[#1348] go.mod: Update api-go and sdk-go
All checks were successful
Tests and linters / Run gofumpt (pull_request) Successful in 2m36s
Pre-commit hooks / Pre-commit (pull_request) Successful in 3m3s
Vulncheck / Vulncheck (pull_request) Successful in 2m50s
Tests and linters / Tests (1.22) (pull_request) Successful in 3m3s
DCO action / DCO (pull_request) Successful in 2m47s
Tests and linters / Lint (pull_request) Successful in 3m39s
Tests and linters / Staticcheck (pull_request) Successful in 3m37s
Tests and linters / Tests (1.23) (pull_request) Successful in 3m43s
Build / Build Components (1.22) (pull_request) Successful in 3m32s
Build / Build Components (1.23) (pull_request) Successful in 3m32s
Tests and linters / gopls check (pull_request) Successful in 4m10s
Tests and linters / Tests with -race (pull_request) Successful in 4m16s
All checks were successful
Tests and linters / Run gofumpt (pull_request) Successful in 2m36s
Pre-commit hooks / Pre-commit (pull_request) Successful in 3m3s
Vulncheck / Vulncheck (pull_request) Successful in 2m50s
Tests and linters / Tests (1.22) (pull_request) Successful in 3m3s
DCO action / DCO (pull_request) Successful in 2m47s
Tests and linters / Lint (pull_request) Successful in 3m39s
Tests and linters / Staticcheck (pull_request) Successful in 3m37s
Tests and linters / Tests (1.23) (pull_request) Successful in 3m43s
Build / Build Components (1.22) (pull_request) Successful in 3m32s
Build / Build Components (1.23) (pull_request) Successful in 3m32s
Tests and linters / gopls check (pull_request) Successful in 4m10s
Tests and linters / Tests with -race (pull_request) Successful in 4m16s
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
This commit is contained in:
parent
a685fcdc96
commit
a4fb7f085b
14 changed files with 2 additions and 298 deletions
|
@ -17,7 +17,6 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
||||
containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
||||
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||
|
@ -192,31 +191,6 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
|
|||
return
|
||||
}
|
||||
|
||||
// EACLPrm groups parameters of EACL operation.
|
||||
type EACLPrm struct {
|
||||
Client *client.Client
|
||||
ClientParams client.PrmContainerEACL
|
||||
}
|
||||
|
||||
// EACLRes groups the resulting values of EACL operation.
|
||||
type EACLRes struct {
|
||||
cliRes *client.ResContainerEACL
|
||||
}
|
||||
|
||||
// EACL returns requested eACL table.
|
||||
func (x EACLRes) EACL() eacl.Table {
|
||||
return x.cliRes.Table()
|
||||
}
|
||||
|
||||
// EACL reads eACL table from FrostFS by container ID.
|
||||
//
|
||||
// Returns any error which prevented the operation from completing correctly in error return.
|
||||
func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
|
||||
res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NetworkInfoPrm groups parameters of NetworkInfo operation.
|
||||
type NetworkInfoPrm struct {
|
||||
Client *client.Client
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
package container
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
|
||||
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var getExtendedACLCmd = &cobra.Command{
|
||||
Use: "get-eacl",
|
||||
Short: "Get extended ACL table of container",
|
||||
Long: `Get extended ACL table of container`,
|
||||
Run: func(cmd *cobra.Command, _ []string) {
|
||||
id := parseContainerID(cmd)
|
||||
pk := key.GetOrGenerate(cmd)
|
||||
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
|
||||
|
||||
eaclPrm := internalclient.EACLPrm{
|
||||
Client: cli,
|
||||
ClientParams: client.PrmContainerEACL{
|
||||
ContainerID: &id,
|
||||
},
|
||||
}
|
||||
|
||||
res, err := internalclient.EACL(cmd.Context(), eaclPrm)
|
||||
commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
|
||||
|
||||
eaclTable := res.EACL()
|
||||
|
||||
if containerPathTo == "" {
|
||||
cmd.Println("eACL: ")
|
||||
common.PrettyPrintJSON(cmd, &eaclTable, "eACL")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
var data []byte
|
||||
|
||||
if containerJSON {
|
||||
data, err = eaclTable.MarshalJSON()
|
||||
commonCmd.ExitOnErr(cmd, "can't encode to JSON: %w", err)
|
||||
} else {
|
||||
data, err = eaclTable.Marshal()
|
||||
commonCmd.ExitOnErr(cmd, "can't encode to binary: %w", err)
|
||||
}
|
||||
|
||||
cmd.Println("dumping data to file:", containerPathTo)
|
||||
|
||||
err = os.WriteFile(containerPathTo, data, 0o644)
|
||||
commonCmd.ExitOnErr(cmd, "could not write eACL to file: %w", err)
|
||||
},
|
||||
}
|
||||
|
||||
func initContainerGetEACLCmd() {
|
||||
commonflags.Init(getExtendedACLCmd)
|
||||
|
||||
flags := getExtendedACLCmd.Flags()
|
||||
|
||||
flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
|
||||
flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container (default: binary encoded)")
|
||||
flags.BoolVar(&containerJSON, commonflags.JSON, false, "Encode EACL table in json format")
|
||||
}
|
|
@ -25,7 +25,6 @@ func init() {
|
|||
deleteContainerCmd,
|
||||
listContainerObjectsCmd,
|
||||
getContainerInfoCmd,
|
||||
getExtendedACLCmd,
|
||||
containerNodesCmd,
|
||||
policyPlaygroundCmd,
|
||||
}
|
||||
|
@ -37,7 +36,6 @@ func init() {
|
|||
initContainerDeleteCmd()
|
||||
initContainerListObjectsCmd()
|
||||
initContainerInfoCmd()
|
||||
initContainerGetEACLCmd()
|
||||
initContainerNodesCmd()
|
||||
initContainerPolicyPlaygroundCmd()
|
||||
|
||||
|
|
|
@ -258,10 +258,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
|
|||
return []string{nativeschema.MethodDeleteContainer}, false, nil
|
||||
case "container.get":
|
||||
return []string{nativeschema.MethodGetContainer}, false, nil
|
||||
case "container.setcontainereacl":
|
||||
return []string{nativeschema.MethodSetContainerEACL}, false, nil
|
||||
case "container.getcontainereacl":
|
||||
return []string{nativeschema.MethodGetContainerEACL}, false, nil
|
||||
case "container.list":
|
||||
return []string{nativeschema.MethodListContainers}, false, nil
|
||||
case "container.*":
|
||||
|
@ -269,8 +265,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
|
|||
nativeschema.MethodPutContainer,
|
||||
nativeschema.MethodDeleteContainer,
|
||||
nativeschema.MethodGetContainer,
|
||||
nativeschema.MethodSetContainerEACL,
|
||||
nativeschema.MethodGetContainerEACL,
|
||||
nativeschema.MethodListContainers,
|
||||
}, false, nil
|
||||
default:
|
||||
|
|
4
go.mod
4
go.mod
|
@ -4,12 +4,12 @@ go 1.22
|
|||
|
||||
require (
|
||||
code.gitea.io/sdk/gitea v0.17.1
|
||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240828085308-5e1c6a908f61
|
||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240902111049-c11f50efeccb
|
||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
|
||||
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
|
||||
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
|
||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240827083309-f0b9493ce3f7
|
||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad
|
||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
||||
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
|
||||
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
||||
|
|
BIN
go.sum
BIN
go.sum
Binary file not shown.
|
@ -80,18 +80,3 @@ func (s *Server) List(ctx context.Context, req *containerGRPC.ListRequest) (*con
|
|||
|
||||
return resp.ToGRPCMessage().(*containerGRPC.ListResponse), nil
|
||||
}
|
||||
|
||||
// GetExtendedACL converts gRPC GetExtendedACLRequest message and passes it to internal Container service.
|
||||
func (s *Server) GetExtendedACL(ctx context.Context, req *containerGRPC.GetExtendedACLRequest) (*containerGRPC.GetExtendedACLResponse, error) {
|
||||
getEACLReq := new(container.GetExtendedACLRequest)
|
||||
if err := getEACLReq.FromGRPCMessage(req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resp, err := s.srv.GetExtendedACL(ctx, getEACLReq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return resp.ToGRPCMessage().(*containerGRPC.GetExtendedACLResponse), nil
|
||||
}
|
||||
|
|
|
@ -102,18 +102,6 @@ func (ac *apeChecker) Get(ctx context.Context, req *container.GetRequest) (*cont
|
|||
return ac.next.Get(ctx, req)
|
||||
}
|
||||
|
||||
func (ac *apeChecker) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
||||
ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.GetExtendedACL")
|
||||
defer span.End()
|
||||
|
||||
if err := ac.validateContainerBoundedOperation(ctx, req.GetBody().GetContainerID(), req.GetMetaHeader(), req.GetVerificationHeader(),
|
||||
nativeschema.MethodGetContainerEACL); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return ac.next.GetExtendedACL(ctx, req)
|
||||
}
|
||||
|
||||
func (ac *apeChecker) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
||||
ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.List")
|
||||
defer span.End()
|
||||
|
|
|
@ -49,7 +49,6 @@ func TestAPE(t *testing.T) {
|
|||
t.Run("deny get container by user claim tag", testDenyGetContainerByUserClaimTag)
|
||||
t.Run("deny get container by IP", testDenyGetContainerByIP)
|
||||
t.Run("deny get container by group id", testDenyGetContainerByGroupID)
|
||||
t.Run("deny get container eACL for IR with session token", testDenyGetContainerEACLForIRSessionToken)
|
||||
t.Run("deny put container for others with session token", testDenyPutContainerForOthersSessionToken)
|
||||
t.Run("deny put container, read namespace from frostfsID", testDenyPutContainerReadNamespaceFromFrostfsID)
|
||||
t.Run("deny put container with invlaid namespace", testDenyPutContainerInvalidNamespace)
|
||||
|
@ -663,95 +662,6 @@ func testDenyGetContainerByGroupID(t *testing.T) {
|
|||
require.ErrorAs(t, err, &errAccessDenied)
|
||||
}
|
||||
|
||||
func testDenyGetContainerEACLForIRSessionToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
srv := &srvStub{
|
||||
calls: map[string]int{},
|
||||
}
|
||||
router := inmemory.NewInMemory()
|
||||
contRdr := &containerStub{
|
||||
c: map[cid.ID]*containercore.Container{},
|
||||
}
|
||||
ir := &irStub{
|
||||
keys: [][]byte{},
|
||||
}
|
||||
nm := &netmapStub{}
|
||||
frostfsIDSubjectReader := &frostfsidStub{
|
||||
subjects: map[util.Uint160]*client.Subject{},
|
||||
}
|
||||
apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)
|
||||
|
||||
contID := cidtest.ID()
|
||||
testContainer := containertest.Container()
|
||||
pp := netmap.PlacementPolicy{}
|
||||
require.NoError(t, pp.DecodeString("REP 1"))
|
||||
testContainer.SetPlacementPolicy(pp)
|
||||
contRdr.c[contID] = &containercore.Container{Value: testContainer}
|
||||
|
||||
nm.currentEpoch = 100
|
||||
nm.netmaps = map[uint64]*netmap.NetMap{}
|
||||
var testNetmap netmap.NetMap
|
||||
testNetmap.SetEpoch(nm.currentEpoch)
|
||||
testNetmap.SetNodes([]netmap.NodeInfo{{}})
|
||||
nm.netmaps[nm.currentEpoch] = &testNetmap
|
||||
nm.netmaps[nm.currentEpoch-1] = &testNetmap
|
||||
|
||||
_, _, err := router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.ContainerTarget(contID.EncodeToString()), &chain.Chain{
|
||||
Rules: []chain.Rule{
|
||||
{
|
||||
Status: chain.AccessDenied,
|
||||
Actions: chain.Actions{
|
||||
Names: []string{
|
||||
nativeschema.MethodGetContainerEACL,
|
||||
},
|
||||
},
|
||||
Resources: chain.Resources{
|
||||
Names: []string{
|
||||
fmt.Sprintf(nativeschema.ResourceFormatRootContainer, contID.EncodeToString()),
|
||||
},
|
||||
},
|
||||
Condition: []chain.Condition{
|
||||
{
|
||||
Kind: chain.KindRequest,
|
||||
Key: nativeschema.PropertyKeyActorRole,
|
||||
Value: nativeschema.PropertyValueContainerRoleIR,
|
||||
Op: chain.CondStringEquals,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
req := &container.GetExtendedACLRequest{}
|
||||
req.SetBody(&container.GetExtendedACLRequestBody{})
|
||||
var refContID refs.ContainerID
|
||||
contID.WriteToV2(&refContID)
|
||||
req.GetBody().SetContainerID(&refContID)
|
||||
|
||||
pk, err := keys.NewPrivateKey()
|
||||
require.NoError(t, err)
|
||||
require.NoError(t, signature.SignServiceMessage(&pk.PrivateKey, req))
|
||||
|
||||
sessionPK, err := keys.NewPrivateKey()
|
||||
require.NoError(t, err)
|
||||
sToken := sessiontest.ContainerSigned()
|
||||
sToken.ApplyOnlyTo(contID)
|
||||
require.NoError(t, sToken.Sign(sessionPK.PrivateKey))
|
||||
var sTokenV2 session.Token
|
||||
sToken.WriteToV2(&sTokenV2)
|
||||
metaHeader := new(session.RequestMetaHeader)
|
||||
metaHeader.SetSessionToken(&sTokenV2)
|
||||
req.SetMetaHeader(metaHeader)
|
||||
|
||||
ir.keys = append(ir.keys, sessionPK.PublicKey().Bytes())
|
||||
|
||||
resp, err := apeSrv.GetExtendedACL(context.Background(), req)
|
||||
require.Nil(t, resp)
|
||||
var errAccessDenied *apistatus.ObjectAccessDenied
|
||||
require.ErrorAs(t, err, &errAccessDenied)
|
||||
}
|
||||
|
||||
func testDenyPutContainerForOthersSessionToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
srv := &srvStub{
|
||||
|
@ -1164,11 +1074,6 @@ func (s *srvStub) Get(context.Context, *container.GetRequest) (*container.GetRes
|
|||
return &container.GetResponse{}, nil
|
||||
}
|
||||
|
||||
func (s *srvStub) GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
||||
s.calls["GetExtendedACL"]++
|
||||
return &container.GetExtendedACLResponse{}, nil
|
||||
}
|
||||
|
||||
func (s *srvStub) List(context.Context, *container.ListRequest) (*container.ListResponse, error) {
|
||||
s.calls["List"]++
|
||||
return &container.ListResponse{}, nil
|
||||
|
|
|
@ -52,17 +52,6 @@ func (a *auditService) Get(ctx context.Context, req *container.GetRequest) (*con
|
|||
return res, err
|
||||
}
|
||||
|
||||
// GetExtendedACL implements Server.
|
||||
func (a *auditService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
||||
res, err := a.next.GetExtendedACL(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequest(a.log, container_grpc.ContainerService_GetExtendedACL_FullMethodName, req,
|
||||
audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// List implements Server.
|
||||
func (a *auditService) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
||||
res, err := a.next.List(ctx, req)
|
||||
|
|
|
@ -14,7 +14,6 @@ type ServiceExecutor interface {
|
|||
Delete(context.Context, *session.Token, *container.DeleteRequestBody) (*container.DeleteResponseBody, error)
|
||||
Get(context.Context, *container.GetRequestBody) (*container.GetResponseBody, error)
|
||||
List(context.Context, *container.ListRequestBody) (*container.ListResponseBody, error)
|
||||
GetExtendedACL(context.Context, *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error)
|
||||
}
|
||||
|
||||
type executorSvc struct {
|
||||
|
@ -94,16 +93,3 @@ func (s *executorSvc) List(ctx context.Context, req *container.ListRequest) (*co
|
|||
s.respSvc.SetMeta(resp)
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
func (s *executorSvc) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
||||
respBody, err := s.exec.GetExtendedACL(ctx, req.GetBody())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not execute GetEACL request: %w", err)
|
||||
}
|
||||
|
||||
resp := new(container.GetExtendedACLResponse)
|
||||
resp.SetBody(respBody)
|
||||
|
||||
s.respSvc.SetMeta(resp)
|
||||
return resp, nil
|
||||
}
|
||||
|
|
|
@ -201,40 +201,3 @@ func (s *morphExecutor) List(_ context.Context, body *container.ListRequestBody)
|
|||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (s *morphExecutor) GetExtendedACL(_ context.Context, body *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error) {
|
||||
idV2 := body.GetContainerID()
|
||||
if idV2 == nil {
|
||||
return nil, errors.New("missing container ID")
|
||||
}
|
||||
|
||||
var id cid.ID
|
||||
|
||||
err := id.ReadFromV2(*idV2)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
||||
}
|
||||
|
||||
eaclInfo, err := s.rdr.GetEACL(id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var sigV2 refs.Signature
|
||||
eaclInfo.Signature.WriteToV2(&sigV2)
|
||||
|
||||
var tokV2 *sessionV2.Token
|
||||
|
||||
if eaclInfo.Session != nil {
|
||||
tokV2 = new(sessionV2.Token)
|
||||
|
||||
eaclInfo.Session.WriteToV2(tokV2)
|
||||
}
|
||||
|
||||
res := new(container.GetExtendedACLResponseBody)
|
||||
res.SetEACL(eaclInfo.Value.ToV2())
|
||||
res.SetSignature(&sigV2)
|
||||
res.SetSessionToken(tokV2)
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
|
|
@ -12,5 +12,4 @@ type Server interface {
|
|||
Get(context.Context, *container.GetRequest) (*container.GetResponse, error)
|
||||
Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error)
|
||||
List(context.Context, *container.ListRequest) (*container.ListResponse, error)
|
||||
GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error)
|
||||
}
|
||||
|
|
|
@ -56,12 +56,3 @@ func (s *signService) List(ctx context.Context, req *container.ListRequest) (*co
|
|||
resp, err := util.EnsureNonNilResponse(s.svc.List(ctx, req))
|
||||
return resp, s.sigSvc.SignResponse(resp, err)
|
||||
}
|
||||
|
||||
func (s *signService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
||||
if err := s.sigSvc.VerifyRequest(req); err != nil {
|
||||
resp := new(container.GetExtendedACLResponse)
|
||||
return resp, s.sigSvc.SignResponse(resp, err)
|
||||
}
|
||||
resp, err := util.EnsureNonNilResponse(s.svc.GetExtendedACL(ctx, req))
|
||||
return resp, s.sigSvc.SignResponse(resp, err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue