mbiryukova/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Pull requests Activity
1374 commits 15 branches 22 tags 15 MiB
Commit graph

739 commits

Author SHA1 Message Date
Denis Kirillov
689f7ee818 [#437] tree: Support removing old split system nodes 
It's need to fit user expectation on deleting CORs for example.
Previously after removing cors (that was uploaded in split manner)
we can still get some data (from other node)
because deletion worked only for latest node version.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-22 10:42:11 +03:00
Denis Kirillov
977a20760b [#430] Delete all split version at once 
Previously after split we can get two `null` versioned object with the same key
and deleting such key removes only one node/object.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-19 11:26:51 +03:00
Denis Kirillov
c0011ebb8d [#430] tree: Fix multipart having system name 
Previously if multipart key has the same name as some system node
(e.g. bucket-settings, bucket-cors etc.) it shadows real system node
and bucket started to be unversioned again for example.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-19 11:24:50 +03:00
Denis Kirillov
456319d2f1 [#430] Fix split tree 
Update tree service to fix split tree problem.
Tree intermediate nodes can be duplicated, so we must handle this.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-19 11:24:46 +03:00
Alex Vanin
f86b82351a [#398] Fix parameter parsing in bucket retryer 
RetryStrategyExponential should use jitter backoff
instead of constant delay function

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-07-03 13:42:24 +03:00
Denis Kirillov
465eaa816a [#372] Drop [e]ACL related code 
Always consider buckets as APE compatible

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:58:44 +03:00
Denis Kirillov
77f8bdac58 [#372] Drop kludge.acl_enabled flag 
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:19 +03:00
Denis Kirillov
91541a432d [#411] Check uniqueness in DeleteMultipleObjects 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-26 16:39:06 +03:00
Denis Kirillov
943b30d9f4 [#411] Don't check object tags on deletion 
By specification https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
we shouldn't check object tags on PUT and DELETE

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-26 16:38:56 +03:00
Denis Kirillov
414f3943e2 [#410] Drop layer.Client interface 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:57:55 +03:00
Denis Kirillov
9432782ce6 [#401] Drop notifications 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:49:37 +03:00
Denis Kirillov
280d11c794 [#407] Don't set full_control for bucket owner 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-19 10:55:24 +03:00
Roman Loginov
ed34b2cae4 [#402] auth: Extend test coverage 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-06-14 10:06:00 +00:00
Denis Kirillov
76f553d292 [#403] Set resource tags into resource properties 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-13 11:12:40 +03:00
Denis Kirillov
bb81afc14a [#398] Support retryer 
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-06 13:02:17 +00:00
Marina Biryukova
e25dc90c20 [#399] Add OPTIONS method for object operations 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-06-04 12:59:45 +00:00
Pavel Pogodaev
b5fae316cf [#396] Add user to response 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-06-04 09:37:55 +00:00
Roman Loginov
9152b084ec [#387] Fix typo 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov
21dbe3ea8e [#387] api: Add tests for middleware 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov
f4d174e740 [#387] middleware: Extend test coverage 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Roman Loginov
8a758293b9 [#387] middleware: Delete unused code 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-05-22 15:06:02 +00:00
Denis Kirillov
fb521c7ac6 [#367] policy: Set IAM-MFA property to false by default 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-05-22 12:05:42 +03:00
Alex Vanin
87b9e97a80 [#354] Do not proceed on bucket remove error 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-17 20:38:39 +03:00
Artem Tataurov
d62d8f3874 [#385] Support the renaming of ObjectRequest and ObjectContainer 
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
 2024-05-14 16:51:36 +03:00
Alex Vanin
6bf6a3b1a3 [#362] Check user and groups during policy check 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-05-08 15:25:14 +03:00
Marina Biryukova
c43ef040dc [#382] Fix request type determination 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-07 15:17:22 +03:00
Marina Biryukova
2ab655b909 [#380] Add test for credentials versioning 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-03 07:24:13 +00:00
Pavel Pogodaev
db05021786 [#379] Add Iana CharsetReader for Oracle integration 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-25 17:44:38 +03:00
Marina Biryukova
034396d554 [#377] Add check of Source IP 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-22 15:29:18 +03:00
Pavel Pogodaev
3c436d8de9 [#365] Include iam user tags in query 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-22 10:47:43 +03:00
Marina Biryukova
45f77de8c8 [#371] Add custom Source IP header configuration 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-22 07:42:45 +00:00
Marina Biryukova
e22ff52165 [#367] Add check of AccessBox attributes 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-19 06:25:26 +00:00
Denis Kirillov
5315f7b733 [#269] Create frostfsid wrapper with cache 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-18 09:32:30 +03:00
Denis Kirillov
fec3b3f31e [#269] Add frostfsid cache configuration 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-17 12:11:23 +03:00
Marina Biryukova
3ff027587c [#357] Add check of request and resource tags 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-17 07:06:58 +00:00
Denis Kirillov
8307c73fef [#364] Fix removing combined object 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-12 14:56:38 +03:00
Roman Loginov
d8889fca56 [#340] Fix encode object acl 
In the process of encode the acl of an object,
we use a map. As a result, when traversing the
map, we can get a different sequence of permissions
each time. Therefore, a list is used instead of a map.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-04-11 09:28:30 +00:00
Alex Vanin
61ff4702a2 [#360] Reuse single target during policy check 
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:56:47 +03:00
Alex Vanin
6da1acc554 [#360] Use 'c' prefix for bucket policies instead of 'n' 
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:56:47 +03:00
Denis Kirillov
9c012d0a66 [#355] Remove policies when delete bucket 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-09 15:49:46 +00:00
Marina Biryukova
37d05dcefd [#353] Add check of listing parameters and versionID 
Add properties in policy check:
* s3:delimiter
* s3:prefix
* s3:max-keys
* s3:VersionId

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-08 17:57:55 +03:00
Denis Kirillov
8669bf6b50 [#346] acl: Update APE and fix using 
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-02 12:43:04 +00:00
Denis Kirillov
fbe7a784e8 [#301] Support GetBucketPolicyStatus 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-28 09:13:25 +03:00
Denis Kirillov
80c7b73eb9 [#306] In APE buckets forbid canned acl except private 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-19 16:57:26 +03:00
Denis Kirillov
62cc5a04a7 [#328] Log error on failed response writing 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-15 11:02:26 +03:00
Denis Kirillov
4ee3648183 [#328] Log invalid lock enabled header 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-04 15:09:51 +03:00
Denis Kirillov
ee48d1dc85 [#325] Log error on failed request id generation 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-04 09:49:41 +00:00
Denis Kirillov
f958eef2b3 [#325] Use default empty data.LockInfo in get/head in case of error 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-04 09:49:41 +00:00
Denis Kirillov
81b44ab3d3 [#325] Fix mutex usage in controller 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-04 09:49:41 +00:00
Denis Kirillov
8050ca2d51 [#306] Use session token for container read operations 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-01 18:14:33 +03:00