APE: Allow clients to set chain id #803

New issue

Closed

opened 2023-11-14 12:44:27 +00:00 by dkirillov · 4 comments

dkirillov commented

2023-11-14 12:44:27 +00:00

Member

The PR #770 has introduced the control api to set chain rules. But it's not allowed to set chain id explicitly (now it's being generated in node).

In some cases this isn't convenient. For example IAM operates policy names and it would be nice to form chain ID deterministically. Current approach (generating id in node) makes hard to save mapping between policy name and chain ID in IAM because from node to node the chain ID for the same policy can differ.

/cc @alexvanin

The PR #770 has introduced the control api to set chain rules. But it's not allowed to set chain id explicitly (now [it's being generated](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/8088063195f971d10ad7bb7bf5497b214000c5ec/pkg/services/control/server/policy_engine.go#L35-L37) in node). In some cases this isn't convenient. For example `IAM` operates policy names and it would be nice to form chain ID deterministically. Current approach (generating id in node) makes hard to save mapping between policy name and chain ID in IAM because from node to node the chain ID for the same policy can differ. /cc @alexvanin

dkirillov added the

triage

label 2023-11-14 12:44:27 +00:00

fyrchik added

frostfs-node

and removed

triage

labels 2023-11-14 13:16:14 +00:00

fyrchik commented

2023-11-14 13:18:16 +00:00

Owner

Control API implementation is an internal detail, nothing should depend on it.
For all other cases we have smartcontract, where arbitrary chain id can be used.
What is your usecase?

Control API implementation is an internal detail, nothing should depend on it. For all other cases we have smartcontract, where arbitrary chain id can be used. What is your usecase?

dkirillov commented

2023-11-15 06:35:50 +00:00

Author

Member

I thought we want set policy as fast as possible, so we use control API in s3-gw and node to set policy (that after that be synced with contract in background). Or should we always use contract excplicitly?

fyrchik commented

2023-11-15 07:02:29 +00:00

Owner

Node can be used to set policies for the container (similarly to set-eacl), but this should be done via container service, not control.
Rules set via the control service are for local use only, they are not propagated.

Node can be used to set policies for the container (similarly to set-eacl), but this should be done via container service, not control. Rules set via the control service are for local use only, they are not propagated.

fyrchik added this to the v0.38.0 milestone 2023-11-17 13:42:35 +00:00

dkirillov referenced this issue

2023-12-04 08:04:47 +00:00

Revise Control API for local override managing #839

aarifullin commented

2023-12-11 08:18:08 +00:00

Member

Please, refer to this spec.

You can set a chain ID before a serialization and then set the serialized bytes to the request body.

Please, refer to this [spec](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/ec747c217ce73cd4fcd11773e5c5d29a0de37075/pkg/services/control/service.proto#L427-L430). You can set a chain ID before a [serialization](https://git.frostfs.info/TrueCloudLab/policy-engine/src/branch/master/pkg/chain/chain.go#L21) and then set the serialized bytes to the request [body](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/ec747c217ce73cd4fcd11773e5c5d29a0de37075/pkg/services/control/service.proto#L430).