Container commands in NeoFS CLI can use signed session token
to create, delete container and change extended ACL table.
This token should be signed the same way we sign bearer tokens.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
containerSessionToken() actually parses any session token.
We can reuse this function to resign session token when it
takes filepath as an argument, instead of public variable.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Container sessions allow to perform some operations on behalf of another
user. There is a need to to attach session tokens to commands.
Add `session` flag to `put`, `delete` and `set-eacl` commands from
`container` section. It should be a path to the JSON-encoded session token.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
When user creates a container using neofs-cli, he can set a pre-defined ACL.
Current keywords are confusing: for example, `public` really means that
everyone can write to the container, while the expectation is just public
visibility. Perform the following renames for a better understanding of the
purpose:
* `readonly` -> `public-read`;
* `public` -> `public-read-write`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define constants for `public`/`private`/`readonly` keywords of predefined
basic ACL values. Use constants instead of repeating string literals.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
To enable TLS support we can't operate with IP addresses directly.
Certificates are issued with host names so it is required to
pass them into RPC client. DNS resolving should be done by transport
layer and not be a part of node. Therefore `IPAddrString` usage is
removed from code.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Add `drop-objects` sub-command to `control` command that drops objects from
the node via `ControlService.DropObjects` API. Address list argument is
passed in NeoFS API string format of the object address.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `--expires-on` flag to `put` sub-command of `object` command that
indicates object's expiration epoch. Set corresponding object attributes if
flag value is set.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `netinfo` sub-cmd of `netmap` cmd that read recent information about
NeoFS network. Info is read via NeoFS API NetmapService.NetworkInfo RPC.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
CLI `storagegroup put` cmd collects information about SG members via NeoFS
API ObjectService.Head RPC in order to compose SG structure. Bearer token
attached to the call was not used in communication, which could lead to data
access problems. These changes fix the described problem.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Consider single word of search filter expression as path to file with
protobuf JSON filters. Decode filters from file and add them to the rest.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `--filters` flag to be repeated. Define new filter expression format:
* `<key> <binary_op> <value>` for binary filters. Supported binary ops: `EQ` (`STRING_EQUAL`), `NE` (`STRING_NOT_EQUAL`).
* `<key> <unary_op>` for unary filters. Supported unary ops: `NOPRESENT` (`NOT_PRESENT`).
Any other string expressions are considered invalid.
Additionally support shorthand flag `-f`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `--bearer` flag to storagegroup command similar to object command.
Attach parsed bearer token to all API requests of storagegroup command.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add locode section to util cmd. Add generate command to locode section for
generating the NeoFS location databases. Add info command to locode section
to work with the entries from NeoFS location database.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Support processing of NetmapEpoch and NetmapLookupDepth X-headers when
processing object read operations. Placement for operations
Get/Head/GetRange/GetRangeHash/Search is built for the epoch specified in
NetmapEpoch X-header (by default latest). Also the specified operations are
processed until success is achieved for network maps from the past up to
NetmapLookupDepth value. Behavior for default values (zero or missing) left
unchanged.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Replace GetEACL call with GetEACLWithSignature one in polling step of
set-eacl command of container CLI.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use GetEACLWithSignature client method in get-eacl cmd of container CLI in
order to print eACL table and signature regardless of their correctness. The
ability to check the correctness of the signature will be added later.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Keyer prints information about private key, public key,
NEO3 Wallet, scripthash. It can generate new private key
or generate multisig address.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Refactored pkg/netmap package provides JSON converters for
NodeInfo and PlacementPolicy structures, that has been used
by client applications.
It also updates Node structure itself so it is a part of
grpc <-> v2 <-> pkg conversion chain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With `--owner` argument user can look for balances of other
nodes by knowing their owner ID which is NEO3 compatible
address.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
In the following release `neofs-cli` will be used to directly manage NeoFS Node.
All required definitions and interfaces are also moving from `neofs-api` to
`neofs-node` repository, so it's more convinient to have `neofs-cli` here.
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
