dkirillov
/
frostfs-s3-gw
forked from TrueCloudLab/frostfs-s3-gw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,362 Commits
14 Branches
19 Tags
19 MiB
Commit Graph

1362 Commits (poc/new_authmate)

Author SHA1 Message Date
Denis Kirillov e02958dcab [#414] authmate: Add register-user command 
New command allows register user in frostfsid and
set allowed rules in policy contract

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-02 12:00:38 +03:00
Denis Kirillov 465eaa816a [#372] Drop [e]ACL related code 
Always consider buckets as APE compatible

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:58:44 +03:00
Denis Kirillov 9241954496 [#372] authmate: Don't create creds with eacl table 
Allow only impersonate flag.
Don't allow SetEACL container session token.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:21 +03:00
Denis Kirillov 77f8bdac58 [#372] Drop kludge.acl_enabled flag 
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:19 +03:00
Denis Kirillov 91541a432d [#411] Check uniqueness in DeleteMultipleObjects 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-26 16:39:06 +03:00
Denis Kirillov 943b30d9f4 [#411] Don't check object tags on deletion 
By specification https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
we shouldn't check object tags on PUT and DELETE

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-26 16:38:56 +03:00
Denis Kirillov 414f3943e2 [#410] Drop layer.Client interface 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:57:55 +03:00
Denis Kirillov 9432782ce6 [#401] Drop notifications 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:49:37 +03:00
Denis Kirillov 2b04fcb5ec [#406] Remove control api 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-21 06:36:56 +00:00
Denis Kirillov 280d11c794 [#407] Don't set full_control for bucket owner 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-19 10:55:24 +03:00
Roman Loginov ed34b2cae4 [#402] auth: Extend test coverage 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-06-14 10:06:00 +00:00
Denis Kirillov 76f553d292 [#403] Set resource tags into resource properties 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-13 11:12:40 +03:00
Denis Kirillov 1513a9252b [#403] go.mod: Update APE 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-13 11:12:35 +03:00
Denis Kirillov bb81afc14a [#398] Support retryer 
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-06 13:02:17 +00:00
Rustam Akberov 58850f590e [#335] Improve determining AccessBox latest version 
Signed-off-by: Anoke <rustamgta1011@gmail.com>
 2024-06-06 12:35:48 +00:00
Marina Biryukova e25dc90c20 [#399] Add OPTIONS method for object operations 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-06-04 12:59:45 +00:00
Roman Loginov 71bae5cd9a [#400] Update frostfs-sdk-go version with support EC 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-06-04 12:22:06 +00:00
Pavel Pogodaev b5fae316cf [#396] Add user to response 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-06-04 09:37:55 +00:00
Alexey Vanin 9f3ea470e6 [#395] Port changelog and prepare it for next release 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-27 14:27:11 +03:00
Denis Kirillov 9787b29542 [#392] go.mod: Update APE to drop private IPs checking 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-05-27 11:26:15 +03:00
Roman Loginov 9152b084ec [#387] Fix typo 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov 21dbe3ea8e [#387] api: Add tests for middleware 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov f4d174e740 [#387] middleware: Extend test coverage 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov 8a758293b9 [#387] middleware: Delete unused code 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Denis Kirillov fb521c7ac6 [#367] policy: Set IAM-MFA property to false by default 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-05-22 12:05:42 +03:00
Alexey Vanin 87b9e97a80 [#354] Do not proceed on bucket remove error 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-17 20:38:39 +03:00
Artem Tataurov d62d8f3874 [#385] Support the renaming of ObjectRequest and ObjectContainer 
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
 2024-05-14 16:51:36 +03:00
Alexey Vanin 6bf6a3b1a3 [#362] Check user and groups during policy check 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-08 15:25:14 +03:00
Alexey Vanin 2f108c9951 [#362] Expand control service 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-08 15:15:49 +03:00
Marina Biryukova c43ef040dc [#382] Fix request type determination 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-07 15:17:22 +03:00
Marina Biryukova 2ab655b909 [#380] Add test for credentials versioning 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-03 07:24:13 +00:00
Marina Biryukova 1c398551e5 [#380] creds: Increase test coverage 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-03 07:24:13 +00:00
Pavel Pogodaev db05021786 [#379] Add Iana CharsetReader for Oracle integration 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-25 17:44:38 +03:00
Marina Biryukova 034396d554 [#377] Add check of Source IP 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-22 15:29:18 +03:00
Pavel Pogodaev 3c436d8de9 [#365] Include iam user tags in query 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-22 10:47:43 +03:00
Marina Biryukova 45f77de8c8 [#371] Add custom Source IP header configuration 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-22 07:42:45 +00:00
Denis Kirillov d903de2457 [#370] Fix fetching attributes from tree 
Port TrueCloudLab/frostfs-s3-gw#374

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-19 17:33:55 +03:00
Marina Biryukova e22ff52165 [#367] Add check of AccessBox attributes 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-19 06:25:26 +00:00
Denis Kirillov 5315f7b733 [#269] Create frostfsid wrapper with cache 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-18 09:32:30 +03:00
Denis Kirillov 43a687b572 [#269] authmate: Update frostfsid using 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-17 12:11:23 +03:00
Denis Kirillov 29a2dae40c [#269] Move frostfsid client to separate package 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-17 12:11:23 +03:00
Denis Kirillov fec3b3f31e [#269] Add frostfsid cache configuration 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-17 12:11:23 +03:00
Denis Kirillov 7db89c840b [#368] Update vulnerable dependencies 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-17 11:29:09 +03:00
Marina Biryukova 3ff027587c [#357] Add check of request and resource tags 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-17 07:06:58 +00:00
Denis Kirillov 9f29fcbd52 [#353] docs: Add bucket policy docs 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-15 11:41:19 +03:00
Denis Kirillov 8307c73fef [#364] Fix removing combined object 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-12 14:56:38 +03:00
Roman Loginov d8889fca56 [#340] Fix encode object acl 
In the process of encode the acl of an object,
we use a map. As a result, when traversing the
map, we can get a different sequence of permissions
each time. Therefore, a list is used instead of a map.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-04-11 09:28:30 +00:00
Alexey Vanin 61ff4702a2 [#360] Reuse single target during policy check 
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:56:47 +03:00
Alexey Vanin 6da1acc554 [#360] Use 'c' prefix for bucket policies instead of 'n' 
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:56:47 +03:00
Denis Kirillov 3ea3f971e1 [#359] Update APE to allow put tombstone on delete object 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-10 15:12:30 +03:00