frostfs-s3-gw

Author	SHA1	Message	Date
Roman Loginov	d8889fca56	[#340 ] Fix encode object acl In the process of encode the acl of an object, we use a map. As a result, when traversing the map, we can get a different sequence of permissions each time. Therefore, a list is used instead of a map. Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2024-04-11 09:28:30 +00:00
Alex Vanin	6da1acc554	[#360 ] Use 'c' prefix for bucket policies instead of 'n' With 'c' prefix, acl chains become shorter, thus gateway receives shorter results and avoids sessions to neo-go. There is still issue with many IAM rules. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2024-04-10 17:56:47 +03:00
Denis Kirillov	8669bf6b50	[#346 ] acl: Update APE and fix using * Remove native policy when remove bucket policy * Allow policies that contain only s3 compatible statements (now deny rules cannot be converted to native rules) Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-04-02 12:43:04 +00:00
Denis Kirillov	fbe7a784e8	[#301 ] Support GetBucketPolicyStatus Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-28 09:13:25 +03:00
Denis Kirillov	80c7b73eb9	[#306 ] In APE buckets forbid canned acl except private Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-03-19 16:57:26 +03:00
Denis Kirillov	8f89f275bd	[#306 ] Save bucket policy as native chain Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	c868af8a62	[#306 ] Add flag to enable old ACL bucket creation Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	c452d58ce2	[#306 ] Reduce number of policy contract invocations Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	d9d12debc3	[#306 ] Add tests Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	3d0d2032c6	[#306 ] acl: Handle put/get acl for APE buckets Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	37be8851b3	[#306 ] Simplify namespaces configuration Resolve ns alias at the beginning of the request just once. Keep in ns map only one default ns key. Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	c4c199defe	[#306 ] Use s3 as chain id prefix to be consistent Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2024-02-28 17:50:08 +03:00
Denis Kirillov	a17ff66975	[#282 ] policy: Use prefixes to distinguish s3/iam actions/resources Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-20 10:41:15 +03:00
Denis Kirillov	38c5503a02	[#261 ] alc: Remove unused Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-18 15:49:58 +03:00
Denis Kirillov	8273af8bf8	[#261 ] Make PutBucketPolicy handler use policy contract Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-12-18 15:49:54 +03:00
Marina Biryukova	b28ecef43b	[#219 ] Return ETag in quotes Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2023-11-22 11:12:32 +00:00
Marina Biryukova	298662df9d	[#221 ] Expand xmlns field ignore Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2023-10-13 16:21:13 +03:00
Roman Loginov	8efcc957ea	[#96 ] Move log messages to constants Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2023-08-23 18:32:31 +03:00
Roman Loginov	40d7f844e3	[#137 ] Refactor context data retrievers Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2023-08-16 14:05:38 +00:00
Denis Kirillov	fc90981c03	[#149 ] Update inner imports after moving middlewares Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-07-11 17:25:09 +03:00
Denis Kirillov	d531b13866	[#143 ] Add more context to some s3 errors Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-06-30 12:08:33 +03:00
Denis Kirillov	23593eee3d	[#111 ] Use request scope logger Store child zap logger with request scope fields into context. Request scoped fields: request_id, api/method, bucket, object Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-06-19 13:54:51 +03:00
Denis Kirillov	64e7356acc	[TrueCloudLab#32] Add custom policy unmarshaler Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>	2023-03-09 11:19:01 +00:00
Alex Vanin	813aa2f173	Rename package name Due to source code relocation from GitHub. Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2023-03-07 17:38:08 +03:00
Alex Vanin	96dff367db	[#1 ] Build S3 Gateway with FrostFS dependencies Signed-off-by: Alex Vanin <a.vanin@yadro.com>	2022-12-15 12:43:52 +03:00
Denis Kirillov	2886ac161c	[#740 ] Fix forming policy by ast Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-11-10 15:33:03 +03:00
Denis Kirillov	4082cd6b54	[#606 ] Keep eacl records order on conflict Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-09-08 12:21:47 +03:00
Denis Kirillov	9cd4ef1ac4	[#657 ] Replace FileName with FilePath attribute Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-09-07 15:50:43 +03:00
Denis Kirillov	e38bdae07a	[#676 ] Fix object acl Put object acl always add rules to specific version of object. Get object acl consider READ rights as FULL_CONTROL because WRITE cannot be applied to object Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-08-29 13:20:30 +03:00
Angira Kekteeva	dfd734b9ec	[#577 ] Separate GetObjectInfo and GetExtendedObjectInfo Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-08-09 17:20:40 +04:00
Angira Kekteeva	3ac3f1cc9d	[#577 ] Rename objectInfo.Version() to VersionID() Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-08-09 17:20:40 +04:00
Denis Kirillov	0057f6b7db	[#546 ] Add size and etag in nodeVersionInfo Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-22 15:19:16 +03:00
Denis Kirillov	88c392d024	[#490 ] Optimize GetObjectTaggingAndLock Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-22 15:19:16 +03:00
Alex Vanin	d7f77ce874	[#574 ] Produce deny records for private objects in put-object-acl Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-21 17:55:15 +03:00
Alex Vanin	66fe3fee7b	[#574 ] Produce deny records for private objects Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-21 17:55:15 +03:00
Denis Kirillov	7ba7e7dc4d	[#590 ] Make service records valid Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-20 19:10:23 +03:00
Denis Kirillov	1e26cf1541	[#590 ] Use service records to save resource info Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-20 19:10:23 +03:00
Angira Kekteeva	b144e50f7f	[#584 ] Refactor formRecords func Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-07-19 11:54:27 +03:00
Angira Kekteeva	3f4a55f39e	[#584 ] Fix order in astToTable Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-07-19 11:54:27 +03:00
Angira Kekteeva	260fb95677	[#584 ] Fix order in tableToAst Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-07-19 11:54:27 +03:00
Denis Kirillov	1575da65a4	[#573 ] Fix object acl filters Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-14 13:33:11 +03:00
Alex Vanin	a57b8d34d3	[#553 ] Add more comments about eacl.RoleUnknown Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-07 12:05:25 +03:00
Alex Vanin	06d043e1eb	[#553 ] Optimize target formation with multiple keys Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-07 12:05:25 +03:00
Alex Vanin	d6065c64c4	[#553 ] Check group grantee based on stored list of users Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-07 12:05:25 +03:00
Alex Vanin	c7de7d2928	[#553 ] Do not use user role with public keys in eacl target Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-07 12:05:25 +03:00
Alex Vanin	36029ca864	[#580 ] Fix user removal in astOperation Signed-off-by: Alex Vanin <alexey@nspcc.ru>	2022-07-06 17:40:41 +03:00
Denis Kirillov	6e1a1f3839	[#522 ] Suppress CodeQL error Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-07-04 11:03:55 +03:00
Denis Kirillov	7ca519cb32	[#539 ] Add context to errors Signed-off-by: Denis Kirillov <denis@nspcc.ru>	2022-06-27 02:23:19 +04:00
Leonard Lyubich	028a152e04	[#544 ] Upgrade NeoFS SDK Go with another approach of container sessions After recent changes in NeoFS SDK Go library session tokens aren't embedded into `container.Container` and `eacl.Table` structures. Instead, the operations of storing given values in NeoFS are parameterized by elements of the corresponding type. Add dedicated session parameters to operations of bucket and eACL setting. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>	2022-06-24 13:00:26 +03:00
Angira Kekteeva	cfe7591cf7	[#523 ] Add putObjectACL notification Signed-off-by: Angira Kekteeva <kira@nspcc.ru>	2022-06-17 01:43:46 +04:00

1 2

72 commits