* Methods `Head`, `Get`, `GetRangeHash` should no longer use APE pre-checks
as that leads only to incorrect rule chain processing for requests:
1. Immediate return with `NoRuleFound` may be unexpected as some `Allow`
rule is actually defined but can't be matched yet as it gets no object
attributes;
2. Immdediate return with `Allow` may be incorrect as some `Deny` rule
is actually defined but can't bet matched yet as it gets no object
attirbutes;
3. Pre-check breaks compatibility for converted EACL-tables.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
It is required to save split parent ID too, not only split ID.
Otherwise inhume operation works incorrect: shard with last part may be skipped
and parent object will be available.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
getSvc may change the values of some fields, so Head will affect Delete
or Put. In this case, the change is necessary so that the session token
is stored in the tombstone object (EC assemble calls `ForgetTokens`).
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Now EC objects assembling is performed concurrently.
Also fixed issue with an error in case of getting
EC object via non-container node.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Previously we used pointer, this could have worked,
because most of the time, the netmap is cached.
This didn't work, however, because `lastNm` field was always nil.
Rework the mechanism completely:
1. Use epoch to track netmap versions, as it it simpler and
is unrelated to the TTL of an underlying cache.
2. Fix a bug where the epoch could change while mutex was unlocked.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* We used several utility functions to parse frostfsid client
subject and extended subject. However, following the changes
in TrueCloudLab/frostfs-contract#97, these utility functions
have become public. So there is no more need to have them here.
* There was a mismatch of slice parameter required length between
frostfs-node's and frostfs-contract's utility functions,
`checkStackItem()` solves this problem.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
When AddByPath() is called concurrently on 2 different nodes,
internal path components may be created twice. This violates some
of our assumptions in GetByPath() and, indirectly, in S3 handling of
GetSubTree() results.
Add a test for the correct behaviour, fixes will follow.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Make session token expired at `current_epoch + 1` but
not at `current_epoch` when it's still valid.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Refactor object and tree service - they should instantiate
chain router cheking the bearer token. If there are no bearer
token rules, then defaul chain router is used.
* Fix unit-tests.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Unlike default chain router, `BearerChainFedRouter` performs checks for
overrides defined in the bearer token;
* Add unit-test for the introduced router.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* `getStreamBasicChecker` must define `containerOwner` for backward checks,
otherwise bearer token cannot be validated for the token issuer.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
We used several utility functions to parse frostfsid client
subject and extended subject. However, following the changes
in TrueCloudLab/frostfs-contract#97, these utility functions
have become public. So there is no more need to have them here.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>