Commit graph

84 commits

Author SHA1 Message Date
Airat Arifullin
a847f28b01 [#82] router: Make IsAllow receive client defined overrides
* Change `ChainRouter` interface: `IsAllow` should also receive
  client defined overrides that are checked after local overrides
  but before morph chains. Client defined overrides are checked for
  per request.
* Fix code that uses `ChainRouter`.
* Fix unit-tests.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-06-28 15:48:00 +03:00
ac965e8d17 [#80] iam: Move resource tag to resource property
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 13:29:30 +03:00
64e06f5b7c [#80] iam: Skip unsupported conditions in native chains
Skip conditions with
* aws:RequestTag
* aws:ResourceTag
keys

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 11:15:22 +03:00
303a81cdc6 [#78] iam: Don't check IP for private
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-27 09:54:02 +03:00
Airat Arifullin
d7ed188f68 [#76] chain: Increase unit-test coverage for chain related types
* Add more unit-test cases.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-22 15:08:11 +03:00
aarifullin
1f6f4163d4 [#71] docs: Introduce APE overview
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 16:37:44 +00:00
Airat Arifullin
84c4872b20 [#75] chain: Refactor ObjectType type
* Rename `ObjectType` to `Kind`;
* Rename `Object` field in `Condition` to `ConditionKind`;
* Regenerate easy-json marshalers/unmarshalers;
* Fix unit-tests

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 17:36:17 +03:00
Airat Arifullin
e75200bb8e [#75] chain: Remove ContaierResource, ContainerRequest constants
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 13:50:17 +03:00
2e7518c453 [#74] docs: Describe converters
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-07 13:10:02 +03:00
2fa27b6557 [#72] chain/test: Refactor fuzz tests
Make it possible to execute fuzz tests with different backend, such as
go-fuzz which supports coverage collection.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-03 10:16:35 +00:00
38f947ac0a [#73] pre-commit: Use cached tests in hook
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
34c1eafa56 [#73] Makefile: Allow to override test flags
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
84c15a559c [#73] pre-commit: Remove gitlint hook
It is annoying during local development and is unused on CI.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
aarifullin
c539728641 [#62] morph: List morph rules chains by traversing iterator
* Make `ListMorphRuleChains` methods use `commonclient.ReadIteratorItems`.
* Introduce `ContractStorageActor` interface.
* Iterators are used because listing by `ListChainsByPrefix` may cause
  stack overflow from neo-go side (len(items) > 1024).

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-04-26 06:20:43 +00:00
04a79f57ef [#70] iam: Support aws:MultiFactorAuthPresent key
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-16 10:17:28 +03:00
ff5d05ac92 [#67] chain: Support IPAddress conditions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-15 12:52:41 +00:00
0e69e48511 [#64] engine: Add user and group targets
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-12 16:07:34 +03:00
530248de75 [#69] iam: Extend native actions with tree service methods
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 13:22:12 +03:00
b6a6816800 [#68] iam: Allow read object on delete operation
We must be able to read s3 multipart object from storage
(to find out the parts it consists of)
to fully delete such multipart object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 09:57:53 +03:00
1f190e1668 [#58] iam: Fix native actions mapping
We have to add native:PutObject when want to delete object
 because of tombstone must be created (it's a put operation)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 14:48:23 +03:00
67cf09f51d [#63] iam: Add formatters for resource/request tags
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 11:14:57 +03:00
84c6be01de [#60] chain: Support numeric conditions
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-08 14:30:43 +03:00
67e4595a91 [#63] iam: Support tag keys
Support:
* aws:PrincipalTag
* aws:ResourceTag
* aws:Request

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-05 09:36:01 +03:00
42497ad242 [#59] router: Inmemory implementation should take empty name for "root"
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 11:09:42 +03:00
1d51f2121d [#58] iam: Support more s3 actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-01 17:18:20 +03:00
9040e48504 [#57] iam: Add policy validation checks
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-03-11 16:12:47 +03:00
2ec958cbfd [#56] storage: Allow to remove all chains by target
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-03-07 18:11:06 +03:00
8cb2de05ab [#56] Fix pre-commit issue
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-03-07 18:01:50 +03:00
aarifullin
c13ed8447a [#52] morph: Extend MorphRuleChainStorage interface with ListTargetsIterator
* Update frostfs-contract package version in go.mod.
* Extend MorphRuleChainStorage interface with ListTargetsIterator and
  introduce its implementation.
* Check targets in inmemory implementation unit-tests.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-05 10:17:28 +03:00
aarifullin
839f22e1a3 [#55] router: Inmemory implementation should take empty name for "root"
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-04 18:12:11 +03:00
aarifullin
cf1f091e26 [#54] morph: Introduce ContractStorageReader
* Implement MorphRuleChainStorageReader interface to make
  possible to read from Policy contract without wallets.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-01 08:05:25 +00:00
aarifullin
9e66ce59c6 [#54] morph: Revise MorphRuleChainStorage interface
* Split MorphRuleChainStorage interface by moving read-only
  methods to a separate interface MorphRuleChainStorageReader.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-01 08:05:25 +00:00
c960b1b088 [#53] iam: Extend support s3 to native actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-26 12:42:15 +03:00
aarifullin
8354a074c4 [#49] engine: Fix target considering order
* Namespace target rules should be considered first

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-02-06 14:12:36 +03:00
4a989d6bb7 [#50] .fordejo: Update DCO action
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-02-06 12:58:42 +03:00
0edc002441 [#46] iam: Handle s3 complex actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:19:00 +03:00
1cdb3e5a4a [#46] iam: Support more s3 to native actions mapping
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:18:55 +03:00
af388779a3 [#46] iam: Shrink rules for wildcard cases
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8cc5173d73 [#46] iam: Support namespaces when forming native rules
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
2af381ae81 [#46] iam: Error if policy doesn't have actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8d21ab2d99 [#43] engine: Extend with target listing method
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-29 09:41:40 +03:00
0a28f0a992 [#1] gitattributes: Add easyjson files rules
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
dd0f582fc3 [#1] chain: Fix ID type from string to bytes
ID may be non UTF-8 string, so from developers POV
it is just byte slice.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
5f13d91c0d [#1] native: Fix typo in owner value
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
88c2a476b0 [#1] chain: Add json marshal/unmarshal
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
58386edf58 [#1] chain: Add binary marshal/unmarshal
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
06cbfe8691 [#876] policy: Add resource\request for container
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-22 13:47:24 +03:00
c80c99b13e [#41] chain: Fix ID serialization
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-12 10:56:04 +03:00
ed93bb5cc5 [#35] local_storage: Make thread safe
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-21 12:13:54 +00:00
06e9c91014 [#33] pkg/chain: Support CondSliceContains condition
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-21 11:13:52 +00:00