r.loginov/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Pull requests Activity
1498 commits 10 branches 15 tags 27 MiB
Commit graph

316 commits

Author SHA1 Message Date
Roman Loginov
e0ce59fd32 [#586] Skip port when matching listen domains 
We may have a situation where the domain
can be specified in the config without a
port, and the host in the header will be
with a port. As a result, the host will
not match. Now the port is not taken into
account when checking for a match.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-17 12:39:09 +00:00
Vitaliy Potyarkin
f391966326 [#581] Clean up remaining NeoFS mentions 
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
 2024-12-13 18:18:04 +03:00
Pavel Pogodaev
d986e74897 [#147] Add Kludge profiles 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-12-13 11:25:07 +00:00
Roman Loginov
04b8fc2b5f [#562] Empty default value for TLS termination header param 
If the service is accessed not through a proxy and the
default value of the parameter with the header key is
not empty, then the system administrator does not
control disabling TLS verification in any way, because
the client can simply add a known header, thereby
skipping the verification. Therefore, the default value
of the header parameter is made empty. If it is empty,
then TLS verification cannot be disabled in any way.
Thus, the system administrator will be able to control
the enabling/disabling of TLS.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-13 11:12:58 +00:00
Roman Loginov
128939c01e [#562] Add tests for form encryption params 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-11 16:09:43 +03:00
Roman Loginov
4a4ce00994 [#562] Support TLS termination header for SSE-C 
The TLS termination header added for determining
whether TLS needs to be checked. If the system
requests come through a proxy server and TLS can
terminate at the proxy level, you should use this
header to disable TLS verification at SSE-C.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-12-11 16:09:43 +03:00
Denis Kirillov
ea714c2e9e [#339] Fix logging in authmate [pre]sign command 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-12-10 15:04:56 +03:00
Denis Kirillov
c4c757eea6 [#339] Drop aws-sdk-go v1 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-12-10 15:04:56 +03:00
Denis Kirillov
8da71c3ae0 [#339] sigv4a: Support presign 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-12-10 15:04:56 +03:00
Nikita Zinkevich
8f7ccb0f62
[#570] Remove frostfs-api-go dependency 
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
 2024-12-10 11:03:30 +03:00
Marina Biryukova
f215d200e8 [#559] Remove multipart objects using tombstones 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-12-04 11:03:01 +03:00
Pavel Pogodaev
51322cccdf [#502] Add Dropped logs (by sampling) metric 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-12-03 12:16:56 +00:00
Denis Kirillov
b1775f9478 [#553] authmate: Add retryer to create access box 
After using AddChain to provide access to container we have to wait:
* tx with APE chain be accepted by blockchain
* cache in storage node be updated

it takes a while. So we add retry
 (the same as when we add bucket settings during bucket creation)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-11-19 15:46:00 +03:00
Denis Kirillov
4fa45bdac2 [#553] authmate: Don't use basic acl 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-11-19 15:45:54 +03:00
Roman Loginov
368c7d2acd [#549] Add tracing attributes 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-11-18 11:55:31 +00:00
Marina Biryukova
979d85b046 [#505] authmate: Add flag for headers in generate-presigned-url cmd 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-11-02 08:53:54 +00:00
Alex Vanin
9e64304499 [#521] Use handler to register dial events 
While frostfs-node uses dial handler to udpate metric
value, gateway starts with simple event logging.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-10-29 15:55:27 +03:00
Alex Vanin
94504e9746 [#521] Use source dialer for gRPC connection to storage 
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
 2024-10-29 15:55:27 +03:00
Denis Kirillov
3c7cb82553 [#509] Init resolvers before first resolving 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-10-23 15:01:31 +03:00
Denis Kirillov
b78e55e101 [#509] Support custom AWS credentials 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-10-23 15:01:31 +03:00
Vladimir Domnich
25c24f5ce6 [#522] Add waiter to contract clients 
Signed-off-by: Vladimir Domnich <v.domnich@yadro.com>
 2024-10-23 09:22:19 +03:00
Roman Loginov
aaed083d82 [#520] Support the continuous use of interceptors 
We can always add interceptors to the grpc
connection to the storage, since the actual
use will be controlled by the configuration
from the frostfs-observability library.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-10-21 11:49:22 +03:00
Denis Kirillov
03481274f0 [#467] authmate: Add sign command 
Support singing arbitrary data using aws sigv4 algorithm

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-10-02 13:42:22 +00:00
Pavel Pogodaev
99f273f9af [#461] Configure logger sampling policy 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-09-26 10:34:44 +03:00
Aleksey Savaitan
34c1426b9f [#484] Add root ca cert for telemetry configuration 
Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
 2024-09-19 11:07:13 +00:00
Roman Loginov
8ca73e2079 [#493] Fix of receiving VHS namespaces map 
In the process of forming a map with namespaces
for which VHS is enabled, we resolve the alias
of the namespace. The problem is that to resolve,
we need default namespace names, which in turn do
not have time to decide by this time. Therefore,
now the check for the default name takes place
directly in the prepareVHSNamespaces function
based on previously read default names.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-09-17 16:57:05 +03:00
Marina Biryukova
d0e4d55772 [#460] Add network info cache 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-09-13 09:56:24 +00:00
Nikita Zinkevich
62615d7ab7 [#369] Request reproducer 
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
 2024-09-11 15:25:09 +03:00
Nikita Zinkevich
575ab4d294 [#369] Enhanced http requests logging 
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
 2024-09-11 15:25:09 +03:00
Marina Biryukova
d919e6cce2 [#482] Fix containers resolving 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-09-05 12:33:14 +03:00
Denis Kirillov
136b5521fe [#475] Support graceful_close_on_switch_timeout param 
This allows in-flight requests finish during rebalance

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-08-29 13:22:08 +00:00
Roman Loginov
a5f670d904 [#329] Reduce using mutex when update app settings 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-08-29 12:03:26 +00:00
Roman Loginov
bf00fa6aa9 [#449] Add support headers for vhs and servername 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-08-23 08:35:05 +00:00
Roman Loginov
534ae7f0f1 [#446] Add support virtual-hosted-style 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
 2024-08-23 08:35:05 +00:00
Marina Biryukova
481520705a [#42] Support expiration lifecycle 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-08-21 10:38:35 +03:00
Marina Biryukova
28723f4a68 [#447] Add tree pool request duration metric 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-08-21 06:36:55 +00:00
Denis Kirillov
3dc989d7fe [#451] Support Location in CompleteMultipart response 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-08-06 15:45:09 +03:00
Denis Kirillov
6cb0026007 [#427] layer: Split FrostFS ReadObject to separate methods 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-23 16:53:59 +03:00
Marina Biryukova
971006a28c [#422] Support separate container for CORS 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-07-23 12:33:29 +00:00
Denis Kirillov
70eedfc077 [#414] authmate: Add register-user command 
New command allows register user in frostfsid and
set allowed rules in policy contract

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-08 14:13:00 +03:00
Denis Kirillov
9241954496 [#372] authmate: Don't create creds with eacl table 
Allow only impersonate flag.
Don't allow SetEACL container session token.

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:21 +03:00
Denis Kirillov
77f8bdac58 [#372] Drop kludge.acl_enabled flag 
Now only APE container can be created using s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-07-01 16:26:19 +03:00
Denis Kirillov
414f3943e2 [#410] Drop layer.Client interface 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:57:55 +03:00
Denis Kirillov
9432782ce6 [#401] Drop notifications 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-25 15:49:37 +03:00
Denis Kirillov
2b04fcb5ec [#406] Remove control api 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-21 06:36:56 +00:00
Denis Kirillov
bb81afc14a [#398] Support retryer 
Add two strategy for PutBucketSettings request retryer:
* exponential backoff (increasing up to `max_backoff` delays with jitter)
* constant backoff (always the same `max_backoff` delay between requests)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-06-06 13:02:17 +00:00
Marina Biryukova
2ab655b909 [#380] Add test for credentials versioning 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-05-03 07:24:13 +00:00
Pavel Pogodaev
db05021786 [#379] Add Iana CharsetReader for Oracle integration 
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
 2024-04-25 17:44:38 +03:00
Marina Biryukova
45f77de8c8 [#371] Add custom Source IP header configuration 
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
 2024-04-22 07:42:45 +00:00
Denis Kirillov
5315f7b733 [#269] Create frostfsid wrapper with cache 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
 2024-04-18 09:32:30 +03:00