ognev/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Pull requests Activity
1311 commits 6 branches 13 tags 18 MiB
Commit graph

15 commits

Author SHA1 Message Date
Alex Vanin
f02bad65a8 [#362] Check user and groups during policy check 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-12 16:52:08 +03:00
Alex Vanin
65a8e2dadc [#360] Reuse single target during policy check 
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:40:25 +03:00
Alex Vanin
b7e15402a1 [#360] Use 'c' prefix for bucket policies instead of 'n' 
With 'c' prefix, acl chains become shorter, thus gateway
receives shorter results and avoids sessions to neo-go.

There is still issue with many IAM rules.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-04-10 17:40:25 +03:00
Denis Kirillov
a32b41716f [#328] Log error on failed response writing 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-15 11:04:05 +03:00
Denis Kirillov
c12e264697 [#306] Simplify cid resolver for metrics 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-03-01 17:46:16 +03:00
Denis Kirillov
fabb4134bc [#318] Use log msg from constants 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-29 17:30:28 +03:00
Denis Kirillov
7b86bac6ee [#318] Log unmatched requests 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-29 17:30:28 +03:00
Denis Kirillov
6e5bcaef97 [#318] Log policy request checking 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-29 17:30:28 +03:00
Denis Kirillov
3285a2e105 [#306] policy: Change default access strategy 
Use access strategy based on bucket type and/or config flags.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-02-28 17:53:13 +03:00
Denis Kirillov
5698d5844e [#283] Support frostfsid groups in policy request checking 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-21 14:21:36 +03:00
Denis Kirillov
a17ff66975 [#282] policy: Use prefixes to distinguish s3/iam actions/resources 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-20 10:41:15 +03:00
Denis Kirillov
8273af8bf8 [#261] Make PutBucketPolicy handler use policy contract 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-18 15:49:54 +03:00
Denis Kirillov
9272f4e108 [#259] Support contract based policies 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-11 10:01:46 +03:00
Denis Kirillov
43abf58068 [#257] Support flag to deny access if policy rules not found 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-06 17:47:58 +03:00
Denis Kirillov
473239bf36 [#257] Add policy checker 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2023-12-06 17:47:51 +03:00