In previous implementation parent object header finalized twice in size
limiter + formatter. On the one hand, this added redundant action, on the
other hand, it could provoke a difference in the headers of the linking and
the last part. Change formatter to finalize parent header if it does not
container the signature. Change size limiter to reuse parent header after
last child finalization in linking child.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation eACL validator didn't take into account container
and object ID fields of request bodies.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Every unknown error must not decrease shortage counter and must not
exclude faulty node from the node list, because this list will be used
later for replication.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With the update of the local storage engine, the headers of virtual objects
are directly given. In this regard, the step with obtaining the the right
child header is removed.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation linking object inherited only ID of the parent
object. From now it inherits full header like last child.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation child objects inherited parent attributes after
split-transformation, which was redundant. From now attributes are not
inherited.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation placement traverser processed incorrectly with
local placement build. Also entity incorrectly traversed the placement
vectors for fixed number read operations until success. The erroneous
behavior was due to the use of a vector number of successes instead of
a scalar number in these scenarios.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
With updated specification of object related operation
we don't have this search attribute any more and we
should not use functions related to this attribute.
This commit breaks object service logic, however it will
be fixed later.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
ErrEACLNotFound error was defined in implementation package. EACL validator
checked this error after the call of eACL storage interface method. Replace
ErrEACLNotFound to core container library. in order to: on the one hand not
use an implementation error, on the other hand, to be able to reuse a
generic type error (404).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Now morph library returns error if there is not eACL in
sidechain storage. However in this case eACL check should
be passed since it is the same as having empty eACL table.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Sticky bit checks if object owner and request owner are the
same. Container owner should not used in this check.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
`owner` field may be misused as request sender owner, however
it is a owner of a container for that request. New naming
should be clear.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Define ErrRelationNotFound error in searchsvc package. Return
ErrRelationNotFound from RelationSearcher.SearchRelation method if search
result is empty.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Refactored pkg/netmap package provides JSON converters for
NodeInfo and PlacementPolicy structures, that has been used
by client applications.
It also updates Node structure itself so it is a part of
grpc <-> v2 <-> pkg conversion chain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Replace meta Bucket with meta.DB instance in local storage implementation.
Adopt all dependent components to new local storage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call CheckFormat function in container.Put handler for conducting initial
checks of the structure that are not performed by the smart contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Policer to call AddTask method of Replicator when an insufficient
number of copies of an object is detected in the container.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement Replicator service that performs background work to replicate
local object to remote nodes in the container. Replicator is going to be
used by Policer.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
If bearer token is presented in the request then check
if it is a valid one and then use it to process extended
ACL checks.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Malicious user can stole public session key and use
it by sending request from it's own scope. To prevent
this each session token is signed and signature private
key must be corresponded with owner id in token. Therefore
malicious node cannot impersonate request without private
key to sign token.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Implement Policer service that performs background work to check compliance
with the placement policy for local objects in the container. In the initial
implementation, the selection of the working queue of objects is
simplified, and there is no transfer of the result to the replicator.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>