Do not allow to create container without FrostFSID record #1278

Merged
fyrchik merged 2 commits from dstepanov-yadro/frostfs-node:fix/undefined_wallet_container_creation into master 2024-09-04 19:51:10 +00:00

Now anonymous user can create container, we should restrict container creation to registered users only.

Before fix: container created with generated wallet.

After fix:

  1. IR log:
июл 29 08:20:43 dstepanov-node1 frostfs-ir[91030]: 2024-07-29T08:20:43.329Z        error        container/process_container.go:51        put container check failed        {"error": "NNS: could not get subject from FrostfsID contract: could not perform test invocation (getSubject): frostfs error: chain/client: contract execution finished with state FAULT; exception: at instruction 2231 (THROW): unhandled exception: \"subject not found\""}
  1. frostfs-cli output:
service@dstepanov-node1[alone_datacenter]:~$ frostfs-cli -r 127.0.0.1:8080 container create -w anonon1.json --name out1 --policy "REP 2 IN X CBF 2 SELECT 2 FROM * AS X" --await
Enter password > 
CID: DXa2bUxrHab1XSHYAEcen9Bfqtx8nChYw3YZjN69hyy4
awaiting...
timeout: container has not been persisted on sidechain
Now anonymous user can create container, we should restrict container creation to registered users only. Before fix: container created with generated wallet. After fix: 1. IR log: ``` июл 29 08:20:43 dstepanov-node1 frostfs-ir[91030]: 2024-07-29T08:20:43.329Z error container/process_container.go:51 put container check failed {"error": "NNS: could not get subject from FrostfsID contract: could not perform test invocation (getSubject): frostfs error: chain/client: contract execution finished with state FAULT; exception: at instruction 2231 (THROW): unhandled exception: \"subject not found\""} ``` 2. frostfs-cli output: ``` service@dstepanov-node1[alone_datacenter]:~$ frostfs-cli -r 127.0.0.1:8080 container create -w anonon1.json --name out1 --policy "REP 2 IN X CBF 2 SELECT 2 FROM * AS X" --await Enter password > CID: DXa2bUxrHab1XSHYAEcen9Bfqtx8nChYw3YZjN69hyy4 awaiting... timeout: container has not been persisted on sidechain ```
dstepanov-yadro force-pushed fix/undefined_wallet_container_creation from 40bfab2c87 to 0244292bf8 2024-07-29 08:47:39 +00:00 Compare
dstepanov-yadro force-pushed fix/undefined_wallet_container_creation from 0244292bf8 to c2ac60abf4 2024-07-29 08:50:56 +00:00 Compare
aarifullin reviewed 2024-07-29 08:58:12 +00:00
@ -195,6 +190,11 @@ func (cp *Processor) checkNNS(ctx *putContainerContext, cnr containerSDK.Contain
return fmt.Errorf("could not get subject from FrostfsID contract: %w", err)
}
namespace, hasNamespace := strings.CutSuffix(ctx.d.Zone(), ".ns")
Member
  1. Probably, this also should be done in containersvc.Put method implementation (it also gets frostfsid entry to determine a namespace) - at least, we can return the container creation error immediatly. Otherwise, we'll wait for a while and get only error like that
    timeout: container has not been persisted on sidechain

  2. We need to be prepared that since all anonym wallets' requests to create bucket/container will be rejected - this point is not about to fix something but just a reminder

1. Probably, this also should be done in `containersvc.Put` method implementation (it also gets frostfsid entry to determine a namespace) - at least, we can return the container creation error immediatly. Otherwise, we'll wait for a while and get only error like that `timeout: container has not been persisted on sidechain` 2. We need to be prepared that since all anonym wallets' requests to create bucket/container will be rejected - this point is not about to fix something but just a *reminder*
Owner

Regarding (1) -- if possible, yes, humane user messages are good.
If it is not already implemented for the namespace case, don't bother.

Regarding (1) -- if possible, yes, humane user messages are good. If it is not already implemented for the namespace case, don't bother.
dstepanov-yadro force-pushed fix/undefined_wallet_container_creation from 2320785a75 to 1bb229f10f 2024-07-29 10:14:09 +00:00 Compare
fyrchik approved these changes 2024-07-29 10:16:19 +00:00
dstepanov-yadro requested review from storage-core-committers 2024-07-29 10:19:26 +00:00
dstepanov-yadro requested review from aarifullin 2024-07-29 10:24:25 +00:00
Owner

Please, duplicate this for support/v0.42

Please, duplicate this for `support/v0.42`
achuprov approved these changes 2024-07-29 10:30:19 +00:00
Author
Member

Please, duplicate this for support/v0.42

Sure, after @aarifullin 's approve

> Please, duplicate this for `support/v0.42` Sure, after @aarifullin 's approve
dstepanov-yadro force-pushed fix/undefined_wallet_container_creation from 1bb229f10f to 7e04083c27 2024-07-29 13:01:57 +00:00 Compare
aarifullin approved these changes 2024-07-29 13:45:30 +00:00
fyrchik merged commit 7e04083c27 into master 2024-07-29 13:46:12 +00:00
Sign in to join this conversation.
No reviewers
TrueCloudLab/storage-core-committers
No milestone
No project
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#1278
No description provided.