Airat Arifullin
a847f28b01
[ #82 ] router: Make IsAllow receive client defined overrides
...
* Change `ChainRouter` interface: `IsAllow` should also receive
client defined overrides that are checked after local overrides
but before morph chains. Client defined overrides are checked for
per request.
* Fix code that uses `ChainRouter`.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-06-28 15:48:00 +03:00
ac965e8d17
[ #80 ] iam: Move resource tag to resource property
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 13:29:30 +03:00
64e06f5b7c
[ #80 ] iam: Skip unsupported conditions in native chains
...
Skip conditions with
* aws:RequestTag
* aws:ResourceTag
keys
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 11:15:22 +03:00
303a81cdc6
[ #78 ] iam: Don't check IP for private
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-27 09:54:02 +03:00
Airat Arifullin
d7ed188f68
[ #76 ] chain: Increase unit-test coverage for chain related types
...
* Add more unit-test cases.
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-22 15:08:11 +03:00
aarifullin
1f6f4163d4
[ #71 ] docs: Introduce APE overview
...
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 16:37:44 +00:00
Airat Arifullin
84c4872b20
[ #75 ] chain: Refactor ObjectType
type
...
* Rename `ObjectType` to `Kind`;
* Rename `Object` field in `Condition` to `ConditionKind`;
* Regenerate easy-json marshalers/unmarshalers;
* Fix unit-tests
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 17:36:17 +03:00
Airat Arifullin
e75200bb8e
[ #75 ] chain: Remove ContaierResource
, ContainerRequest
constants
...
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 13:50:17 +03:00
2e7518c453
[ #74 ] docs: Describe converters
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-05-07 13:10:02 +03:00
2fa27b6557
[ #72 ] chain/test: Refactor fuzz tests
...
Make it possible to execute fuzz tests with different backend, such as
go-fuzz which supports coverage collection.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-03 10:16:35 +00:00
38f947ac0a
[ #73 ] pre-commit: Use cached tests in hook
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
34c1eafa56
[ #73 ] Makefile: Allow to override test flags
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
84c15a559c
[ #73 ] pre-commit: Remove gitlint hook
...
It is annoying during local development and is unused on CI.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-02 18:15:53 +03:00
aarifullin
c539728641
[ #62 ] morph: List morph rules chains by traversing iterator
...
* Make `ListMorphRuleChains` methods use `commonclient.ReadIteratorItems`.
* Introduce `ContractStorageActor` interface.
* Iterators are used because listing by `ListChainsByPrefix` may cause
stack overflow from neo-go side (len(items) > 1024).
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-04-26 06:20:43 +00:00
04a79f57ef
[ #70 ] iam: Support aws:MultiFactorAuthPresent key
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-16 10:17:28 +03:00
ff5d05ac92
[ #67 ] chain: Support IPAddress conditions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-15 12:52:41 +00:00
0e69e48511
[ #64 ] engine: Add user and group targets
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-12 16:07:34 +03:00
530248de75
[ #69 ] iam: Extend native actions with tree service methods
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 13:22:12 +03:00
b6a6816800
[ #68 ] iam: Allow read object on delete operation
...
We must be able to read s3 multipart object from storage
(to find out the parts it consists of)
to fully delete such multipart object
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 09:57:53 +03:00
1f190e1668
[ #58 ] iam: Fix native actions mapping
...
We have to add native:PutObject when want to delete object
because of tombstone must be created (it's a put operation)
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 14:48:23 +03:00
67cf09f51d
[ #63 ] iam: Add formatters for resource/request tags
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 11:14:57 +03:00
84c6be01de
[ #60 ] chain: Support numeric conditions
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-08 14:30:43 +03:00
67e4595a91
[ #63 ] iam: Support tag keys
...
Support:
* aws:PrincipalTag
* aws:ResourceTag
* aws:Request
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-05 09:36:01 +03:00
42497ad242
[ #59 ] router: Inmemory implementation should take empty name for "root"
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 11:09:42 +03:00
1d51f2121d
[ #58 ] iam: Support more s3 actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-01 17:18:20 +03:00
9040e48504
[ #57 ] iam: Add policy validation checks
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-03-11 16:12:47 +03:00
2ec958cbfd
[ #56 ] storage: Allow to remove all chains by target
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-03-07 18:11:06 +03:00
8cb2de05ab
[ #56 ] Fix pre-commit issue
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-03-07 18:01:50 +03:00
aarifullin
c13ed8447a
[ #52 ] morph: Extend MorphRuleChainStorage interface with ListTargetsIterator
...
* Update frostfs-contract package version in go.mod.
* Extend MorphRuleChainStorage interface with ListTargetsIterator and
introduce its implementation.
* Check targets in inmemory implementation unit-tests.
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-05 10:17:28 +03:00
aarifullin
839f22e1a3
[ #55 ] router: Inmemory implementation should take empty name for "root"
...
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-04 18:12:11 +03:00
aarifullin
cf1f091e26
[ #54 ] morph: Introduce ContractStorageReader
...
* Implement MorphRuleChainStorageReader interface to make
possible to read from Policy contract without wallets.
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-01 08:05:25 +00:00
aarifullin
9e66ce59c6
[ #54 ] morph: Revise MorphRuleChainStorage interface
...
* Split MorphRuleChainStorage interface by moving read-only
methods to a separate interface MorphRuleChainStorageReader.
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-01 08:05:25 +00:00
c960b1b088
[ #53 ] iam: Extend support s3 to native actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-26 12:42:15 +03:00
aarifullin
8354a074c4
[ #49 ] engine: Fix target considering order
...
* Namespace target rules should be considered first
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-02-06 14:12:36 +03:00
4a989d6bb7
[ #50 ] .fordejo: Update DCO action
...
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-02-06 12:58:42 +03:00
0edc002441
[ #46 ] iam: Handle s3 complex actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:19:00 +03:00
1cdb3e5a4a
[ #46 ] iam: Support more s3 to native actions mapping
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:18:55 +03:00
af388779a3
[ #46 ] iam: Shrink rules for wildcard cases
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8cc5173d73
[ #46 ] iam: Support namespaces when forming native rules
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
2af381ae81
[ #46 ] iam: Error if policy doesn't have actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8d21ab2d99
[ #43 ] engine: Extend with target listing method
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-29 09:41:40 +03:00
0a28f0a992
[ #1 ] gitattributes: Add easyjson files rules
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
dd0f582fc3
[ #1 ] chain: Fix ID type from string to bytes
...
ID may be non UTF-8 string, so from developers POV
it is just byte slice.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
5f13d91c0d
[ #1 ] native: Fix typo in owner value
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
88c2a476b0
[ #1 ] chain: Add json marshal/unmarshal
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
58386edf58
[ #1 ] chain: Add binary marshal/unmarshal
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-01-24 11:04:03 +03:00
06cbfe8691
[ #876 ] policy: Add resource\request for container
...
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-01-22 13:47:24 +03:00
c80c99b13e
[ #41 ] chain: Fix ID serialization
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-12 10:56:04 +03:00
ed93bb5cc5
[ #35 ] local_storage: Make thread safe
...
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-12-21 12:13:54 +00:00
06e9c91014
[ #33 ] pkg/chain: Support CondSliceContains condition
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-21 11:13:52 +00:00