[#793] adm: Always use committee as FrostFS ID owner

Committee should be able to authorize everything, there are no other
usecases for the frostfs-adm currently. Also, it somewhat eases
configuration, because committee hash depends on the protocol
configuration.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
Evgenii Stratonikov 2023-11-13 12:41:40 +03:00 committed by Evgenii Stratonikov
parent f871f5cc6c
commit c1ec6e33b4
3 changed files with 12 additions and 7 deletions

View file

@ -13,8 +13,9 @@ import (
// neo-go doesn't support []util.Uint160 type: // neo-go doesn't support []util.Uint160 type:
// https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262 // https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262
// Thus, return []smartcontract.Parameter. // Thus, return []smartcontract.Parameter.
func getFrostfsIDAuthorizedKeys(v *viper.Viper) ([]smartcontract.Parameter, error) { func getFrostfsIDAuthorizedKeys(v *viper.Viper, defaultOwner util.Uint160) ([]smartcontract.Parameter, error) {
var res []smartcontract.Parameter var res []smartcontract.Parameter
res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: defaultOwner})
ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey) ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey)
for i := range ks { for i := range ks {

View file

@ -7,6 +7,7 @@ import (
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neo-go/pkg/encoding/address" "github.com/nspcc-dev/neo-go/pkg/encoding/address"
"github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/smartcontract"
"github.com/nspcc-dev/neo-go/pkg/util"
"github.com/spf13/viper" "github.com/spf13/viper"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -27,19 +28,22 @@ func TestFrostfsIDConfig(t *testing.T) {
hex.EncodeToString(pks[3].PublicKey().Bytes()), hex.EncodeToString(pks[3].PublicKey().Bytes()),
}) })
actual, err := getFrostfsIDAuthorizedKeys(v) comm := util.Uint160{1, 2, 3}
actual, err := getFrostfsIDAuthorizedKeys(v, comm)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, len(pks), len(actual)) require.Equal(t, len(pks)+1, len(actual))
require.Equal(t, smartcontract.Hash160Type, actual[0].Type)
require.Equal(t, comm, actual[0].Value)
for i := range pks { for i := range pks {
require.Equal(t, smartcontract.Hash160Type, actual[i].Type) require.Equal(t, smartcontract.Hash160Type, actual[i+1].Type)
require.Equal(t, pks[i].GetScriptHash(), actual[i].Value) require.Equal(t, pks[i].GetScriptHash(), actual[i+1].Value)
} }
t.Run("bad key", func(t *testing.T) { t.Run("bad key", func(t *testing.T) {
v := viper.New() v := viper.New()
v.Set("frostfsid.authorized_keys", []string{"abc"}) v.Set("frostfsid.authorized_keys", []string{"abc"})
_, err := getFrostfsIDAuthorizedKeys(v) _, err := getFrostfsIDAuthorizedKeys(v, comm)
require.Error(t, err) require.Error(t, err)
}) })
} }

View file

@ -538,7 +538,7 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an
nnsCs.Hash, nnsCs.Hash,
"container") "container")
case frostfsIDContract: case frostfsIDContract:
hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper()) hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper(), c.CommitteeAcc.PublicKey().GetScriptHash())
if err != nil { if err != nil {
panic(err) panic(err)
} }