Compare commits

...

2 commits

Author SHA1 Message Date
97b9d165e6 [#155] search-service: Fix search with ST
Search should return only objects allowed in static session

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-03-21 16:30:55 +03:00
4395a8029e [#155] search-service: Add search with ST test
In case of session token (ST) with object IDs search should
return only objects allowed in static session

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-03-21 16:30:55 +03:00
2 changed files with 145 additions and 0 deletions

View file

@ -119,6 +119,7 @@ func (exec *execCtx) generateTraverser(cnr cid.ID) (*placement.Traverser, bool)
} }
func (exec *execCtx) writeIDList(ids []oid.ID) { func (exec *execCtx) writeIDList(ids []oid.ID) {
ids = exec.filterAllowedObjectIDs(ids)
err := exec.prm.writer.WriteIDs(ids) err := exec.prm.writer.WriteIDs(ids)
switch { switch {
@ -134,3 +135,17 @@ func (exec *execCtx) writeIDList(ids []oid.ID) {
exec.err = nil exec.err = nil
} }
} }
func (exec *execCtx) filterAllowedObjectIDs(objIDs []oid.ID) []oid.ID {
sessionToken := exec.prm.common.SessionToken()
if sessionToken == nil {
return objIDs
}
result := make([]oid.ID, 0, len(objIDs))
for _, objID := range objIDs {
if sessionToken.AssertObject(objID) {
result = append(result, objID)
}
}
return result
}

View file

@ -9,6 +9,7 @@ import (
"strconv" "strconv"
"testing" "testing"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
clientcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client" clientcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client"
netmapcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/netmap" netmapcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/netmap"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
@ -18,8 +19,12 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test" cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id" oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
sessionsdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
"github.com/google/uuid"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -425,3 +430,128 @@ func TestGetFromPastEpoch(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assertContains(ids11, ids12, ids21, ids22) assertContains(ids11, ids12, ids21, ids22)
} }
func TestGetWithSessionToken(t *testing.T) {
ctx := context.Background()
placementDim := []int{2}
rs := make([]netmap.ReplicaDescriptor, len(placementDim))
for i := range placementDim {
rs[i].SetNumberOfObjects(uint32(placementDim[i]))
}
var pp netmap.PlacementPolicy
pp.AddReplicas(rs...)
var cnr container.Container
cnr.SetPlacementPolicy(pp)
var id cid.ID
container.CalculateID(&id, cnr)
var addr oid.Address
addr.SetContainer(id)
ns, as := testNodeMatrix(t, placementDim)
builder := &testPlacementBuilder{
vectors: map[string][][]netmap.NodeInfo{
addr.EncodeToString(): ns,
},
}
localStorage := newTestStorage()
localIDs := generateIDs(10)
localStorage.addResult(id, localIDs, nil)
c1 := newTestStorage()
ids1 := generateIDs(10)
c1.addResult(id, ids1, nil)
c2 := newTestStorage()
ids2 := generateIDs(10)
c2.addResult(id, ids2, nil)
w := new(simpleIDWriter)
svc := &Service{cfg: new(cfg)}
svc.log = test.NewLogger(false)
svc.localStorage = localStorage
const curEpoch = 13
svc.traverserGenerator = &testTraverserGenerator{
c: cnr,
b: map[uint64]placement.Builder{
curEpoch: builder,
},
}
svc.clientConstructor = &testClientCache{
clients: map[string]*testStorage{
as[0][0]: c1,
as[0][1]: c2,
},
}
svc.currentEpochReceiver = testEpochReceiver(curEpoch)
metaStub := &metaStub{
TTL: 5,
LimitByObjectIDs: append(append(localIDs[:5], ids1[:5]...), ids2[:5]...),
T: t,
Exp: 20,
ContainerID: id,
}
p := Prm{}
p.WithContainerID(id)
p.SetWriter(w)
var err error
p.common, err = util.CommonPrmFromV2(metaStub)
require.NoError(t, err)
err = svc.Search(ctx, p)
require.NoError(t, err)
require.Len(t, w.ids, 15)
for _, id := range metaStub.LimitByObjectIDs {
require.Contains(t, w.ids, id)
}
}
type metaStub struct {
TTL uint32
Exp uint64
LimitByObjectIDs []oid.ID
T *testing.T
ContainerID cid.ID
}
func (m *metaStub) GetMetaHeader() *session.RequestMetaHeader {
var result session.RequestMetaHeader
result.SetTTL(m.TTL)
tokenObj := new(sessionsdk.Object)
tokenObj.ForVerb(sessionsdk.VerbObjectSearch)
tokenObj.LimitByObjects(m.LimitByObjectIDs...)
tokenObj.SetID(uuid.New())
tokenObj.SetExp(m.Exp)
tokenObj.BindContainer(m.ContainerID)
pubKey := &frostfsecdsa.PublicKey{}
tokenObj.SetAuthKey(pubKey)
priv, err := keys.NewPrivateKey()
require.NoError(m.T, err)
require.NoError(m.T, tokenObj.Sign(priv.PrivateKey))
var token session.Token
tokenObj.WriteToV2(&token)
result.SetSessionToken(&token)
return &result
}