Fix get range hash #906

Merged
fyrchik merged 2 commits from dstepanov-yadro/frostfs-node:fix/get_range_hash_permissions into master 2024-09-04 19:51:05 +00:00

Relates #891

To reproduce on 4 node cluster:

  1. create container with REP 1 IN X CBF 1 SELECT 1 FROM * AS X and put object
  2. try to get range hash (frostfs-cli object hash --range ...) from different nodes
    The request will be executed successfully on only one node (container node). Other requests will fail with access denied error, because get range hash performs get request signed with node's key.

Now node redirects get range hash request to container node, so all subsequent requests will pass.

Relates #891 To reproduce on 4 node cluster: 1. create container with `REP 1 IN X CBF 1 SELECT 1 FROM * AS X` and put object 2. try to get range hash (`frostfs-cli object hash --range ...`) from different nodes The request will be executed successfully on only one node (container node). Other requests will fail with access denied error, because get range hash performs get request signed with node's key. Now node redirects get range hash request to container node, so all subsequent requests will pass.
dstepanov-yadro requested review from storage-core-committers 2024-01-12 07:32:54 +00:00
dstepanov-yadro requested review from storage-core-developers 2024-01-12 07:32:55 +00:00
fyrchik approved these changes 2024-01-12 08:06:30 +00:00
@ -567,4 +567,8 @@ const (
EngineInterruptProcessingZeroSizeContainers = "interrupt processing zero-size containers"
EngineInterruptProcessingZeroCountContainers = "interrupt processing zero-count containers"
EngineFailedToGetContainerCounters = "failed to get container counters"
GetSvcV2FailedToParseNodeEndpoints = "failed to parse node endpoints"
Owner

Seems like a generic error, don't we have it in other redirect places?

Seems like a generic error, don't we have it in other redirect places?
Author
Member

Nope, traverser ignores it.

Nope, traverser ignores it.
fyrchik marked this conversation as resolved
@ -0,0 +48,4 @@
address oid.Address
}
func (s *Service) needToForwardGetRangeHashRequest(req *objectV2.GetRangeHashRequest) (getRangeForwardParams, error) {
Owner

Is it copied from some other forwarding place? Does it make sense to reuse the code here?

Is it copied from some other forwarding place? Does it make sense to reuse the code here?
Author
Member

Nope

Nope
fyrchik marked this conversation as resolved
@ -0,0 +88,4 @@
if err != nil {
return result, fmt.Errorf("(%T) could not build object placement: %w", s, err)
}
result.containerNodes = distinctBy(placement.FlattenNodes(nodesVector), func(n netmapSDK.NodeInfo) string { return hex.EncodeToString(n.PublicKey()) })
Owner

Why do we need distinct nodes here?

Why do we need distinct nodes here?
Author
Member

For complex selectors node's list may contain duplicates without UNIQUE keyword.

For complex selectors node's list may contain duplicates without `UNIQUE` keyword.
Member

In case of cluster with hundreds nodes, maybe it is better to iterate once via slice from FlattenNodes in forwardGetRangeHashRequest?

In case of cluster with hundreds nodes, maybe it is better to iterate once via slice from `FlattenNodes` in `forwardGetRangeHashRequest`?
Author
Member
  1. I don't think it will be the main problem in case of cluster with hundreds nodes.
  2. Nodes count limited by policy.
1. I don't think it will be the main problem in case of cluster with hundreds nodes. 2. Nodes count limited by policy.
acid-ant approved these changes 2024-01-12 08:33:58 +00:00
aarifullin approved these changes 2024-01-12 08:58:35 +00:00
dstepanov-yadro force-pushed fix/get_range_hash_permissions from 469ef1550f to 52ffa9f164 2024-01-12 10:36:00 +00:00 Compare
fyrchik merged commit 52ffa9f164 into master 2024-01-12 12:06:44 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#906
No description provided.