diff --git a/api/cache/cache_test.go b/api/cache/cache_test.go index 825c4e67..095a8fce 100644 --- a/api/cache/cache_test.go +++ b/api/cache/cache_test.go @@ -3,10 +3,13 @@ package cache import ( "testing" + "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox" cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test" oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neo-go/pkg/util" "github.com/stretchr/testify/require" "go.uber.org/zap" "go.uber.org/zap/zaptest/observer" @@ -194,6 +197,44 @@ func TestNotificationConfigurationCacheType(t *testing.T) { assertInvalidCacheEntry(t, cache.GetNotificationConfiguration(key), observedLog) } +func TestFrostFSIDSubjectCacheType(t *testing.T) { + logger, observedLog := getObservedLogger() + cache := NewFrostfsIDCache(DefaultFrostfsIDConfig(logger)) + + key, err := util.Uint160DecodeStringLE("4ea976429703418ef00fc4912a409b6a0b973034") + require.NoError(t, err) + value := &client.SubjectExtended{} + + err = cache.PutSubject(key, value) + require.NoError(t, err) + val := cache.GetSubject(key) + require.Equal(t, value, val) + require.Equal(t, 0, observedLog.Len()) + + err = cache.cache.Set(key, "tmp") + require.NoError(t, err) + assertInvalidCacheEntry(t, cache.GetSubject(key), observedLog) +} + +func TestFrostFSIDUserKeyCacheType(t *testing.T) { + logger, observedLog := getObservedLogger() + cache := NewFrostfsIDCache(DefaultFrostfsIDConfig(logger)) + + ns, name := "ns", "name" + value, err := keys.NewPrivateKey() + require.NoError(t, err) + + err = cache.PutUserKey(ns, name, value.PublicKey()) + require.NoError(t, err) + val := cache.GetUserKey(ns, name) + require.Equal(t, value.PublicKey(), val) + require.Equal(t, 0, observedLog.Len()) + + err = cache.cache.Set(ns+"/"+name, "tmp") + require.NoError(t, err) + assertInvalidCacheEntry(t, cache.GetUserKey(ns, name), observedLog) +} + func assertInvalidCacheEntry(t *testing.T, val interface{}, observedLog *observer.ObservedLogs) { require.Nil(t, val) require.Equal(t, 1, observedLog.Len()) diff --git a/api/cache/frostfsid.go b/api/cache/frostfsid.go new file mode 100644 index 00000000..da093ecd --- /dev/null +++ b/api/cache/frostfsid.go @@ -0,0 +1,84 @@ +package cache + +import ( + "fmt" + "time" + + "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client" + "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs" + "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" + "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine" + "github.com/bluele/gcache" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neo-go/pkg/util" + "go.uber.org/zap" +) + +// FrostfsIDCache provides lru cache for frostfsid contract. +type FrostfsIDCache struct { + cache gcache.Cache + logger *zap.Logger +} + +type FrostfsIDCacheKey struct { + Target engine.Target + Name chain.Name +} + +const ( + // DefaultFrostfsIDCacheSize is a default maximum number of entries in cache. + DefaultFrostfsIDCacheSize = 1e4 + // DefaultFrostfsIDCacheLifetime is a default lifetime of entries in cache. + DefaultFrostfsIDCacheLifetime = time.Minute +) + +// DefaultFrostfsIDConfig returns new default cache expiration values. +func DefaultFrostfsIDConfig(logger *zap.Logger) *Config { + return &Config{ + Size: DefaultFrostfsIDCacheSize, + Lifetime: DefaultFrostfsIDCacheLifetime, + Logger: logger, + } +} + +// NewFrostfsIDCache creates an object of FrostfsIDCache. +func NewFrostfsIDCache(config *Config) *FrostfsIDCache { + gc := gcache.New(config.Size).LRU().Expiration(config.Lifetime).Build() + return &FrostfsIDCache{cache: gc, logger: config.Logger} +} + +// GetSubject returns a cached client.SubjectExtended. Returns nil if value is missing. +func (c *FrostfsIDCache) GetSubject(key util.Uint160) *client.SubjectExtended { + return get[client.SubjectExtended](c, key) +} + +// PutSubject puts a client.SubjectExtended to cache. +func (c *FrostfsIDCache) PutSubject(key util.Uint160, subject *client.SubjectExtended) error { + return c.cache.Set(key, subject) +} + +// GetUserKey returns a cached *keys.PublicKey. Returns nil if value is missing. +func (c *FrostfsIDCache) GetUserKey(ns, name string) *keys.PublicKey { + return get[keys.PublicKey](c, ns+"/"+name) +} + +// PutUserKey puts a client.SubjectExtended to cache. +func (c *FrostfsIDCache) PutUserKey(ns, name string, userKey *keys.PublicKey) error { + return c.cache.Set(ns+"/"+name, userKey) +} + +func get[T any](c *FrostfsIDCache, key any) *T { + entry, err := c.cache.Get(key) + if err != nil { + return nil + } + + result, ok := entry.(*T) + if !ok { + c.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)), + zap.String("expected", fmt.Sprintf("%T", result))) + return nil + } + + return result +} diff --git a/cmd/s3-gw/app.go b/cmd/s3-gw/app.go index 222a7ac0..74c93a37 100644 --- a/cmd/s3-gw/app.go +++ b/cmd/s3-gw/app.go @@ -950,6 +950,15 @@ func getMorphPolicyCacheConfig(v *viper.Viper, l *zap.Logger) *cache.Config { return cacheCfg } +func getFrostfsIDCacheConfig(v *viper.Viper, l *zap.Logger) *cache.Config { + cacheCfg := cache.DefaultFrostfsIDConfig(l) + + cacheCfg.Lifetime = fetchCacheLifetime(v, l, cfgFrostfsIDCacheLifetime, cacheCfg.Lifetime) + cacheCfg.Size = fetchCacheSize(v, l, cfgFrostfsIDCacheSize, cacheCfg.Size) + + return cacheCfg +} + func (a *App) initHandler() { var err error diff --git a/cmd/s3-gw/app_settings.go b/cmd/s3-gw/app_settings.go index cc2dd5c4..deef8c2f 100644 --- a/cmd/s3-gw/app_settings.go +++ b/cmd/s3-gw/app_settings.go @@ -114,6 +114,8 @@ const ( // Settings. cfgAccessControlCacheSize = "cache.accesscontrol.size" cfgMorphPolicyCacheLifetime = "cache.morph_policy.lifetime" cfgMorphPolicyCacheSize = "cache.morph_policy.size" + cfgFrostfsIDCacheLifetime = "cache.frostfsid.lifetime" + cfgFrostfsIDCacheSize = "cache.frostfsid.size" cfgAccessBoxCacheRemovingCheckInterval = "cache.accessbox.removing_check_interval" diff --git a/config/config.env b/config/config.env index 3fff17ab..ca348f46 100644 --- a/config/config.env +++ b/config/config.env @@ -104,6 +104,9 @@ S3_GW_CACHE_ACCESSCONTROL_SIZE=100000 # Cache which stores list of policy chains S3_GW_CACHE_MORPH_POLICY_LIFETIME=1m S3_GW_CACHE_MORPH_POLICY_SIZE=10000 +# Cache which stores frostfsid subject info +S3_GW_CACHE_FROSTFSID_LIFETIME=1m +S3_GW_CACHE_FROSTFSID_SIZE=10000 # NATS S3_GW_NATS_ENABLED=true diff --git a/config/config.yaml b/config/config.yaml index fe16150f..757b38a3 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -129,6 +129,10 @@ cache: morph_policy: lifetime: 1m size: 10000 + # Cache which stores frostfsid subject info + frostfsid: + lifetime: 1m + size: 10000 nats: enabled: true diff --git a/docs/configuration.md b/docs/configuration.md index c3327ff5..1ed55a8e 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -418,6 +418,9 @@ cache: morph_policy: lifetime: 30s size: 10000 + frostfsid: + lifetime: 1m + size: 10000 ``` | Parameter | Type | Default value | Description | @@ -431,6 +434,7 @@ cache: | `accessbox` | [Accessbox cache config](#accessbox-subsection) | `lifetime: 10m`
`size: 100` | Cache which stores access box with tokens by its address. | | `accesscontrol` | [Cache config](#cache-subsection) | `lifetime: 1m`
`size: 100000` | Cache which stores owner to cache operation mapping. | | `morph_policy` | [Cache config](#cache-subsection) | `lifetime: 1m`
`size: 10000` | Cache which stores list of policy chains. | +| `frostfsid` | [Cache config](#cache-subsection) | `lifetime: 1m`
`size: 10000` | Cache which stores FrostfsID subject info. | #### `cache` subsection