[#1072 ] Fix issue from govulncheck

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
[#1072 ] node, ir, morph: Set scope None when in upgrade mode
2024-04-04 11:37:53 +03:00 · 2024-04-04 11:24:45 +03:00 · 2024-04-04 11:24:37 +03:00 · 2024-04-04 11:24:27 +03:00
14 changed files with 67 additions and 21 deletions
--- a/cmd/frostfs-ir/config.go
+++ b/cmd/frostfs-ir/config.go
@ -34,6 +34,7 @@ func reloadConfig() error {
 	if err != nil {
 		return err
 	}
+	cmode.Store(cfg.GetBool("node.kludge_compatibility_mode"))
 	err = logPrm.SetLevelString(cfg.GetString("logger.level"))
 	if err != nil {
 		return err
--- a/cmd/frostfs-ir/defaults.go
+++ b/cmd/frostfs-ir/defaults.go
@ -43,6 +43,8 @@ func defaultConfiguration(cfg *viper.Viper) {
 	setControlDefaults(cfg)

 	cfg.SetDefault("governance.disable", false)
+
+	cfg.SetDefault("node.kludge_compatibility_mode", false)
 }

 func setControlDefaults(cfg *viper.Viper) {
--- a/cmd/frostfs-ir/main.go
+++ b/cmd/frostfs-ir/main.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 	"sync"
+	"sync/atomic"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
@ -37,6 +38,7 @@ var (
 	cfg        *viper.Viper
 	configFile *string
 	configDir  *string
+	cmode      = &atomic.Bool{}
 )

 func exitErr(err error) {
@ -62,6 +64,8 @@ func main() {
 	cfg, err = newConfig()
 	exitErr(err)

+	cmode.Store(cfg.GetBool("node.kludge_compatibility_mode"))
+
 	metrics := irMetrics.NewInnerRingMetrics()

 	err = logPrm.SetLevelString(
@ -84,7 +88,7 @@ func main() {
 	metricsCmp = newMetricsComponent()
 	metricsCmp.init()

-	innerRing, err = innerring.New(ctx, log, cfg, intErr, metrics)
+	innerRing, err = innerring.New(ctx, log, cfg, intErr, metrics, cmode)
 	exitErr(err)

 	pprofCmp.start()
--- a/cmd/frostfs-node/config.go
+++ b/cmd/frostfs-node/config.go
@ -109,6 +109,9 @@ type applicationConfiguration struct {
 		lowMem         bool
 		rebuildWorkers uint32
 	}
+
+	// if need to run node in compatibility with other versions mode
+	cmode *atomic.Bool
 }

 type shardCfg struct {
@ -204,10 +207,13 @@ func (a *applicationConfiguration) readConfig(c *config.Config) error {
 		}

 		// clear if it is rereading
+		cmode := a.cmode
 		*a = applicationConfiguration{}
+		a.cmode = cmode
 	}

 	a._read = true
+	a.cmode.Store(nodeconfig.CompatibilityMode(c))

 	// Logger

@ -648,7 +654,11 @@ type cfgControlService struct {
 var persistateSideChainLastBlockKey = []byte("side_chain_last_processed_block")

 func initCfg(appCfg *config.Config) *cfg {
-	c := &cfg{}
+	c := &cfg{
+		applicationConfiguration: applicationConfiguration{
+			cmode: &atomic.Bool{},
+		},
+	}

 	err := c.readConfig(appCfg)
 	if err != nil {
--- a/cmd/frostfs-node/config/node/config.go
+++ b/cmd/frostfs-node/config/node/config.go
@ -292,3 +292,8 @@ func (l PersistentPolicyRulesConfig) Perm() fs.FileMode {
 func (l PersistentPolicyRulesConfig) NoSync() bool {
 	return config.BoolSafe((*config.Config)(l.cfg), "no_sync")
 }
+
+// CompatibilityMode returns true if need to run node in compatibility with previous versions mode.
+func CompatibilityMode(c *config.Config) bool {
+	return config.BoolSafe(c.Sub(subsection), "kludge_compatibility_mode")
+}
--- a/cmd/frostfs-node/morph.go
+++ b/cmd/frostfs-node/morph.go
@ -48,6 +48,7 @@ func initMorphComponents(ctx context.Context, c *cfg) {
 		}),
 		client.WithSwitchInterval(morphconfig.SwitchInterval(c.appCfg)),
 		client.WithMorphCacheMetrics(c.metricsCollector.MorphCacheMetrics()),
+		client.WithCompatibilityMode(c.cmode),
 	)
 	if err != nil {
 		c.log.Info(logs.FrostFSNodeFailedToCreateNeoRPCClient,
--- a/go.mod
+++ b/go.mod
@ -40,8 +40,8 @@ require (
 	go.uber.org/zap v1.26.0
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
 	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.16.0
-	golang.org/x/term v0.16.0
+	golang.org/x/sys v0.18.0
+	golang.org/x/term v0.18.0
 	google.golang.org/grpc v1.61.0
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
@ -121,8 +121,8 @@ require (
 	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.1.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
--- a/go.sum
+++ b/go.sum
@ -316,8 +316,8 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@ -339,8 +339,8 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -375,15 +375,15 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
--- a/pkg/innerring/initialization.go
+++ b/pkg/innerring/initialization.go
@ -462,6 +462,7 @@ func (s *Server) initMorph(ctx context.Context, cfg *viper.Viper, errChan chan<-
 		name:             morphPrefix,
 		from:             fromSideChainBlock,
 		morphCacheMetric: s.irMetrics.MorphCacheMetrics(),
+		cmode:            s.cmode,
 	}

 	// create morph client
--- a/pkg/innerring/innerring.go
+++ b/pkg/innerring/innerring.go
@ -103,6 +103,8 @@ type (
 		// should report start errors
 		// to the application.
 		runners []func(chan<- error) error
+
+		cmode *atomic.Bool
 	}

 	chainParams struct {
@ -113,6 +115,7 @@ type (
 		sgn              *transaction.Signer
 		from             uint32 // block height
 		morphCacheMetric metrics.MorphCacheMetrics
+		cmode            *atomic.Bool
 	}
 )

@ -330,12 +333,13 @@ func (s *Server) registerStarter(f func() error) {

 // New creates instance of inner ring sever structure.
 func New(ctx context.Context, log *logger.Logger, cfg *viper.Viper, errChan chan<- error,
-	metrics *metrics.InnerRingServiceMetrics,
+	metrics *metrics.InnerRingServiceMetrics, cmode *atomic.Bool,
 ) (*Server, error) {
 	var err error
 	server := &Server{
 		log:       log,
 		irMetrics: metrics,
+		cmode:     cmode,
 	}

 	server.sdNotify, err = server.initSdNotify(cfg)
@ -485,6 +489,7 @@ func createClient(ctx context.Context, p *chainParams, errChan chan<- error) (*c
 		}),
 		client.WithSwitchInterval(p.cfg.GetDuration(p.name+".switch_interval")),
 		client.WithMorphCacheMetrics(p.morphCacheMetric),
+		client.WithCompatibilityMode(p.cmode),
 	)
 }

--- a/pkg/local_object_storage/pilorama/heap.go
+++ b/pkg/local_object_storage/pilorama/heap.go
@ -17,6 +17,7 @@ func (h filenameHeap) Swap(i, j int)      { h[i], h[j] = h[j], h[i] }
 func (h *filenameHeap) Push(x any) {
 	*h = append(*h, x.(heapInfo))
 }
+
 func (h *filenameHeap) Pop() any {
 	old := *h
 	n := len(old)
--- a/pkg/morph/client/constructor.go
+++ b/pkg/morph/client/constructor.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"sync/atomic"
 	"time"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
@ -48,6 +49,8 @@ type cfg struct {
 	switchInterval time.Duration

 	morphCacheMetrics metrics.MorphCacheMetrics
+
+	cmode *atomic.Bool
 }

 const (
@ -311,3 +314,11 @@ func WithMorphCacheMetrics(morphCacheMetrics metrics.MorphCacheMetrics) Option {
 		c.morphCacheMetrics = morphCacheMetrics
 	}
 }
+
+// WithCompatibilityMode indicates that Client is working in compatibility mode
+// in this mode we need to keep backward compatibility with services with previous version.
+func WithCompatibilityMode(cmode *atomic.Bool) Option {
+	return func(c *cfg) {
+		c.cmode = cmode
+	}
+}
--- a/pkg/morph/client/notary.go
+++ b/pkg/morph/client/notary.go
@ -566,14 +566,19 @@ func (c *Client) notaryCosigners(invokedByAlpha bool, ir []*keys.PublicKey, comm
 	}
 	s := make([]actor.SignerAccount, 2, 3)
 	// Proxy contract that will pay for the execution.
+	// Do not change this:
+	// We must be able to call NNS contract indirectly from the Container contract.
+	// Thus, CalledByEntry is not sufficient.
+	// In future we may restrict this to all the usecases we have.
+	scopes := transaction.Global
+	if c.cfg.cmode != nil && c.cfg.cmode.Load() {
+		// Set it to None to keep ability to send notary requests during upgrade
+		scopes = transaction.None
+	}
 	s[0] = actor.SignerAccount{
 		Signer: transaction.Signer{
 			Account: c.notary.proxy,
-			// Do not change this:
-			// We must be able to call NNS contract indirectly from the Container contract.
-			// Thus, CalledByEntry is not sufficient.
-			// In future we may restrict this to all the usecases we have.
-			Scopes: transaction.Global,
+			Scopes:  scopes,
 		},
 		Account: notary.FakeContractAccount(c.notary.proxy),
 	}
--- a/pkg/services/tree/getsubtree_test.go
+++ b/pkg/services/tree/getsubtree_test.go
@ -130,7 +130,7 @@ func TestGetSubTreeOrderAsc(t *testing.T) {

 	t.Run("boltdb forest", func(t *testing.T) {
 		p := pilorama.NewBoltForest(pilorama.WithPath(filepath.Join(t.TempDir(), "pilorama")))
-		require.NoError(t, p.Open(context.Background(), 0644))
+		require.NoError(t, p.Open(context.Background(), 0o644))
 		require.NoError(t, p.Init())
 		testGetSubTreeOrderAsc(t, p)
 	})
Author	SHA1	Message	Date
Anton Nikiforov	21caa904f4	[#1072 ] Fix issue from `govulncheck` All checks were successful Vulncheck / Vulncheck (pull_request) Successful in 3m56s Details DCO action / DCO (pull_request) Successful in 4m28s Details Build / Build Components (1.21) (pull_request) Successful in 8m44s Details Tests and linters / Staticcheck (pull_request) Successful in 8m44s Details Build / Build Components (1.20) (pull_request) Successful in 9m58s Details Tests and linters / gopls check (pull_request) Successful in 11m8s Details Tests and linters / Lint (pull_request) Successful in 12m11s Details Tests and linters / Tests (1.20) (pull_request) Successful in 16m28s Details Tests and linters / Tests with -race (pull_request) Successful in 16m26s Details Tests and linters / Tests (1.21) (pull_request) Successful in 16m32s Details Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-04 11:37:53 +03:00
Anton Nikiforov	f74d058c2e	[#1072 ] node, ir, morph: Set scope `None` when in upgrade mode Some checks failed DCO action / DCO (pull_request) Successful in 1m50s Details Build / Build Components (1.21) (pull_request) Successful in 4m25s Details Build / Build Components (1.20) (pull_request) Successful in 4m35s Details Vulncheck / Vulncheck (pull_request) Failing after 3m51s Details Tests and linters / gopls check (pull_request) Successful in 6m0s Details Tests and linters / Staticcheck (pull_request) Successful in 6m6s Details Tests and linters / Lint (pull_request) Successful in 6m42s Details Tests and linters / Tests (1.20) (pull_request) Successful in 8m12s Details Tests and linters / Tests (1.21) (pull_request) Successful in 8m34s Details Tests and linters / Tests with -race (pull_request) Successful in 8m33s Details Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-04 11:24:45 +03:00
Anton Nikiforov	c8ce6e9fe4	[#1072 ] node, ir: Add new config option `kludge_compatibility_mode` Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-04 11:24:37 +03:00
Anton Nikiforov	748da78dc7	[#1072 ] Fix gofumpt issues Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>	2024-04-04 11:24:27 +03:00