acid-ant/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity
4576 commits 108 branches 26 tags 28 MiB
Commit graph

554 commits

Author SHA1 Message Date
aarifullin
6959e617c4 [#1047] object: Set container owner ID property to ape request 
* Introduce ContainerOwner field in RequestContext.
* Set ContainerOwner in aclv2 middleware.
* Set PropertyKeyContainerOwnerID for object ape request.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-18 15:39:50 +00:00
aarifullin
d7be70e93f [#1040] object: Wrap CheckAPE errors to status errors 
* All methods should wrap CheckAPE error, if it occurs, to
  status error.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-14 07:34:03 +00:00
Airat Arifullin
5c252c9193 [#1039] object: Skip APE check for certain request roles 
* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-03-12 16:15:20 +03:00
Dmitrii Stepanov
d433b49265 [#973] node: Resolve perfsprint linter 
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-03-11 17:55:50 +03:00
Dmitrii Stepanov
d6534fd755 [#1016] frostfs-node: Fix gopls issues 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-03-01 12:13:43 +03:00
Airat Arifullin
7cc368e188 [#986] object: Introduce soft ape checks 
* Soft APE check means that APE should allow request even
  it gets status NoRuleFound for a request. Otherwise,
  it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-28 19:05:57 +00:00
Evgenii Stratonikov
dad56d2e98 Revert "[#972] Use min/max builtins" 
This reverts commit 89784b2e0a.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-02-19 15:36:01 +00:00
Evgenii Stratonikov
89784b2e0a [#972] Use min/max builtins 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-02-19 13:13:09 +00:00
Dmitrii Stepanov
2680192ba0 [#988] objectSvc: Fix SetMarshalData for PutSingle 
After api-go update it is required to pass marshal data
to `SetMarshalData`.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-02-15 17:21:08 +03:00
Airat Arifullin
a5446bc17d [#952] object: Pass namespace within context in ACL service 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-02 14:48:11 +03:00
Airat Arifullin
5be2af881a [#934] container: Make container APE middleware read namespaces 
* Those methods that can access already existing containers and thus
  can get container properties should read namespace from Zone
  property. If Zone is not set, take a namespace for root.
* Otherwise, define namespaces by owner ID via frostfs-id contract.
* Improve unit-tests, consider more cases.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-02-01 17:38:24 +00:00
Evgenii Stratonikov
6e2cc32768 [#681] objsvc: Validate session token owner for local sessions 
Previously, the check was in place only when session token was missing.
Format validator checks are applied only to fully-prepared object, so
this lead to the following situation:
1. Object is put locally with malformed token, because there are no
   checks.
2. Object cannot be replicated, because the token is malformed.

This is now fixed and token check is done before any payload receival.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-01-26 08:52:29 +00:00
Anton Nikiforov
b6fc3321c5 [#876] Fix linters 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2024-01-25 20:26:13 +03:00
Airat Arifullin
f2f3294fc3 [#919] ape: Improve error messages in ape service 
* Wrap all APE middleware errors in apeErr that
  makes errors more explicit with status AccessDenied.
* Use denyingRuleErr for denying status from chain router.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-01-23 08:11:24 +00:00
Airat Arifullin
96b020626f [#915] ape: Fix method name in getStreamBasicChecker 
* Replace incorrect MethodGetContainer by MethodGetObject constant.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-01-16 23:52:37 +03:00
Airat Arifullin
c8baf76fae [#872] object: Introduce APE middlewar for object service 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2024-01-12 18:41:35 +03:00
Dmitrii Stepanov
52ffa9f164 [#891] getSvc: Refactor Get service V2 creation 
Use arguments for mandatory fields.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-01-12 13:35:38 +03:00
Dmitrii Stepanov
394f086fe2 [#891] getSvc: Fix get range hash implementation 
Get range can perform GET request, so this request must be done
from container node to not to get access denied error.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-01-12 13:35:38 +03:00
Dmitrii Stepanov
f1b2b8bffa [#895] test: Fix NewLogger arguments list 
`debug` is always true.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2024-01-11 12:32:09 +00:00
Dmitrii Stepanov
b118734909 [#890] getsvc: Log node PK 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-12-29 14:24:13 +03:00
Airat Arifullin
bdd43f6211 [#869] object: Pass just CID to chain router 
* Do not convert CID from request to native-schema resource
  format - this step is unneccessary for APE.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-12-14 11:01:20 +00:00
aarifullin
0f45e3d344 [#804] ape: Implement boltdb storage for local overrides 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-12-07 19:08:41 +03:00
aarifullin
e361e017f3 [#842] control: Pass target instead resource name 
* Update policy-engine package version in go.mod, go.sum.
* Refactor CheckIfRequestPermitted: pass container target
  instead container ID.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-12-07 14:21:55 +00:00
Dmitrii Stepanov
c516c7c5f4 [#821] node: Pass user.ID by value 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-11-23 10:21:07 +03:00
aarifullin
4d5be5ccb5 [#811] ape: Update policy-engine module version and rebase 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-11-16 11:31:37 +03:00
Dmitrii Stepanov
9133b4389e [#788] objectsvc: Fix formatting (gofumpt) 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-11-09 10:27:32 +03:00
aarifullin
3534d6d05b [#794] objectsvc: Return accidentally removed acl checks for Head 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-11-08 17:13:58 +03:00
Airat Arifullin
66848d3288 [#770] cli: Add methods to work with APE rules via control svc 
* Add methods to frostfs-cli
* Implement rpc in control service

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-11-08 13:34:03 +00:00
Airat Arifullin
8e11ef46b8 [#770] object: Introduce ape chain checker for object svc 
* Introduce Request type converted from RequestInfo type
  to implement policy-engine's Request interface
* Implement basic ape checker to check if a request is
  permitted to be performed
* Make put handlers use APE checker instead EACL

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-11-08 13:34:03 +00:00
aarifullin
74c91eeef5 [#777] client: Refactor PrmContainerList, PrmObjectSearch usage 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-11-06 06:50:11 +00:00
Dmitrii Stepanov
20d6132f31 [#531] signSvc: Add SetMarshaledData method call 
To reduce memory allocations add `SetMarshaledData` method call
to return already marshalled data in next `StableMarshal` calls.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-11-02 17:34:33 +03:00
Dmitrii Stepanov
79088baa06 [#772] node: Apply gofumpt 
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-10-31 17:03:03 +03:00
aarifullin
58b6224dd8 [#747] client: Refactor PrmObjectPutInit usage 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-10-20 11:55:40 +00:00
aarifullin
12b7cf2533 [#747] client: Refactor PrmObjectPutSingle usage 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-10-20 11:55:40 +00:00
Alexander Chuprov
c1e4130020 [#146] node: Add trace_id to logs 
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
 2023-09-27 11:05:27 +03:00
Anton Nikiforov
aeeb8193d2 [#676] node: Fix header source creation when checking eacl 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
 2023-09-06 17:06:54 +03:00
Airat Arifullin
806cc13d9f [#658] client: Refactor PrmObjectGet/Head/Range usage 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
 2023-08-30 17:13:23 +00:00
Dmitrii Stepanov
55b82e744b [#529] objectcore: Use common sender classifier 
Use common sender classifier for ACL service and format validator.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-08-29 10:33:06 +03:00
Dmitrii Stepanov
ae81d6660a [#529] objectcore: Fix object content validation 
There are old objects where the owner of the object
may not match the one who issued the token.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
 2023-08-29 10:33:06 +03:00
Evgenii Stratonikov
f8ba60aa0c [#648] objsvc/delete: Handle errors in Go style 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 09:45:35 +00:00
Evgenii Stratonikov
d2084ece41 [#648] objsvc/delete: Remove redundant logs 
We never propagate delete requests to the container node, because
tombstone broadcast is done via PUT. No need to pollute logs.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 09:45:35 +00:00
Evgenii Stratonikov
40b556fc19 [#647] objsvc/search: Improve testing coverage 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 10:40:01 +03:00
Evgenii Stratonikov
4db2cbc927 [#647] objsvc/search: Wrap in uniqueIDWriter during parameter setting 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 10:40:01 +03:00
Evgenii Stratonikov
966ad22abf [#647] objsvc/search: Simplify error handling 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 10:40:01 +03:00
Evgenii Stratonikov
56f841b022 [#647] objsvc/search: Remove TraverserGenerator wrapper 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 10:40:01 +03:00
Evgenii Stratonikov
ba58144de1 [#647] objsvc/search: Remove netmap.Source wrapper 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-25 10:40:01 +03:00
Evgenii Stratonikov
c9e3c9956e [#643] objsvc/put: Unify extraBroadcastEnabled usage 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-24 11:03:17 +03:00
Evgenii Stratonikov
facd3b2c4b [#643] objsvc/put: Unify placement iterators 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-24 11:03:17 +03:00
Evgenii Stratonikov
3fcf56f2fb [#643] objsvc/put: Copy config to distributedTarget 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-24 11:03:17 +03:00
Evgenii Stratonikov
96e690883f [#638] Unify test loggers 
In some places we have debug=false, in others debug=true.
Let's be consistent.

Semantic patch:
```
@@
@@
-test.NewLogger(..., false)
+test.NewLogger(..., true)
```

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2023-08-23 11:21:05 +00:00