nzinkevich/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Pull requests Activity
1496 commits 14 branches 26 tags 22 MiB
Commit graph

129 commits

Author SHA1 Message Date
Pavel Pogodaev
d986e74897 [#147] Add Kludge profiles 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-12-13 11:25:07 +00:00
Roman Loginov
04b8fc2b5f [#562] Empty default value for TLS termination header param 
If the service is accessed not through a proxy and the
default value of the parameter with the header key is
not empty, then the system administrator does not
control disabling TLS verification in any way, because
the client can simply add a known header, thereby
skipping the verification. Therefore, the default value
of the header parameter is made empty. If it is empty,
then TLS verification cannot be disabled in any way.
Thus, the system administrator will be able to control
the enabling/disabling of TLS.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-13 11:12:58 +00:00
Roman Loginov
128939c01e [#562] Add tests for form encryption params 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-11 16:09:43 +03:00
Roman Loginov
4a4ce00994 [#562] Support TLS termination header for SSE-C 
The TLS termination header added for determining
whether TLS needs to be checked. If the system
requests come through a proxy server and TLS can
terminate at the proxy level, you should use this
header to disable TLS verification at SSE-C.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-11 16:09:43 +03:00
Denis Kirillov
cc9a68401f [#339] Add aws-sdk-go-v2 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-12-10 15:04:56 +03:00
Pavel Pogodaev
fb00dff83b [#540] Add md5 S3Tests compatability 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-11-13 14:50:16 +03:00
Roman Loginov
76008d4ba1 [#501] Consider using request logger in logAndSendError 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-11-02 08:51:48 +00:00
Marina Biryukova
e35b582fe2 [#506] Deny bucket names with dot 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-10-08 12:50:22 +03:00
Nikita Zinkevich
9fadfbbc2f [#488] Renamed api/errors, layer/frostfs and layer/tree package names 
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
 2024-10-02 12:35:04 +03:00
Denis Kirillov
738ce14f50 [#434] Remove container on failed bucket creation 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-09-25 07:15:24 +00:00
Marina Biryukova
f187141ae5 [#486] Fix PUT object with negative Content-Length 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-09-16 08:45:46 +00:00
Pavel Pogodaev
98815d5473 [#450] Fix aws-chunked header workflow 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-09-13 11:59:07 +03:00
Denis Kirillov
20719bd85c [#456] PostObject: check object key for emptiness 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-08-13 09:27:26 +03:00
Alex Vanin
f86b82351a [#398] Fix parameter parsing in bucket retryer 
RetryStrategyExponential should use jitter backoff
instead of constant delay function

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-07-03 13:42:24 +03:00
Denis Kirillov
465eaa816a [#372] Drop [e]ACL related code 
Always consider buckets as APE compatible

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:58:44 +03:00
Denis Kirillov
77f8bdac58 [#372] Drop kludge.acl_enabled flag 
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:19 +03:00
Denis Kirillov
9432782ce6 [#401] Drop notifications 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:49:37 +03:00
Denis Kirillov
280d11c794 [#407] Don't set full_control for bucket owner 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-19 10:55:24 +03:00
Denis Kirillov
bb81afc14a [#398] Support retryer 
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-06 13:02:17 +00:00
Artem Tataurov
d62d8f3874 [#385] Support the renaming of ObjectRequest and ObjectContainer 
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
 2024-05-14 16:51:36 +03:00
Pavel Pogodaev
db05021786 [#379] Add Iana CharsetReader for Oracle integration 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-25 17:44:38 +03:00
Marina Biryukova
3ff027587c [#357] Add check of request and resource tags 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-17 07:06:58 +00:00
Alex Vanin
6da1acc554 [#360] Use 'c' prefix for bucket policies instead of 'n' 
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:56:47 +03:00
Denis Kirillov
80c7b73eb9 [#306] In APE buckets forbid canned acl except private 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-19 16:57:26 +03:00
Denis Kirillov
62cc5a04a7 [#328] Log error on failed response writing 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-15 11:02:26 +03:00
Denis Kirillov
4ee3648183 [#328] Log invalid lock enabled header 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-04 15:09:51 +03:00
Denis Kirillov
937367caaf [#318] Fix panic on invalid multipart form 
Previously, simple 'curl -X POST http://localhost:8084/test' leads to panic because of wrong handle matching

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-29 17:30:28 +03:00
Denis Kirillov
c868af8a62 [#306] Add flag to enable old ACL bucket creation 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:50:08 +03:00
Denis Kirillov
bac1b3fb2d [#306] Use zero basic acl to mark APE containers 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:50:08 +03:00
Denis Kirillov
c452d58ce2 [#306] Reduce number of policy contract invocations 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:50:08 +03:00
Denis Kirillov
3d0d2032c6 [#306] acl: Handle put/get acl for APE buckets 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:50:08 +03:00
Denis Kirillov
1f2cf0ed67 [#306] Use APE instead of eACL on bucket creation 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:50:08 +03:00
Denis Kirillov
28c6bb4cb8 [#266] Support per namespace placement policies configuration 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-11-28 16:12:42 +03:00
Denis Kirillov
ff1ec56d24 [#260] Use namespace as domain when create bucket 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-11-27 15:30:12 +03:00
Roman Loginov
861454e499 [#218] Add check content sha256 header 
The X-Amz-Content-Sha256 header check is done only for unencrypted payload.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2023-11-22 11:33:52 +00:00
Marina Biryukova
b28ecef43b [#219] Return ETag in quotes 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2023-11-22 11:12:32 +00:00
Marina Biryukova
fe796ba538 [#217] Consider Copy-Source-SSE-* headers during copy 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2023-11-13 13:22:58 +00:00
Marina Biryukova
25bb581fee [#205] Add md5 checksum in header 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2023-10-25 11:04:19 +03:00
Roman Loginov
7e91f62c28 [#223] Add store content language 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2023-10-17 14:42:02 +00:00
Marina Biryukova
298662df9d [#221] Expand xmlns field ignore 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2023-10-13 16:21:13 +03:00
Marina Biryukova
b8c93ed391 [#172] Convert handler config to interface 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2023-10-04 11:01:27 +00:00
Roman Loginov
8efcc957ea [#96] Move log messages to constants 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2023-08-23 18:32:31 +03:00
Roman Loginov
40d7f844e3 [#137] Refactor context data retrievers 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2023-08-16 14:05:38 +00:00
Denis Kirillov
b59aa06637 [#146] Add kludge.bypass_content_encoding_check_in_chunks flag 
Flag allows to skip checking `Content-Encoding` for `aws-chunked` value

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-07-18 14:49:52 +03:00
Denis Kirillov
751a9be7cc [#146] Move getting chunk payload reader to separate function 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-07-18 14:49:03 +03:00
Denis Kirillov
fc90981c03 [#149] Update inner imports after moving middlewares 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-07-11 17:25:09 +03:00
Artem Tataurov
614d703726 [#106] Add chunk uploading 
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
 2023-06-21 10:23:57 +03:00
Denis Kirillov
23593eee3d [#111] Use request scope logger 
Store child zap logger with request scope fields into context.
Request scoped fields: request_id, api/method, bucket, object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-06-19 13:54:51 +03:00
Denis Kirillov
4a6e3a19ce [#125] Handle negative Content-Length on put 
Add computing actual object size during calculating hash on put.
Use this actual value to save in tree and cache

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-06-02 14:16:19 +00:00
Artem Tataurov
9f186d9aba [#104] app: Reload copies numbers on SIGHUP 
Signed-off-by: Artem Tataurov <a.tataurov@yadro.com>
 2023-05-23 13:19:58 +03:00