forked from TrueCloudLab/frostfs-s3-gw
[#333] Update sdk
Update sdk to fix "invalid session token owner" error Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Alex Vanin
parent
badc94e904
commit
8fc19b11db
6 changed files with 15 additions and 32 deletions
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
|
|
@ -130,7 +131,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*ci
|
|||
|
||||
options := []container.Option{
|
||||
container.WithPolicy(p.Policy),
|
||||
container.WithCustomBasicACL(p.ACL),
|
||||
container.WithCustomBasicACL(acl.BasicACL(p.ACL)),
|
||||
container.WithAttribute(container.AttributeName, p.Name),
|
||||
container.WithAttribute(container.AttributeTimestamp, strconv.FormatInt(bktInfo.Created.Unix(), 10)),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/resolver"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
|
@ -288,8 +287,7 @@ func (n *layer) Owner(ctx context.Context) *owner.ID {
|
|||
return data.Gate.BearerToken.Issuer()
|
||||
}
|
||||
|
||||
id, _ := authmate.OwnerIDFromNeoFSKey(n.EphemeralKey())
|
||||
return id
|
||||
return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(n.EphemeralKey()))
|
||||
}
|
||||
|
||||
// CallOptions returns []pool.CallOption options: client.WithBearer or client.WithKey (if request is anonymous).
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ func (t *testPool) AnnounceContainerUsedSpace(ctx context.Context, announcements
|
|||
panic("implement me")
|
||||
}
|
||||
|
||||
func (t *testPool) Connection() (client.Client, *session.Token, error) {
|
||||
func (t *testPool) Connection() (pool.Client, *session.Token, error) {
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/cache"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
|
@ -33,7 +34,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
defaultAuthContainerBasicACL uint32 = 0b00111100100011001000110011001110
|
||||
defaultAuthContainerBasicACL acl.BasicACL = 0b00111100100011001000110011001110 // 0x3C8C8CCE - private container with only GET allowed to others
|
||||
)
|
||||
|
||||
// Agent contains client communicating with NeoFS and logger.
|
||||
|
|
@ -252,10 +253,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
|||
|
||||
box.ContainerPolicy = policies
|
||||
|
||||
oid, err := OwnerIDFromNeoFSKey(options.NeoFSKey.PublicKey())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
oid := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey)
|
||||
|
||||
a.log.Info("store bearer token into NeoFS",
|
||||
zap.Stringer("owner_tkn", oid))
|
||||
|
|
@ -403,10 +401,7 @@ func buildContext(rules []byte) (*session.ContainerContext, error) {
|
|||
}
|
||||
|
||||
func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*token.BearerToken, error) {
|
||||
oid, err := OwnerIDFromNeoFSKey(gateKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
oid := owner.NewIDFromPublicKey((*ecdsa.PublicKey)(gateKey))
|
||||
|
||||
bearerToken := token.NewBearerToken()
|
||||
bearerToken.SetEACLTable(table)
|
||||
|
|
@ -478,11 +473,8 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions, cid *ci
|
|||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to build context for session token: %w", err)
|
||||
}
|
||||
oid, err := OwnerIDFromNeoFSKey(options.NeoFSKey.PublicKey())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
oid := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey)
|
||||
sessionTokens, err := buildSessionTokens(options.NeoFSKey, oid, lifetime, sessionRules, options.GatesPublicKeys)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -494,11 +486,3 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions, cid *ci
|
|||
|
||||
return gates, nil
|
||||
}
|
||||
|
||||
func OwnerIDFromNeoFSKey(key *keys.PublicKey) (*owner.ID, error) {
|
||||
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return owner.NewIDFromNeo3Wallet(wallet), nil
|
||||
}
|
||||
|
|
|
|||
4
go.mod
4
go.mod
|
|
@ -10,8 +10,8 @@ require (
|
|||
github.com/google/uuid v1.2.0
|
||||
github.com/gorilla/mux v1.8.0
|
||||
github.com/nspcc-dev/neo-go v0.98.0
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.1
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3
|
||||
github.com/prometheus/client_golang v1.11.0
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/spf13/viper v1.7.1
|
||||
|
|
|
|||
8
go.sum
8
go.sum
|
|
@ -276,15 +276,15 @@ github.com/nspcc-dev/neo-go v0.73.1-pre.0.20200303142215-f5a1b928ce09/go.mod h1:
|
|||
github.com/nspcc-dev/neo-go v0.98.0 h1:yyW4sgY88/pLf0949qmgfkQXzRKC3CI/WyhqXNnwMd8=
|
||||
github.com/nspcc-dev/neo-go v0.98.0/go.mod h1:E3cc1x6RXSXrJb2nDWXTXjnXk3rIqVN8YdFyWv+FrqM=
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.1 h1:SVqc523pZsSaS9vnPS1mm3VV6b6xY0gvdA0uYJ/GWZQ=
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac h1:65C4z7pybLT2HjtY96abZj6kbgVp34AbrApn5DD+ZxY=
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
|
||||
github.com/nspcc-dev/neofs-crypto v0.2.0/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA=
|
||||
github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
|
||||
github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnBg0L4ifM=
|
||||
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644 h1:AytMrbwumNIfjYcG1ng+OuEXTtBslya96UAYj/h+dTQ=
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3 h1:Llot/7cnQwCfhSrnNLDhuYxKpX4Ay+xa6x7B1jI2eaU=
|
||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3/go.mod h1:fhs4v6uts7bEgwYP05NXbAQlQ0YhK4WVjJRKQKFKBxY=
|
||||
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
|
||||
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||
|
|
|
|||
Loading…
Reference in a new issue