[#713] Update docs

Mention new accesscontrol cache parameters in changelog and configs.

Signed-off-by: Denis Kirillov <denis@nspcc.ru>

CHANGELOG.md

@@ -4,6 +4,19 @@ This document outlines major changes between releases.
 
 ## [Unreleased]
 
+### Fixed
+- Unrestricted access to not owned objects via cache (#713)
+
+### Updating from v0.24.0
+New config parameters were added. Make sure the default parameters are appropriate for you.
+
+```yaml
+cache:
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
+```
+
 ## [0.24.0] - 2022-09-14
 
 ### Added

config/config.env

@@ -84,6 +84,9 @@ S3_GW_CACHE_SYSTEM_SIZE=100000
 # Cache which stores access box with tokens by its address
 S3_GW_CACHE_ACCESSBOX_LIFETIME=10m
 S3_GW_CACHE_ACCESSBOX_SIZE=100
+# Cache which stores owner to cache operation mapping
+S3_GW_CACHE_ACCESSCONTROL_LIFETIME=1m
+S3_GW_CACHE_ACCESSCONTROL_SIZE=100000
 
 # NATS
 S3_GW_NATS_ENABLED=true

config/config.yaml

@@ -97,6 +97,10 @@ cache:
   accessbox:
     lifetime: 5m
     size: 10
+  # Cache which stores owner to cache operation mapping
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
 
 nats:
   enabled: true
@@ -118,8 +122,8 @@ cors:
 
 # Parameters of requests to NeoFS
 neofs:
-# Number of the object copies to consider PUT to NeoFS successful.
+  # Number of the object copies to consider PUT to NeoFS successful.
-# `0` means that object will be processed according to the container's placement policy
+  # `0` means that object will be processed according to the container's placement policy
   set_copies_number: 0
 
 # List of allowed AccessKeyID prefixes

docs/configuration.md

@@ -311,16 +311,20 @@ cache:
   accessbox:
     lifetime: 5m
     size: 10
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
 ```
 
 | Parameter       | Type                              | Default value                     | Description                                                                            |
-|-------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
+|-----------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
 | `objects`       | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 1000000` | Cache for objects (NeoFS headers).                                                     |
 | `list`          | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 100000` | Cache which keeps lists of objects in buckets.                                         |
 | `names`         | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 10000`  | Cache which contains mapping of nice name to object addresses.                         |
 | `buckets`       | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000`   | Cache which contains mapping of bucket name to bucket info.                            |
 | `system`        | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 10000`   | Cache for system objects in a bucket: bucket settings, notification configuration etc. |
 | `accessbox`     | [Cache config](#cache-subsection) | `lifetime: 10m`<br>`size: 100`    | Cache which stores access box with tokens by its address.                              |
+| `accesscontrol` | [Cache config](#cache-subsection) | `lifetime: 1m`<br>`size: 100000`  | Cache which stores owner to cache operation mapping.                                   |
 
 #### `cache` subsection