit graph

590 commits

Author SHA1 Message Date
Dmitrii Stepanov
ecd1ed7a5e [#1184] node: Add audit middleware for grpc services 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-06-19 16:05:53 +03:00
Airat Arifullin
04a3f891fd [#1157] object: Make APE checker use Bearer-token's APE overrides 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-06-07 12:11:11 +00:00
Anton Nikiforov
c1af13b47e [#1147] node: Fix issue from gopls 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-30 08:13:04 +00:00
Anton Nikiforov
6130650bb6 [#1147] node: Implement Lock\Delete requests for EC object 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-30 08:13:04 +00:00
Anton Nikiforov
d355274cd0 [#1147] object: Use methods on pointer for searchsvc.execCtx 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-30 08:13:04 +00:00
Anton Nikiforov
3555c73225 [#1147] object: Use methods on pointer for deletesvc.execCtx 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-30 08:13:04 +00:00
Anton Nikiforov
e43e7bec3a [#1147] log: Remove redundant address field from log 
Filled when logger created for `request` object from package `getsvc`.

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-30 08:13:04 +00:00
Airat Arifullin
482c5129ac [#1142] object: Fill APE-request with source IP property 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-05-27 10:17:17 +00:00
Dmitrii Stepanov
436c9f5558 [#1129] policer: Restore EC object 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-05-17 14:36:18 +03:00
Dmitrii Stepanov
44f2e8f27f [#1129] putSvc: Allow to put single unprepared object to EC container 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-05-16 16:28:49 +03:00
Dmitrii Stepanov
cbe9757490 [#1129] policer: Pull required EC chunks 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-05-16 16:28:49 +03:00
Evgenii Stratonikov
b3eaa8a9bc [#1083] objsvc/v2: Check response status in RANGE_HASH forwarder 
Fixes #1083

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-05-15 12:04:21 +03:00
Evgenii Stratonikov
0924b62a95 [#1083] objsvc/v2: Unify response verification after forwarding 
1. Use the same routine for HEAD/GET_RANGE methods.
2. Make error message similar.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-05-15 12:04:06 +03:00
Evgenii Stratonikov
300654b045 [#1083] objsvc/v2: Properly check response status after forwarding 
Previously we had cryptic error:
```
debug   get/remote.go:38        remote call failed      {"component": "Object.Get service", "request": "HEAD", "address": "9sTxoVrhJ7WBtXQfK2NJ7zDV5yCF7BPLKK1XTxYPdGsP/BbHV4KZZ8y2BPqAT5kyjdHRLkfbtY2xf5uYoMVqxACn1", "raw": false, "local": false, "with session": false, "with bearer": false, "error": "unexpected header type <nil>"}
```
Now we have and expected error:
```
debug   get/remote.go:38        remote call failed      {"component": "Object.Get service", "request": "HEAD", "address": "D2rqaMG4D2VHdv3HKky8UYSYmwQFH2v9oXXqtyRZPTMy/BbHV4KZZ8y2BPqAT5kyjdHRLkfbtY2xf5uYoMVqxACn1", "raw": false, "local": false, "with session": false, "with bearer": false, "error": "status: code = 2049 message = object not found"}
```

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-05-15 12:04:06 +03:00
Airat Arifullin
952d13cd2b [#1124] cli: Improve APE rule parsing 
* Make APE rule parser to read condition's kind in unambiguous using lexemes
`ResourceCondition`, `RequestCondition` instead confusing `Object.Request`, `Object.Resource`.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-05-14 12:23:26 +03:00
Dmitrii Stepanov
0144117cc9 [#1125] objectSvc: Add EC header APE check 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-05-08 16:25:55 +03:00
Dmitrii Stepanov
ada1b9f737 [#1120] objectSvc: Fix EC put placement 
Use parent object ID to compute placement.
Fix too many copies saving.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-05-08 15:23:57 +03:00
Anton Nikiforov
fe2c1c926f [#1112] node: Fix race warning for GetObjectAndWritePayload 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-07 14:47:21 +03:00
Anton Nikiforov
3e782527b8 [#1112] node: Add test for Range request for EC object 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-07 14:47:21 +03:00
Anton Nikiforov
21a490da8f [#1112] Fix issue from gofumpt 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-07 14:47:21 +03:00
Evgenii Stratonikov
93c0ccad4f [#1077] objectsvc: Fix possible panic in GetRange() 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-05-07 14:47:21 +03:00
Anton Nikiforov
00b2b77b26 [#1112] node: Implement Range\RangeHash requests for EC object 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-05-07 14:47:21 +03:00
aarifullin
b60a51b862 [#1117] ape: Introduce FormFrostfsIDRequestProperties method 
* `FormFrostfsIDRequestProperties` gets user claim tags and group id and sets them
  as ape request properties.
* Make tree, container and object service use the method.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-05-07 10:01:21 +00:00
aarifullin
6c76c9b457 [#1117] core: Introduce SubjectProvider interface for FrostfsID 
* Make tree, object and container services use SubjectProvider interface.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-05-07 10:01:21 +00:00
Ekaterina Lebedeva
e07869a8cf [#1100] Remove unused fields 
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
 2024-05-06 10:14:36 +03:00
Evgenii Stratonikov
71789676d5 [#1114] aclsvc: Add tests for request ownership 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-05-02 11:57:39 +03:00
Anton Nikiforov
112a7c690f [#1103] node: Implement Get\Head requests for EC object 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-04-24 18:15:53 +03:00
Airat Arifullin
c21d72ac23 [#1096] object: Make ape middleware fill request with user claim tags 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-04-16 15:12:44 +03:00
Evgenii Stratonikov
91e79c98ba [#1089] ape: Provide request actor as an additional target 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-04-16 11:03:50 +00:00
aarifullin
f4dcb418f2 [#1090] ape: Move ape request and resource implementations to common package 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-04-15 07:45:45 +00:00
Evgenii Stratonikov
3dc81cb4fc Reapply "[#972] Use min/max builtins" 
This reverts commit dad56d2e98.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-04-10 12:09:34 +00:00
Dmitrii Stepanov
e74bdaa5d5 [#1080] ape: Use value for APE request 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-04-09 18:42:03 +03:00
Dmitrii Stepanov
338d8cbebd [#1080] ape: Do not read object headers before Head/Get 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-04-09 15:27:40 +03:00
Anton Nikiforov
2b88361849 [#1062] object: Fix buffer allocation for PayloadRange 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-04-09 11:59:07 +03:00
Dmitrii Stepanov
1c5e0f90aa [#1064] putsvc: Add EC put 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-04-09 07:08:53 +00:00
Dmitrii Stepanov
39da643354 [#1064] putsvc: Refactor distributed target 
Extract object builder.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-04-09 07:08:53 +00:00
aarifullin
6959e617c4 [#1047] object: Set container owner ID property to ape request 
* Introduce ContainerOwner field in RequestContext.
* Set ContainerOwner in aclv2 middleware.
* Set PropertyKeyContainerOwnerID for object ape request.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-18 15:39:50 +00:00
aarifullin
d7be70e93f [#1040] object: Wrap CheckAPE errors to status errors 
* All methods should wrap CheckAPE error, if it occurs, to
  status error.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-14 07:34:03 +00:00
Airat Arifullin
5c252c9193 [#1039] object: Skip APE check for certain request roles 
* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-12 16:15:20 +03:00
Dmitrii Stepanov
d433b49265 [#973] node: Resolve perfsprint linter 
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-03-11 17:55:50 +03:00
Dmitrii Stepanov
d6534fd755 [#1016] frostfs-node: Fix gopls issues 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-03-01 12:13:43 +03:00
Airat Arifullin
7cc368e188 [#986] object: Introduce soft ape checks 
* Soft APE check means that APE should allow request even
  it gets status NoRuleFound for a request. Otherwise,
  it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-28 19:05:57 +00:00
Evgenii Stratonikov
dad56d2e98 Revert "[#972] Use min/max builtins" 
This reverts commit 89784b2e0a.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-02-19 15:36:01 +00:00
Evgenii Stratonikov
89784b2e0a [#972] Use min/max builtins 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-02-19 13:13:09 +00:00
Dmitrii Stepanov
2680192ba0 [#988] objectSvc: Fix SetMarshalData for PutSingle 
After api-go update it is required to pass marshal data
to `SetMarshalData`.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-02-15 17:21:08 +03:00
Airat Arifullin
a5446bc17d [#952] object: Pass namespace within context in ACL service 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-02 14:48:11 +03:00
Airat Arifullin
5be2af881a [#934] container: Make container APE middleware read namespaces 
* Those methods that can access already existing containers and thus
  can get container properties should read namespace from Zone
  property. If Zone is not set, take a namespace for root.
* Otherwise, define namespaces by owner ID via frostfs-id contract.
* Improve unit-tests, consider more cases.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-01 17:38:24 +00:00
Evgenii Stratonikov
6e2cc32768 [#681] objsvc: Validate session token owner for local sessions 
Previously, the check was in place only when session token was missing.
Format validator checks are applied only to fully-prepared object, so
this lead to the following situation:
1. Object is put locally with malformed token, because there are no
   checks.
2. Object cannot be replicated, because the token is malformed.

This is now fixed and token check is done before any payload receival.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-01-26 08:52:29 +00:00
Anton Nikiforov
b6fc3321c5 [#876] Fix linters 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-01-25 20:26:13 +03:00
Airat Arifullin
f2f3294fc3 [#919] ape: Improve error messages in ape service 
* Wrap all APE middleware errors in apeErr that
  makes errors more explicit with status AccessDenied.
* Use denyingRuleErr for denying status from chain router.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-01-23 08:11:24 +00:00