Split read and write MFA managers

Signed-off-by: Alex Vanin <a.vanin@yadro.com>

mfa/mfa.go

@@ -22,8 +22,14 @@ type (
 	// and KeyStore interface to encode and decode OTP keys inside FrostFS
 	// objects.
 	Manager struct {
-		storage   Storage
-		unlocker  KeyStore
+		ReadManager
+		storage  Storage
+		unlocker KeyStore
+	}
+
+	ReadManager struct {
+		storage   StorageReader
+		unlocker  KeyStoreReader
 		container cid.ID
 		logger    *zap.Logger
 	}
@@ -31,13 +37,17 @@ type (
 	// KeyStore is an interface for Manager to provide keys to encode and decode
 	// OTP keys of MFA devices.
 	KeyStore interface {
-		// PrivateKey returns private key of this Manager.
-		PrivateKey() *keys.PrivateKey
+		KeyStoreReader
 		// PublicKeys returns list of public keys for all managers, including
 		// this Manager.
 		PublicKeys() []*keys.PublicKey
 	}
 
+	KeyStoreReader interface {
+		// PrivateKey returns private key of this Manager.
+		PrivateKey() *keys.PrivateKey
+	}
+
 	// Config contains parameters for Manager constructor.
 	Config struct {
 		Storage   Storage
@@ -45,6 +55,13 @@ type (
 		Container cid.ID
 		Logger    *zap.Logger
 	}
+
+	ReadConfig struct {
+		Storage   StorageReader
+		Unlocker  KeyStoreReader
+		Container cid.ID
+		Logger    *zap.Logger
+	}
 )
 
 // NewManager creates new instance of Manager.
@@ -60,9 +77,32 @@ func NewManager(cfg Config) (*Manager, error) {
 	}
 
 	return &Manager{
+		ReadManager: ReadManager{
+			storage:   cfg.Storage,
+			unlocker:  cfg.Unlocker,
+			container: cfg.Container,
+			logger:    cfg.Logger,
+		},
+		storage:  cfg.Storage,
+		unlocker: cfg.Unlocker,
+	}, nil
+}
+
+func NewReadManager(cfg ReadConfig) (*ReadManager, error) {
+	if cfg.Storage == nil {
+		return nil, errors.New("mfa storage is nil")
+	}
+	if cfg.Logger == nil {
+		return nil, errors.New("mfa logger is nil")
+	}
+	if cfg.Unlocker == nil {
+		return nil, errors.New("mfa key store is nil")
+	}
+
+	return &ReadManager{
 		storage:   cfg.Storage,
-		container: cfg.Container,
 		unlocker:  cfg.Unlocker,
+		container: cfg.Container,
 		logger:    cfg.Logger,
 	}, nil
 }
@@ -83,7 +123,7 @@ func (m *Manager) CreateMFADevice(ctx context.Context, device SecretDevice) erro
 }
 
 // GetMFADevice returns decoded MFA device from MFA container.
-func (m *Manager) GetMFADevice(ctx context.Context, ns, mfaName string) (*SecretDevice, error) {
+func (m *ReadManager) GetMFADevice(ctx context.Context, ns, mfaName string) (*SecretDevice, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "mfa.GetMFADevice")
 	defer span.End()
 
@@ -133,7 +173,7 @@ func (m *Manager) GetMFADevice(ctx context.Context, ns, mfaName string) (*Secret
 }
 
 // GetTinyMFADevice returns MFA device metadata without OTP key from the tree of MFA container.
-func (m *Manager) GetTinyMFADevice(ctx context.Context, ns, mfaName string) (*Device, error) {
+func (m *ReadManager) GetTinyMFADevice(ctx context.Context, ns, mfaName string) (*Device, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "mfa.GetTinyMFADevice")
 	defer span.End()
 
@@ -151,7 +191,7 @@ func (m *Manager) GetTinyMFADevice(ctx context.Context, ns, mfaName string) (*De
 }
 
 // ListMFADevices lists all available MFA device metadata with specified device namespace from the tree of MFA container.
-func (m *Manager) ListMFADevices(ctx context.Context, ns string) ([]*Device, error) {
+func (m *ReadManager) ListMFADevices(ctx context.Context, ns string) ([]*Device, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "mfa.ListMFADevices")
 	defer span.End()
 
@@ -164,7 +204,7 @@ func (m *Manager) ListMFADevices(ctx context.Context, ns string) ([]*Device, err
 }
 
 // ListAllMFADevices lists all available MFA device metadata from the tree of MFA container.
-func (m *Manager) ListAllMFADevices(ctx context.Context) ([]*Device, error) {
+func (m *ReadManager) ListAllMFADevices(ctx context.Context) ([]*Device, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "mfa.ListAllMFADevices")
 	defer span.End()
 
@@ -327,7 +367,7 @@ func (m *Manager) putMFADevice(ctx context.Context, device SecretDevice) error {
 	return nil
 }
 
-func (m *Manager) formDevices(list []*TreeNode) ([]*Device, error) {
+func (m *ReadManager) formDevices(list []*TreeNode) ([]*Device, error) {
 	res := make([]*Device, 0, len(list))
 	for _, item := range list {
 		dev, err := newDevice(item)

mfa/storage.go

@@ -13,19 +13,23 @@ type (
 	// Storage is an interface for Manager to manage FrostFS objects
 	// and metadata in tree service.
 	Storage interface {
+		StorageReader
 		// CreateObject creates new FrostFS object.
 		CreateObject(context.Context, PrmObjectCreate) (oid.ID, error)
-		// GetObject returns payload of FrostFS object.
-		GetObject(context.Context, oid.Address) ([]byte, error)
 		// DeleteObject deletes FrostFS object.
 		DeleteObject(context.Context, oid.Address) error
 		// SetTreeNode creates or updates specified tree node the tree service and returns updated data.
 		SetTreeNode(ctx context.Context, cnrID cid.ID, name string, meta map[string]string) (*TreeMultiNode, error)
+		// DeleteTreeNode removes all specified tree nodes from the tree and returns copy of it.
+		DeleteTreeNode(ctx context.Context, cnrID cid.ID, name string) ([]*TreeNode, error)
+	}
+
+	StorageReader interface {
+		// GetObject returns payload of FrostFS object.
+		GetObject(context.Context, oid.Address) ([]byte, error)
 		// GetTreeNode returns data about latest and remaining versions of specified tree node.
 		// Must return 'ErrTreeNodeNotFound' if tree does not exist.
 		GetTreeNode(ctx context.Context, cnrID cid.ID, name string) (*TreeMultiNode, error)
-		// DeleteTreeNode removes all specified tree nodes from the tree and returns copy of it.
-		DeleteTreeNode(ctx context.Context, cnrID cid.ID, name string) ([]*TreeNode, error)
 		// GetTreeNodes returns all available tree nodes with specified prefix.
 		GetTreeNodes(ctx context.Context, cnrID cid.ID, prefix string) ([]*TreeNode, error)
 	}