WIP: Store hashed entity name in policy contract #87

Draft
alexvanin wants to merge 3 commits from alexvanin/frostfs-contract:after-ug into master
2 changed files with 15 additions and 1 deletions

View file

@ -4,6 +4,7 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-contract/common" "git.frostfs.info/TrueCloudLab/frostfs-contract/common"
"github.com/nspcc-dev/neo-go/pkg/interop" "github.com/nspcc-dev/neo-go/pkg/interop"
"github.com/nspcc-dev/neo-go/pkg/interop/iterator" "github.com/nspcc-dev/neo-go/pkg/interop/iterator"
"github.com/nspcc-dev/neo-go/pkg/interop/native/crypto"
"github.com/nspcc-dev/neo-go/pkg/interop/native/management" "github.com/nspcc-dev/neo-go/pkg/interop/native/management"
"github.com/nspcc-dev/neo-go/pkg/interop/runtime" "github.com/nspcc-dev/neo-go/pkg/interop/runtime"
"github.com/nspcc-dev/neo-go/pkg/interop/storage" "github.com/nspcc-dev/neo-go/pkg/interop/storage"
@ -16,6 +17,8 @@ type Kind byte
const ( const (
Namespace = 'n' Namespace = 'n'
Container = 'c' Container = 'c'
User = 'u'
Group = 'g'
IAM = 'i' IAM = 'i'
) )
@ -105,6 +108,9 @@ func storageKey(prefix Kind, counter int, name []byte) []byte {
} }
func mapKey(kind Kind, name []byte) []byte { func mapKey(kind Kind, name []byte) []byte {
if len(name) > 0 {
Review

Why do we need this check, can it be false?

Why do we need this check, can it be false?
Review

Yes, ListTargets uses mapKey with empty name to iterate all storage keys based on kind prefix.

Yes, `ListTargets` uses `mapKey` with empty name to iterate all storage keys based on kind prefix.
name = crypto.Sha256(name)
}
return append([]byte{mappingKeyPrefix, byte(kind)}, name...) return append([]byte{mappingKeyPrefix, byte(kind)}, name...)
} }

View file

@ -2,6 +2,7 @@ package tests
import ( import (
"bytes" "bytes"
"crypto/sha256"
"path" "path"
"testing" "testing"
@ -99,6 +100,12 @@ func TestPolicy(t *testing.T) {
checkTargets(t, e, policy.Namespace, [][]byte{[]byte("mynamespace")}) checkTargets(t, e, policy.Namespace, [][]byte{[]byte("mynamespace")})
checkTargets(t, e, policy.Container, [][]byte{[]byte("cnr1")}) checkTargets(t, e, policy.Container, [][]byte{[]byte("cnr1")})
}) })
t.Run("large entityname", func(t *testing.T) {
largeEntityName := "thisisverylargeentitynamethatcontainverylargenamespaceanduseraddress"
e.Invoke(t, stackitem.Null{}, "addChain", policy.User, largeEntityName, "s3:somerule", p1)
checkTargets(t, e, policy.User, [][]byte{[]byte(largeEntityName)})
})
} }
func TestAutorization(t *testing.T) { func TestAutorization(t *testing.T) {
@ -185,8 +192,9 @@ func checkTargets(t *testing.T, e *neotest.ContractInvoker, kind byte, expected
require.Equal(t, len(expected), len(targets)) require.Equal(t, len(expected), len(targets))
for i := range expected { for i := range expected {
exp := sha256.Sum256(expected[i])
bytesTargets, err := targets[i].TryBytes() bytesTargets, err := targets[i].TryBytes()
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, expected[i], bytesTargets) require.Equal(t, exp[:], bytesTargets)
} }
} }