package control import ( "bytes" "context" "fmt" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/container" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap" control "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) // HealthCheck returns health status of the local IR node. // // If request is not signed with a key from white list, permission error returns. func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest) (*control.HealthCheckResponse, error) { if err := s.isValidRequest(req); err != nil { return nil, status.Error(codes.PermissionDenied, err.Error()) } resp := new(control.HealthCheckResponse) body := new(control.HealthCheckResponse_Body) resp.SetBody(body) body.SetHealthStatus(s.prm.healthChecker.HealthStatus()) if err := SignMessage(&s.prm.key.PrivateKey, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } return resp, nil } // TickEpoch forces a new epoch. // // If request is not signed with a key from white list, permission error returns. func (s *Server) TickEpoch(_ context.Context, req *control.TickEpochRequest) (*control.TickEpochResponse, error) { if err := s.isValidRequest(req); err != nil { return nil, status.Error(codes.PermissionDenied, err.Error()) } resp := new(control.TickEpochResponse) resp.SetBody(new(control.TickEpochResponse_Body)) epoch, err := s.netmapClient.Epoch() if err != nil { return nil, fmt.Errorf("getting current epoch: %w", err) } vub, err := s.netmapClient.NewEpochControl(epoch+1, req.GetBody().GetVub()) if err != nil { return nil, fmt.Errorf("forcing new epoch: %w", err) } resp.Body.Vub = vub if err := SignMessage(&s.prm.key.PrivateKey, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } return resp, nil } // RemoveNode forces a node removal. // // If request is not signed with a key from white list, permission error returns. func (s *Server) RemoveNode(_ context.Context, req *control.RemoveNodeRequest) (*control.RemoveNodeResponse, error) { if err := s.isValidRequest(req); err != nil { return nil, status.Error(codes.PermissionDenied, err.Error()) } resp := new(control.RemoveNodeResponse) resp.SetBody(new(control.RemoveNodeResponse_Body)) nm, err := s.netmapClient.NetMap() if err != nil { return nil, fmt.Errorf("getting netmap: %w", err) } var nodeInfo netmap.NodeInfo for _, info := range nm.Nodes() { if bytes.Equal(info.PublicKey(), req.GetBody().GetKey()) { nodeInfo = info break } } if len(nodeInfo.PublicKey()) == 0 { return nil, status.Error(codes.NotFound, "no such node") } if nodeInfo.IsOffline() { return nil, status.Error(codes.FailedPrecondition, "node is already offline") } vub, err := s.netmapClient.ForceRemovePeer(nodeInfo, req.GetBody().GetVub()) if err != nil { return nil, fmt.Errorf("forcing node removal: %w", err) } resp.Body.Vub = vub if err := SignMessage(&s.prm.key.PrivateKey, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } return resp, nil } // RemoveContainer forces a container removal. func (s *Server) RemoveContainer(_ context.Context, req *control.RemoveContainerRequest) (*control.RemoveContainerResponse, error) { if err := s.isValidRequest(req); err != nil { return nil, status.Error(codes.PermissionDenied, err.Error()) } if len(req.Body.GetContainerId()) > 0 && len(req.Body.GetOwner()) > 0 { return nil, status.Error(codes.InvalidArgument, "specify the owner and container at the same time is not allowed") } var vub uint32 if len(req.Body.GetContainerId()) > 0 { var containerID cid.ID if err := containerID.Decode(req.Body.GetContainerId()); err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("failed to parse container ID: %s", err.Error())) } var err error vub, err = s.removeContainer(containerID, req.GetBody().GetVub()) if err != nil { return nil, err } } else { var ownerID refs.OwnerID if err := ownerID.Unmarshal(req.GetBody().GetOwner()); err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("failed to parse ownerID: %s", err.Error())) } var owner user.ID if err := owner.ReadFromV2(ownerID); err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("failed to read owner: %s", err.Error())) } cids, err := s.containerClient.ContainersOf(&owner) if err != nil { return nil, fmt.Errorf("failed to get owner's containers: %w", err) } for _, containerID := range cids { vub, err = s.removeContainer(containerID, req.GetBody().GetVub()) if err != nil { return nil, err } } } resp := &control.RemoveContainerResponse{ Body: &control.RemoveContainerResponse_Body{ Vub: vub, }, } if err := SignMessage(&s.prm.key.PrivateKey, resp); err != nil { return nil, status.Error(codes.Internal, err.Error()) } return resp, nil } func (s *Server) removeContainer(containerID cid.ID, vub uint32) (uint32, error) { var prm container.DeletePrm prm.SetCID(containerID[:]) prm.SetControlTX(true) prm.SetVUB(vub) vub, err := s.containerClient.Delete(prm) if err != nil { return 0, fmt.Errorf("forcing container removal: %w", err) } return vub, nil }