[#1002] ir: Add subnet check to the container Put process
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
parent
2245bf85d8
commit
1cee1b8f93
3 changed files with 48 additions and 0 deletions
|
@ -714,6 +714,7 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
|
|||
NeoFSIDClient: neofsIDClient,
|
||||
NetworkState: server.netmapClient,
|
||||
NotaryDisabled: server.sideNotaryConfig.disabled,
|
||||
SubnetClient: subnetClient,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -12,11 +12,13 @@ import (
|
|||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
||||
neofsid "github.com/nspcc-dev/neofs-node/pkg/morph/client/neofsid/wrapper"
|
||||
morphsubnet "github.com/nspcc-dev/neofs-node/pkg/morph/client/subnet"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/event"
|
||||
containerEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/container"
|
||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
|
@ -84,6 +86,12 @@ func (cp *Processor) checkPutContainer(ctx *putContainerContext) error {
|
|||
return fmt.Errorf("invalid binary container: %w", err)
|
||||
}
|
||||
|
||||
// check owner allowance in the subnetwork
|
||||
err = checkSubnet(cp.subnetClient, cnr)
|
||||
if err != nil {
|
||||
return fmt.Errorf("incorrect subnetwork: %w", err)
|
||||
}
|
||||
|
||||
// check native name and zone
|
||||
err = checkNNS(ctx, cnr)
|
||||
if err != nil {
|
||||
|
@ -275,3 +283,36 @@ func checkNNS(ctx *putContainerContext, cnr *containerSDK.Container) error {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkSubnet(subCli *morphsubnet.Client, cnr *containerSDK.Container) error {
|
||||
prm := morphsubnet.UserAllowedPrm{}
|
||||
|
||||
subID := cnr.PlacementPolicy().SubnetID()
|
||||
if subID == nil || subnetid.IsZero(*subID) {
|
||||
return nil
|
||||
}
|
||||
|
||||
rawSubID, err := subID.Marshal()
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not marshal container subnetwork: %w", err)
|
||||
}
|
||||
|
||||
ownerID, err := cnr.OwnerID().Marshal()
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not marshal container ownerID: %w", err)
|
||||
}
|
||||
|
||||
prm.SetID(rawSubID)
|
||||
prm.SetClient(ownerID)
|
||||
|
||||
res, err := subCli.UserAllowed(prm)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not check user in contract: %w", err)
|
||||
}
|
||||
|
||||
if !res.Allowed() {
|
||||
return fmt.Errorf("user is not allowed to create containers in %s subnetwork", subID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/nspcc-dev/neo-go/pkg/core/mempoolevent"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
||||
neofsid "github.com/nspcc-dev/neofs-node/pkg/morph/client/neofsid/wrapper"
|
||||
morphsubnet "github.com/nspcc-dev/neofs-node/pkg/morph/client/subnet"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/event"
|
||||
containerEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/container"
|
||||
"github.com/panjf2000/ants/v2"
|
||||
|
@ -26,6 +27,7 @@ type (
|
|||
alphabetState AlphabetState
|
||||
cnrClient *wrapper.Wrapper // notary must be enabled
|
||||
idClient *neofsid.ClientWrapper
|
||||
subnetClient *morphsubnet.Client
|
||||
netState NetworkState
|
||||
notaryDisabled bool
|
||||
}
|
||||
|
@ -37,6 +39,7 @@ type (
|
|||
AlphabetState AlphabetState
|
||||
ContainerClient *wrapper.Wrapper
|
||||
NeoFSIDClient *neofsid.ClientWrapper
|
||||
SubnetClient *morphsubnet.Client
|
||||
NetworkState NetworkState
|
||||
NotaryDisabled bool
|
||||
}
|
||||
|
@ -72,6 +75,8 @@ func New(p *Params) (*Processor, error) {
|
|||
return nil, errors.New("ir/container: NeoFS ID client is not set")
|
||||
case p.NetworkState == nil:
|
||||
return nil, errors.New("ir/container: network state is not set")
|
||||
case p.SubnetClient == nil:
|
||||
return nil, errors.New("ir/container: subnet client is not set")
|
||||
}
|
||||
|
||||
p.Log.Debug("container worker pool", zap.Int("size", p.PoolSize))
|
||||
|
@ -89,6 +94,7 @@ func New(p *Params) (*Processor, error) {
|
|||
idClient: p.NeoFSIDClient,
|
||||
netState: p.NetworkState,
|
||||
notaryDisabled: p.NotaryDisabled,
|
||||
subnetClient: p.SubnetClient,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue