[#155 ] search-service: Fix search with ST

Search should return only objects allowed in static session Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
[#155 ] search-service: Add search with ST test
2023-03-21 16:30:55 +03:00 · 2023-03-21 16:30:55 +03:00
2 changed files with 145 additions and 0 deletions
--- a/pkg/services/object/search/exec.go
+++ b/pkg/services/object/search/exec.go
@ -119,6 +119,7 @@ func (exec *execCtx) generateTraverser(cnr cid.ID) (*placement.Traverser, bool)
 }

 func (exec *execCtx) writeIDList(ids []oid.ID) {
+	ids = exec.filterAllowedObjectIDs(ids)
 	err := exec.prm.writer.WriteIDs(ids)

 	switch {
@ -134,3 +135,17 @@ func (exec *execCtx) writeIDList(ids []oid.ID) {
 		exec.err = nil
 	}
 }
+
+func (exec *execCtx) filterAllowedObjectIDs(objIDs []oid.ID) []oid.ID {
+	sessionToken := exec.prm.common.SessionToken()
+	if sessionToken == nil {
+		return objIDs
+	}
+	result := make([]oid.ID, 0, len(objIDs))
+	for _, objID := range objIDs {
+		if sessionToken.AssertObject(objID) {
+			result = append(result, objID)
+		}
+	}
+	return result
+}
--- a/pkg/services/object/search/search_test.go
+++ b/pkg/services/object/search/search_test.go
@ -9,6 +9,7 @@ import (
 	"strconv"
 	"testing"

+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
 	clientcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client"
 	netmapcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
@ -18,8 +19,12 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
+	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	sessionsdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"github.com/google/uuid"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 )

@ -425,3 +430,128 @@ func TestGetFromPastEpoch(t *testing.T) {
 	require.NoError(t, err)
 	assertContains(ids11, ids12, ids21, ids22)
 }
+
+func TestGetWithSessionToken(t *testing.T) {
+	ctx := context.Background()
+
+	placementDim := []int{2}
+
+	rs := make([]netmap.ReplicaDescriptor, len(placementDim))
+	for i := range placementDim {
+		rs[i].SetNumberOfObjects(uint32(placementDim[i]))
+	}
+
+	var pp netmap.PlacementPolicy
+	pp.AddReplicas(rs...)
+
+	var cnr container.Container
+	cnr.SetPlacementPolicy(pp)
+
+	var id cid.ID
+	container.CalculateID(&id, cnr)
+
+	var addr oid.Address
+	addr.SetContainer(id)
+
+	ns, as := testNodeMatrix(t, placementDim)
+
+	builder := &testPlacementBuilder{
+		vectors: map[string][][]netmap.NodeInfo{
+			addr.EncodeToString(): ns,
+		},
+	}
+
+	localStorage := newTestStorage()
+	localIDs := generateIDs(10)
+	localStorage.addResult(id, localIDs, nil)
+
+	c1 := newTestStorage()
+	ids1 := generateIDs(10)
+	c1.addResult(id, ids1, nil)
+
+	c2 := newTestStorage()
+	ids2 := generateIDs(10)
+	c2.addResult(id, ids2, nil)
+
+	w := new(simpleIDWriter)
+
+	svc := &Service{cfg: new(cfg)}
+	svc.log = test.NewLogger(false)
+	svc.localStorage = localStorage
+
+	const curEpoch = 13
+
+	svc.traverserGenerator = &testTraverserGenerator{
+		c: cnr,
+		b: map[uint64]placement.Builder{
+			curEpoch: builder,
+		},
+	}
+	svc.clientConstructor = &testClientCache{
+		clients: map[string]*testStorage{
+			as[0][0]: c1,
+			as[0][1]: c2,
+		},
+	}
+
+	svc.currentEpochReceiver = testEpochReceiver(curEpoch)
+
+	metaStub := &metaStub{
+		TTL:              5,
+		LimitByObjectIDs: append(append(localIDs[:5], ids1[:5]...), ids2[:5]...),
+		T:                t,
+		Exp:              20,
+		ContainerID:      id,
+	}
+
+	p := Prm{}
+	p.WithContainerID(id)
+	p.SetWriter(w)
+	var err error
+	p.common, err = util.CommonPrmFromV2(metaStub)
+	require.NoError(t, err)
+
+	err = svc.Search(ctx, p)
+	require.NoError(t, err)
+	require.Len(t, w.ids, 15)
+
+	for _, id := range metaStub.LimitByObjectIDs {
+		require.Contains(t, w.ids, id)
+	}
+}
+
+type metaStub struct {
+	TTL              uint32
+	Exp              uint64
+	LimitByObjectIDs []oid.ID
+	T                *testing.T
+	ContainerID      cid.ID
+}
+
+func (m *metaStub) GetMetaHeader() *session.RequestMetaHeader {
+	var result session.RequestMetaHeader
+	result.SetTTL(m.TTL)
+
+	tokenObj := new(sessionsdk.Object)
+	tokenObj.ForVerb(sessionsdk.VerbObjectSearch)
+	tokenObj.LimitByObjects(m.LimitByObjectIDs...)
+	tokenObj.SetID(uuid.New())
+	tokenObj.SetExp(m.Exp)
+	tokenObj.BindContainer(m.ContainerID)
+
+	pubKey := &frostfsecdsa.PublicKey{}
+
+	tokenObj.SetAuthKey(pubKey)
+
+	priv, err := keys.NewPrivateKey()
+	require.NoError(m.T, err)
+
+	require.NoError(m.T, tokenObj.Sign(priv.PrivateKey))
+
+	var token session.Token
+	tokenObj.WriteToV2(&token)
+
+	result.SetSessionToken(&token)
+
+	return &result
+}