TrueCloudLab/frostfs-node
20
1
Fork 27
Code Issues 100 Pull requests 4 Projects Releases 1 Activity Actions

[#1477] ape: Fix EC chunk test
All checks were successful
Tests and linters / Run gofumpt (pull_request) Successful in 1m33s
Details
DCO action / DCO (pull_request) Successful in 1m46s
Details
Vulncheck / Vulncheck (pull_request) Successful in 2m16s
Details
Pre-commit hooks / Pre-commit (pull_request) Successful in 2m35s
Details
Build / Build Components (pull_request) Successful in 2m50s
Details
Tests and linters / Staticcheck (pull_request) Successful in 3m1s
Details
Tests and linters / gopls check (pull_request) Successful in 3m6s
Details
Tests and linters / Lint (pull_request) Successful in 3m53s
Details
Tests and linters / Tests (pull_request) Successful in 4m43s
Details
Tests and linters / Tests with -race (pull_request) Successful in 6m18s
Details

Browse source 
Initially, this test was a check that only the container node can
assemble an EC object. But the implementation of this test was wrong.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
Dmitrii Stepanov 2024-11-07 16:00:20 +03:00
parent c8fb154151
commit ef64930fef
Signed by: dstepanov-yadro
GPG key ID: 237AF1A763293BC0
1 changed files with 33 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
pkg/services/object/ape/checker_test.go
View file

@ -652,7 +652,7 @@ func (s *testContainerSource) DeletionInfo(cid.ID) (*container.DelInfo, error) {
return nil, nil return nil, nil
} }
func TestPutECChunk(t *testing.T) { func TestGetECChunk(t *testing.T) {
headerProvider := newHeaderProviderMock() headerProvider := newHeaderProviderMock()
frostfsidProvider := newFrostfsIDProviderMock(t) frostfsidProvider := newFrostfsIDProviderMock(t)
@ -666,11 +666,10 @@ func TestPutECChunk(t *testing.T) {
Rules: []chain.Rule{ Rules: []chain.Rule{
{ {
Status: chain.AccessDenied, Status: chain.AccessDenied,
Actions: chain.Actions{Names: methodsOptionalOID}, Actions: chain.Actions{Names: methodsRequiredOID},
Resources: chain.Resources{ Resources: chain.Resources{
Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)}, Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)},
}, },
Any: true,
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
@ -680,17 +679,27 @@ func TestPutECChunk(t *testing.T) {
}, },
}, },
}, },
{
Status: chain.Allow,
Actions: chain.Actions{Names: methodsRequiredOID},
Resources: chain.Resources{
Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)},
},
},
}, },
MatchType: chain.MatchTypeFirstMatch,
}) })
node1Key, err := keys.NewPrivateKey() node1Key, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
node1 := netmapSDK.NodeInfo{} node1 := netmapSDK.NodeInfo{}
node1.SetPublicKey(node1Key.PublicKey().Bytes()) node1.SetPublicKey(node1Key.PublicKey().Bytes())
node2Key, err := keys.NewPrivateKey()
require.NoError(t, err)
node2 := netmapSDK.NodeInfo{}
node2.SetPublicKey(node1Key.PublicKey().Bytes())
netmap := &netmapSDK.NetMap{} netmap := &netmapSDK.NetMap{}
netmap.SetEpoch(100) netmap.SetEpoch(100)
netmap.SetNodes([]netmapSDK.NodeInfo{node1}) netmap.SetNodes([]netmapSDK.NodeInfo{node1, node2})
nm := &netmapStub{ nm := &netmapStub{
currentEpoch: 100, currentEpoch: 100,
@ -703,7 +712,7 @@ func TestPutECChunk(t *testing.T) {
cont := containerSDK.Container{} cont := containerSDK.Container{}
cont.Init() cont.Init()
pp := netmapSDK.PlacementPolicy{} pp := netmapSDK.PlacementPolicy{}
require.NoError(t, pp.DecodeString("REP 1")) require.NoError(t, pp.DecodeString("EC 1.1"))
cont.SetPlacementPolicy(pp) cont.SetPlacementPolicy(pp)
cs := &testContainerSource{ cs := &testContainerSource{
containers: map[cid.ID]*container.Container{ containers: map[cid.ID]*container.Container{
@ -719,7 +728,7 @@ func TestPutECChunk(t *testing.T) {
chunkHeader := newHeaderObjectSDK(cnr, obj, nil).ToV2().GetHeader() chunkHeader := newHeaderObjectSDK(cnr, obj, nil).ToV2().GetHeader()
ecHeader := object.ECHeader{ ecHeader := object.ECHeader{
Index: 1, Index: 1,
Total: 5, Total: 2,
Parent: &refs.ObjectID{}, Parent: &refs.ObjectID{},
} }
chunkHeader.SetEC(&ecHeader) chunkHeader.SetEC(&ecHeader)
@ -738,32 +747,33 @@ func TestPutECChunk(t *testing.T) {
}) })
headerProvider.addHeader(cnr, ecParentID, parentHeader) headerProvider.addHeader(cnr, ecParentID, parentHeader)
t.Run("access denied for container node", func(t *testing.T) { // container node requests EC parent headers, so container node denies access by matching attribute key/value
t.Run("access denied on container node", func(t *testing.T) {
prm := Prm{ prm := Prm{
Method: nativeschema.MethodPutObject, Method: nativeschema.MethodGetObject,
Container: cnr, Container: cnr,
Object: obj, Object: obj,
Role: role, Role: role,
SenderKey: senderKey, SenderKey: hex.EncodeToString(node2Key.PublicKey().Bytes()),
Header: chunkHeader, Header: chunkHeader,
SoftAPECheck: true,
} }
err = checker.CheckAPE(context.Background(), prm) err = checker.CheckAPE(context.Background(), prm)
require.Error(t, err) require.Error(t, err)
}) })
t.Run("access allowed for non container node", func(t *testing.T) {
// non container node has no access rights to collect EC parent header, so it uses EC chunk headers
t.Run("access allowed on non container node", func(t *testing.T) {
otherKey, err := keys.NewPrivateKey() otherKey, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
checker = NewChecker(ls, ms, headerProvider, frostfsidProvider, nm, &stMock{}, cs, otherKey.PublicKey().Bytes()) checker = NewChecker(ls, ms, headerProvider, frostfsidProvider, nm, &stMock{}, cs, otherKey.PublicKey().Bytes())
prm := Prm{ prm := Prm{
Method: nativeschema.MethodPutObject, Method: nativeschema.MethodGetObject,
Container: cnr, Container: cnr,
Object: obj, Object: obj,
Role: nativeschema.PropertyValueContainerRoleOthers, Role: nativeschema.PropertyValueContainerRoleOthers,
SenderKey: senderKey, SenderKey: senderKey,
Header: chunkHeader, Header: chunkHeader,
SoftAPECheck: true,
} }
err = checker.CheckAPE(context.Background(), prm) err = checker.CheckAPE(context.Background(), prm)