As it explained in previous commit, session token also should
be presented in original meta header but can be omitted in higher
layers.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Request meta headers are organized in a layers, where
upper layers re-sign down layers. Bearer token should be
a part of original meta header and it can be omitted in
upper layers. Therefore we need to traverse over linked list
of meta header to the original meta header to get bearer token.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
`eACL` method of `Container` contract returns structure with 4 fields (the
4th is a recently added binary session token).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Change expected event items to 4 in order to support new binary session
token item. Parsing of the session token will be implemented later.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
All client wrappers should use underlying static client with enabled notary
work mode in order to produce invocations of notary contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Some of the client wrapper's methods should produce notary contract's
invocations. In previous implementation all wrappers provided separate
methods to do it. Since notary and non-notary invocation scenarios have very
different goals, it makes sense to separate the scenarios of using the
client wrapper at the stage of its creation.
Define `Option` constructor for container client wrapper. Add `TryNotary`
option which enables tries of the notary invocations on underlying static
client. Mark all notary-dedicated methods as deprecated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There are two scenarios of invocation of contract methods:
1. do not invoke notary contract;
2. try to invoke notary contract if it is enabled in Client.
Taking this into account, `StaticClient` can work in one of the two described
modes. Based on this, it makes sense at the stage of creating `StaticClient`
to fix the call mode, and the further abstract from it.
Define `StaticClientOption` setters of `StaticClient` optional parameters.
Add `TryNotary` constructor of option which enables notary tries. Call
`NotaryInvoke` on underlying `Client` if the option is provided, otherwise
call `Invoke`. Mark `NotaryInvoke` method of `StaticClient` as deprecated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Pass session token (byte array) and bind key flag (boolean) arguments to
`Put` method call of `Container` contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Change expected event items to 4 in order to support new binary session
token item. Parsing of the session token will be implemented later.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Owner identifier can be calculated from public key. If it matches, no
additional verification of key ownership is required.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.
Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `Delete` method on the wrapper over the Container contract's client
directly from `Processor.approveDeleteContainer`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Delete` method of the wrapper over Container contract's client to accept
two binary parameters: container ID and signature. Create `Delete` function
similar to the previous `Delete` variation, but accepting `Signature`
structure instead of binary signature. Use this function in Container
service server in the place where `Delete` method was used.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `Put` method on the wrapper over the Container contract's client
directly from `Processor.approvePutContainer`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Put` method of the wrapper over the Container contract's client does not
modify passed binary container, so it makes no sense to calculate the
identifier.
`Put` method returns the error only from now. Function `Put` calculates
identifier itself since it is still required by function signature.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Put` method of the wrapper over Container contract's client to accept
three binary parameters: container, key and signature. Create `Put` function
similar to the previous `Put` variation, but accepting `Signature`
structure instead of binary key and signature. Use this function in
Container service server in the place where `Put` method was used.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Split up `processContainerPut` and `processContainerDelete` methods of
container `Processor` into two sub-methods: checking the event and its
assertion.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Morph event structures defined in `pkg/morph/event` should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side.
Change data type of `Put.PublicKey` return to byte slice. `ParsePut` doesn't
unmarshal public key from now.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `setEACL` notification event parser (handler) to the return of the
`ListenerParsers` (`ListenerHandlers`) method. Read address of NeoFS ID
contract from `contracts.neofsid` config. Implement `NewNeoFSIDClient`
constructor in `invoke` package and use it in IR application.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Pre-allocate slices for a known number of elements. Use single `ParserInfo`
/ `HandlerInfo` variable in order to set Container contracts's address once
and change only values that differ between events.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `SetEACL` structure of eACL table change notification from Container
contract. Implement function which parses `SetEACL` event structure from
stack item list.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent changes argument list of set eACL call of Container contract
client was extended with binary public key. In the future there will be a
need to pass the table in binary format.
Replace `PutEACL` method with `PutEACLBinary` one which accepts three binary
parameters: eACL table, key and signature. Create `PutEACL` function similar
to the removed method, but accepting `Signature` structure instead of just
a signature. Use this function in Container service server in the place
where `PutEACL` was used.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `SetEACLArgs.SetPublicKey` method which sets binary public key argument
of the "set eACL" contract call. Attach key to the `Invoke` call.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
If object to be inhumed is root we need to continue first traverse over the
shards. In case when several children are stored in different shards,
inhuming object in a single shard leads to appearance of inhumed object in
subsequent selections. Also, any object can be already inhumed, and this
case is equivalent to successful inhume.
Do not fail on `object.ErrAlreadyRemoved` error. Continue first iterating
over shards if we detected root object (`SplitInfoError`).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Write unit tests of `StorageEngine.Inhume` which assert that inhumed objects
don't appear in `Select` result.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
