76008d4ba1
[ #501 ] Consider using request logger in logAndSendError
...
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-11-02 08:51:48 +00:00
465eaa816a
[ #372 ] Drop [e]ACL related code
...
Always consider buckets as APE compatible
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-01 16:58:44 +03:00
9432782ce6
[ #401 ] Drop notifications
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-25 15:49:37 +03:00
280d11c794
[ #407 ] Don't set full_control for bucket owner
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-19 10:55:24 +03:00
db05021786
[ #379 ] Add Iana CharsetReader for Oracle integration
...
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-04-25 17:44:38 +03:00
d8889fca56
[ #340 ] Fix encode object acl
...
In the process of encode the acl of an object,
we use a map. As a result, when traversing the
map, we can get a different sequence of permissions
each time. Therefore, a list is used instead of a map.
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-04-11 09:28:30 +00:00
6da1acc554
[ #360 ] Use 'c' prefix for bucket policies instead of 'n'
...
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.
There is still issue with many IAM rules.
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-04-10 17:56:47 +03:00
8669bf6b50
[ #346 ] acl: Update APE and fix using
...
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-02 12:43:04 +00:00
fbe7a784e8
[ #301 ] Support GetBucketPolicyStatus
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-28 09:13:25 +03:00
80c7b73eb9
[ #306 ] In APE buckets forbid canned acl except private
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-19 16:57:26 +03:00
8f89f275bd
[ #306 ] Save bucket policy as native chain
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c868af8a62
[ #306 ] Add flag to enable old ACL bucket creation
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c452d58ce2
[ #306 ] Reduce number of policy contract invocations
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
d9d12debc3
[ #306 ] Add tests
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
3d0d2032c6
[ #306 ] acl: Handle put/get acl for APE buckets
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
37be8851b3
[ #306 ] Simplify namespaces configuration
...
Resolve ns alias at the beginning of the request just once.
Keep in ns map only one default ns key.
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
c4c199defe
[ #306 ] Use s3 as chain id prefix to be consistent
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-28 17:50:08 +03:00
a17ff66975
[ #282 ] policy: Use prefixes to distinguish s3/iam actions/resources
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 10:41:15 +03:00
38c5503a02
[ #261 ] alc: Remove unused
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:58 +03:00
8273af8bf8
[ #261 ] Make PutBucketPolicy handler use policy contract
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-18 15:49:54 +03:00
b28ecef43b
[ #219 ] Return ETag in quotes
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-11-22 11:12:32 +00:00
298662df9d
[ #221 ] Expand xmlns field ignore
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-10-13 16:21:13 +03:00
8efcc957ea
[ #96 ] Move log messages to constants
...
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2023-08-23 18:32:31 +03:00
40d7f844e3
[ #137 ] Refactor context data retrievers
...
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2023-08-16 14:05:38 +00:00
fc90981c03
[ #149 ] Update inner imports after moving middlewares
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-07-11 17:25:09 +03:00
d531b13866
[ #143 ] Add more context to some s3 errors
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-30 12:08:33 +03:00
23593eee3d
[ #111 ] Use request scope logger
...
Store child zap logger with request scope fields into context.
Request scoped fields: request_id, api/method, bucket, object
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-19 13:54:51 +03:00
64e7356acc
[TrueCloudLab#32] Add custom policy unmarshaler
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-03-09 11:19:01 +00:00
813aa2f173
Rename package name
...
Due to source code relocation from GitHub.
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 17:38:08 +03:00
96dff367db
[ #1 ] Build S3 Gateway with FrostFS dependencies
...
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2022-12-15 12:43:52 +03:00
Denis Kirillov
2886ac161c
[ #740 ] Fix forming policy by ast
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-11-10 15:33:03 +03:00
Denis Kirillov
4082cd6b54
[ #606 ] Keep eacl records order on conflict
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-08 12:21:47 +03:00
Denis Kirillov
9cd4ef1ac4
[ #657 ] Replace FileName with FilePath attribute
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-07 15:50:43 +03:00
Denis Kirillov
e38bdae07a
[ #676 ] Fix object acl
...
Put object acl always add rules to specific version of object.
Get object acl consider READ rights as FULL_CONTROL
because WRITE cannot be applied to object
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-08-29 13:20:30 +03:00
Angira Kekteeva
dfd734b9ec
[ #577 ] Separate GetObjectInfo and GetExtendedObjectInfo
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-08-09 17:20:40 +04:00
Angira Kekteeva
3ac3f1cc9d
[ #577 ] Rename objectInfo.Version() to VersionID()
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-08-09 17:20:40 +04:00
Denis Kirillov
0057f6b7db
[ #546 ] Add size and etag in nodeVersionInfo
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-22 15:19:16 +03:00
Denis Kirillov
88c392d024
[ #490 ] Optimize GetObjectTaggingAndLock
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-22 15:19:16 +03:00
Alex Vanin
d7f77ce874
[ #574 ] Produce deny records for private objects in put-object-acl
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-21 17:55:15 +03:00
Alex Vanin
66fe3fee7b
[ #574 ] Produce deny records for private objects
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-21 17:55:15 +03:00
Denis Kirillov
7ba7e7dc4d
[ #590 ] Make service records valid
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 19:10:23 +03:00
Denis Kirillov
1e26cf1541
[ #590 ] Use service records to save resource info
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-20 19:10:23 +03:00
Angira Kekteeva
b144e50f7f
[ #584 ] Refactor formRecords func
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Angira Kekteeva
3f4a55f39e
[ #584 ] Fix order in astToTable
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Angira Kekteeva
260fb95677
[ #584 ] Fix order in tableToAst
...
Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2022-07-19 11:54:27 +03:00
Denis Kirillov
1575da65a4
[ #573 ] Fix object acl filters
...
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-14 13:33:11 +03:00
Alex Vanin
a57b8d34d3
[ #553 ] Add more comments about eacl.RoleUnknown
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
06d043e1eb
[ #553 ] Optimize target formation with multiple keys
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
d6065c64c4
[ #553 ] Check group grantee based on stored list of users
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00
Alex Vanin
c7de7d2928
[ #553 ] Do not use user role with public keys in eacl target
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2022-07-07 12:05:25 +03:00