From 202dbfb95dbd3b8efd325f0870e5a0bc1978b896 Mon Sep 17 00:00:00 2001
From: Pavel Karpy <carpawell@nspcc.ru>
Date: Thu, 20 Jan 2022 12:49:03 +0300
Subject: [PATCH] [#1096] eacl: Rename `eacl` import aliases
Since `Validator` has been moved to SDK it is more readable to see `eaclSDK`
than `acl` import.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
---
pkg/services/object/acl/acl.go | 68 +++++++++++++--------------
pkg/services/object/acl/classifier.go | 12 ++---
2 files changed, 40 insertions(+), 40 deletions(-)
diff --git a/pkg/services/object/acl/acl.go b/pkg/services/object/acl/acl.go
index 5664a8da0..c28852ddf 100644
--- a/pkg/services/object/acl/acl.go
+++ b/pkg/services/object/acl/acl.go
@@ -20,7 +20,7 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
- acl "github.com/nspcc-dev/neofs-sdk-go/eacl"
+ eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
objectSDK "github.com/nspcc-dev/neofs-sdk-go/object"
"github.com/nspcc-dev/neofs-sdk-go/owner"
"github.com/nspcc-dev/neofs-sdk-go/util/signature"
@@ -65,10 +65,10 @@ type (
requestInfo struct {
basicACL basicACLHelper
- requestRole acl.Role
+ requestRole eaclSDK.Role
isInnerRing bool
- operation acl.Operation // put, get, head, etc.
- cnrOwner *owner.ID // container owner
+ operation eaclSDK.Operation // put, get, head, etc.
+ cnrOwner *owner.ID // container owner
cid *cid.ID
@@ -98,7 +98,7 @@ type cfg struct {
type eACLCfg struct {
eaclSource eacl.Source
- eACL *acl.Validator
+ eACL *eaclSDK.Validator
localStorage *engine.StorageEngine
@@ -131,7 +131,7 @@ func New(opts ...Option) Service {
opts[i](cfg)
}
- cfg.eACL = acl.NewValidator()
+ cfg.eACL = eaclSDK.NewValidator()
return Service{
cfg: cfg,
@@ -153,7 +153,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
src: request,
}
- reqInfo, err := b.findRequestInfo(req, cid, acl.OperationGet)
+ reqInfo, err := b.findRequestInfo(req, cid, eaclSDK.OperationGet)
if err != nil {
return err
}
@@ -201,7 +201,7 @@ func (b Service) Head(
src: request,
}
- reqInfo, err := b.findRequestInfo(req, cid, acl.OperationHead)
+ reqInfo, err := b.findRequestInfo(req, cid, eaclSDK.OperationHead)
if err != nil {
return nil, err
}
@@ -240,7 +240,7 @@ func (b Service) Search(request *object.SearchRequest, stream objectSvc.SearchSt
src: request,
}
- reqInfo, err := b.findRequestInfo(req, id, acl.OperationSearch)
+ reqInfo, err := b.findRequestInfo(req, id, eaclSDK.OperationSearch)
if err != nil {
return err
}
@@ -277,7 +277,7 @@ func (b Service) Delete(
src: request,
}
- reqInfo, err := b.findRequestInfo(req, cid, acl.OperationDelete)
+ reqInfo, err := b.findRequestInfo(req, cid, eaclSDK.OperationDelete)
if err != nil {
return nil, err
}
@@ -309,7 +309,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
src: request,
}
- reqInfo, err := b.findRequestInfo(req, cid, acl.OperationRange)
+ reqInfo, err := b.findRequestInfo(req, cid, eaclSDK.OperationRange)
if err != nil {
return err
}
@@ -347,7 +347,7 @@ func (b Service) GetRangeHash(
src: request,
}
- reqInfo, err := b.findRequestInfo(req, cid, acl.OperationRangeHash)
+ reqInfo, err := b.findRequestInfo(req, cid, eaclSDK.OperationRangeHash)
if err != nil {
return nil, err
}
@@ -391,7 +391,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
src: request,
}
- reqInfo, err := p.source.findRequestInfo(req, cid, acl.OperationPut)
+ reqInfo, err := p.source.findRequestInfo(req, cid, eaclSDK.OperationPut)
if err != nil {
return err
}
@@ -442,7 +442,7 @@ func (g *searchStreamBasicChecker) Send(resp *object.SearchResponse) error {
func (b Service) findRequestInfo(
req metaWithToken,
cid *cid.ID,
- op acl.Operation) (info requestInfo, err error) {
+ op eaclSDK.Operation) (info requestInfo, err error) {
cnr, err := b.containers.Get(cid) // fetch actual container
if err != nil || cnr.OwnerID() == nil {
return info, ErrUnknownContainer
@@ -454,7 +454,7 @@ func (b Service) findRequestInfo(
return info, err
}
- if role == acl.RoleUnknown {
+ if role == eaclSDK.RoleUnknown {
return info, ErrUnknownRole
}
@@ -561,17 +561,17 @@ func getObjectOwnerFromMessage(req interface{}) (id *owner.ID, err error) {
// main check function for basic ACL
func basicACLCheck(info requestInfo) bool {
// check basic ACL permissions
- var checkFn func(acl.Operation) bool
+ var checkFn func(eaclSDK.Operation) bool
switch info.requestRole {
- case acl.RoleUser:
+ case eaclSDK.RoleUser:
checkFn = info.basicACL.UserAllowed
- case acl.RoleSystem:
+ case eaclSDK.RoleSystem:
checkFn = info.basicACL.SystemAllowed
if info.isInnerRing {
checkFn = info.basicACL.InnerRingAllowed
}
- case acl.RoleOthers:
+ case eaclSDK.RoleOthers:
checkFn = info.basicACL.OthersAllowed
default:
// log there
@@ -584,7 +584,7 @@ func basicACLCheck(info requestInfo) bool {
func stickyBitCheck(info requestInfo, owner *owner.ID) bool {
// According to NeoFS specification sticky bit has no effect on system nodes
// for correct intra-container work with objects (in particular, replication).
- if info.requestRole == acl.RoleSystem {
+ if info.requestRole == eaclSDK.RoleSystem {
return true
}
@@ -612,7 +612,7 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
}
var (
- table *acl.Table
+ table *eaclSDK.Table
err error
)
@@ -622,7 +622,7 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
return errors.Is(err, container.ErrEACLNotFound)
}
} else {
- table = acl.NewTableFromV2(reqInfo.bearer.GetBody().GetEACL())
+ table = eaclSDK.NewTableFromV2(reqInfo.bearer.GetBody().GetEACL())
}
// if bearer token is not present, isValidBearer returns true
@@ -652,7 +652,7 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
)
}
- action := cfg.eACL.CalculateAction(new(acl.ValidationUnit).
+ action := cfg.eACL.CalculateAction(new(eaclSDK.ValidationUnit).
WithRole(reqInfo.requestRole).
WithOperation(reqInfo.operation).
WithContainerID(reqInfo.cid).
@@ -663,12 +663,12 @@ func eACLCheck(msg interface{}, reqInfo requestInfo, cfg *eACLCfg) bool {
WithEACLTable(table),
)
- return action == acl.ActionAllow
+ return action == eaclSDK.ActionAllow
}
// sourceVerbOfRequest looks for verb in session token and if it is not found,
// returns reqVerb.
-func sourceVerbOfRequest(req metaWithToken, reqVerb acl.Operation) acl.Operation {
+func sourceVerbOfRequest(req metaWithToken, reqVerb eaclSDK.Operation) eaclSDK.Operation {
if req.token != nil {
switch v := req.token.GetBody().GetContext().(type) {
case *session.ObjectSessionContext:
@@ -681,24 +681,24 @@ func sourceVerbOfRequest(req metaWithToken, reqVerb acl.Operation) acl.Operation
return reqVerb
}
-func tokenVerbToOperation(verb session.ObjectSessionVerb) acl.Operation {
+func tokenVerbToOperation(verb session.ObjectSessionVerb) eaclSDK.Operation {
switch verb {
case session.ObjectVerbGet:
- return acl.OperationGet
+ return eaclSDK.OperationGet
case session.ObjectVerbPut:
- return acl.OperationPut
+ return eaclSDK.OperationPut
case session.ObjectVerbHead:
- return acl.OperationHead
+ return eaclSDK.OperationHead
case session.ObjectVerbSearch:
- return acl.OperationSearch
+ return eaclSDK.OperationSearch
case session.ObjectVerbDelete:
- return acl.OperationDelete
+ return eaclSDK.OperationDelete
case session.ObjectVerbRange:
- return acl.OperationRange
+ return eaclSDK.OperationRange
case session.ObjectVerbRangeHash:
- return acl.OperationRangeHash
+ return eaclSDK.OperationRangeHash
default:
- return acl.OperationUnknown
+ return eaclSDK.OperationUnknown
}
}
diff --git a/pkg/services/object/acl/classifier.go b/pkg/services/object/acl/classifier.go
index 0014ec224..233c4c0b8 100644
--- a/pkg/services/object/acl/classifier.go
+++ b/pkg/services/object/acl/classifier.go
@@ -13,7 +13,7 @@ import (
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
- acl "github.com/nspcc-dev/neofs-sdk-go/eacl"
+ eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/owner"
"github.com/nspcc-dev/neofs-sdk-go/signature"
@@ -52,7 +52,7 @@ func NewSenderClassifier(l *zap.Logger, ir InnerRingFetcher, nm core.Source) Sen
func (c SenderClassifier) Classify(
req metaWithToken,
cid *cid.ID,
- cnr *container.Container) (role acl.Role, isIR bool, key []byte, err error) {
+ cnr *container.Container) (role eaclSDK.Role, isIR bool, key []byte, err error) {
if cid == nil {
return 0, false, nil, fmt.Errorf("%w: container id is not set", ErrMalformedRequest)
}
@@ -68,7 +68,7 @@ func (c SenderClassifier) Classify(
// if request owner is the same as container owner, return RoleUser
if ownerID.Equal(cnr.OwnerID()) {
- return acl.RoleUser, false, ownerKeyInBytes, nil
+ return eaclSDK.RoleUser, false, ownerKeyInBytes, nil
}
isInnerRingNode, err := c.isInnerRingKey(ownerKeyInBytes)
@@ -77,7 +77,7 @@ func (c SenderClassifier) Classify(
c.log.Debug("can't check if request from inner ring",
zap.String("error", err.Error()))
} else if isInnerRingNode {
- return acl.RoleSystem, true, ownerKeyInBytes, nil
+ return eaclSDK.RoleSystem, true, ownerKeyInBytes, nil
}
isContainerNode, err := c.isContainerKey(ownerKeyInBytes, cid.ToV2().GetValue(), cnr)
@@ -88,11 +88,11 @@ func (c SenderClassifier) Classify(
c.log.Debug("can't check if request from container node",
zap.String("error", err.Error()))
} else if isContainerNode {
- return acl.RoleSystem, false, ownerKeyInBytes, nil
+ return eaclSDK.RoleSystem, false, ownerKeyInBytes, nil
}
// if none of above, return RoleOthers
- return acl.RoleOthers, false, ownerKeyInBytes, nil
+ return eaclSDK.RoleOthers, false, ownerKeyInBytes, nil
}
func requestOwner(req metaWithToken) (*owner.ID, *keys.PublicKey, error) {