From 5b0ea5e0a83ae550c8ecca0eafade00fa72be646 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 12 Apr 2024 19:22:34 +0300 Subject: [PATCH 1/3] [#xxxx] policy: Add constants for more targets Signed-off-by: Alex Vanin --- policy/policy_contract.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/policy_contract.go b/policy/policy_contract.go index dd5876b..39bb0ce 100644 --- a/policy/policy_contract.go +++ b/policy/policy_contract.go @@ -16,6 +16,8 @@ type Kind byte const ( Namespace = 'n' Container = 'c' + User = 'u' + Group = 'g' IAM = 'i' ) -- 2.45.2 From 670c74610b2907ad642b98467d83f8b15893e789 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 12 Apr 2024 19:18:46 +0300 Subject: [PATCH 2/3] [#xxxx] policy: Hash entity name to support large namespaces Namespace is a part of entity name, so it should be hashed in order to fit neo-go storage key. Signed-off-by: Alex Vanin --- policy/policy_contract.go | 4 ++++ tests/policy_test.go | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/policy/policy_contract.go b/policy/policy_contract.go index 39bb0ce..9d84eeb 100644 --- a/policy/policy_contract.go +++ b/policy/policy_contract.go @@ -4,6 +4,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-contract/common" "github.com/nspcc-dev/neo-go/pkg/interop" "github.com/nspcc-dev/neo-go/pkg/interop/iterator" + "github.com/nspcc-dev/neo-go/pkg/interop/native/crypto" "github.com/nspcc-dev/neo-go/pkg/interop/native/management" "github.com/nspcc-dev/neo-go/pkg/interop/runtime" "github.com/nspcc-dev/neo-go/pkg/interop/storage" @@ -107,6 +108,9 @@ func storageKey(prefix Kind, counter int, name []byte) []byte { } func mapKey(kind Kind, name []byte) []byte { + if len(name) > 0 { + name = crypto.Sha256(name) + } return append([]byte{mappingKeyPrefix, byte(kind)}, name...) } diff --git a/tests/policy_test.go b/tests/policy_test.go index 6690a1a..e7fd489 100644 --- a/tests/policy_test.go +++ b/tests/policy_test.go @@ -2,6 +2,7 @@ package tests import ( "bytes" + "crypto/sha256" "path" "testing" @@ -185,8 +186,9 @@ func checkTargets(t *testing.T, e *neotest.ContractInvoker, kind byte, expected require.Equal(t, len(expected), len(targets)) for i := range expected { + exp := sha256.Sum256(expected[i]) bytesTargets, err := targets[i].TryBytes() require.NoError(t, err) - require.Equal(t, expected[i], bytesTargets) + require.Equal(t, exp[:], bytesTargets) } } -- 2.45.2 From 4022e3b6c3cf3b2da1b66714fe5ea2fadd7787e7 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 12 Apr 2024 19:22:44 +0300 Subject: [PATCH 3/3] [#xxxx] policy: Test very large entity name Signed-off-by: Alex Vanin --- tests/policy_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/policy_test.go b/tests/policy_test.go index e7fd489..ea72f73 100644 --- a/tests/policy_test.go +++ b/tests/policy_test.go @@ -100,6 +100,12 @@ func TestPolicy(t *testing.T) { checkTargets(t, e, policy.Namespace, [][]byte{[]byte("mynamespace")}) checkTargets(t, e, policy.Container, [][]byte{[]byte("cnr1")}) }) + + t.Run("large entityname", func(t *testing.T) { + largeEntityName := "thisisverylargeentitynamethatcontainverylargenamespaceanduseraddress" + e.Invoke(t, stackitem.Null{}, "addChain", policy.User, largeEntityName, "s3:somerule", p1) + checkTargets(t, e, policy.User, [][]byte{[]byte(largeEntityName)}) + }) } func TestAutorization(t *testing.T) { -- 2.45.2