Use zaptest to get logs which get printed only if a test fails
or if you ran go test -v.
Dont use zaptest.Logger for fuzz otherwise ngfuzz/libfuzz crashes
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
Spans are added only to the following middleware:
* PolicyCheck
* Auth
* FrostfsIDValidation
This is done this way because these middleware are basic and
they interact with frostfs-storage.
Also, an explicit context has been added to many functions
so that the middleware spans do not include all subsequent spans.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
Use `UNSIGNED_PAYLOAD` to check signature if x-amz-content-sha256 isn't provided as signed header
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
" You include the literal string UNSIGNED-PAYLOAD when constructing a canonical request, and set the same value as the x-amz-content-sha256 header value when sending the request to Amazon S3"
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
Modify containers field in TestFrostFS in order to get determined order of containers between test runs
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
The Access Denied status may be received
from APE due to exceeding the quota. In
this situation, you need to return the
appropriate error. The Conflict status is
used because this error was made based on
the LimitExceeded error from aws iam error
https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html#API_CreateUser_Errors.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
We may have a situation where the domain
can be specified in the config without a
port, and the host in the header will be
with a port. As a result, the host will
not match. Now the port is not taken into
account when checking for a match.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
The problem is that with VHS requests,
the list-buckets operation does not work
because the request is filtered on
list-objects-v1. Since list-buckets can
also have query parameters, in the end it
is necessary to distinguish list-buckets
from list-objects-v1 only by the presence
of the bucket name in the URL (provided
that the request is in VHS style).
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
A situation may occur when the global
domain is already occupied when
creating the container. The error
comes from the nns smart contract.
This error actually means that the
bucket has already been created.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
If the service is accessed not through a proxy and the
default value of the parameter with the header key is
not empty, then the system administrator does not
control disabling TLS verification in any way, because
the client can simply add a known header, thereby
skipping the verification. Therefore, the default value
of the header parameter is made empty. If it is empty,
then TLS verification cannot be disabled in any way.
Thus, the system administrator will be able to control
the enabling/disabling of TLS.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
The TLS termination header added for determining
whether TLS needs to be checked. If the system
requests come through a proxy server and TLS can
terminate at the proxy level, you should use this
header to disable TLS verification at SSE-C.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
