ape: Validate `chain` fields #937

New issue

Closed

opened 2024-01-29 11:17:51 +00:00 by acid-ant · 1 comment

acid-ant commented

2024-01-29 11:17:51 +00:00

Member

Need to formally validate chain fields - subject, group, namespace and cid on the control service side.
Regexp for validation.

Need to formally validate `chain` fields - subject, group, namespace and cid on the `control` service side. [Regexp](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go#L17-L21) for validation.

acid-ant added the

triage

label 2024-01-29 11:17:51 +00:00

acid-ant self-assigned this 2024-01-29 11:18:00 +00:00

acid-ant referenced this issue

2024-01-29 11:21:44 +00:00

cli: Improve the work with local overrides dispatched to a node #846

fyrchik added

frostfs-node

and removed

triage

labels 2024-01-30 13:28:30 +00:00

acid-ant referenced this issue from a pull request that will close it,

2024-01-30 14:09:16 +00:00

ape: Validate chain resource name #944

fyrchik closed this issue

2024-01-31 10:52:33 +00:00

fyrchik referenced this issue from a commit

2024-01-31 10:52:35 +00:00

[#937] ape: Validate chain resource name

acid-ant commented

2024-03-14 18:57:19 +00:00

Author

Member

Regexp for SubjectName:

`^[\w+=,.@-]{1,64}$`

Used to test subject name (--subject-name) for command frostfs-adm morph frostfsid create-subject

Regexp for GroupName:

`^[\w+=,.@-]{1,128}$`

Used when group created:

$ $ frostfs-adm morph frostfsid create-group -c cfg.yml --rpc-endpoint http://morph-chain.frostfs.devenv:30333 --group-name wqe13-%%^^
invalid group name: name must match regexp: ^[\w+=,.@-]{1,128}$

Regexp for NamespaceName:

`(^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$)`

Used to test namespace when created in blockchain:

$ frostfs-adm morph frostfsid create-namespace -c cfg.yml --rpc-endpoint http:////morph-chain.frostfs.devenv:30333 --namespace test@
invalid namespace: name must match regexp: (^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$)

For other subcommands of adm morph frostfsid ... with parameter --namespace
When local rule created via control service:

$ frostfs-cli control add-rule --endpoint s01.frostfs.devenv:8081 -c cfg.yml   --address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM    --rule "deny Container.Put asd.12313/*" --target-type namespace --target-name nsname
Parsed chain:
Chain ID: 
     HEX: 
Rules:

	Status: Access denied
	Any: false
	Conditions:
	Actions:	Inverted:false
		PutContainer
	Resources:	Inverted:false
		native:container/asd.12313/*
rpc error: rpc error: code = InvalidArgument desc = invalid resource: namespace must match regexp: (^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$)

Regexp for `SubjectName`: ``` `^[\w+=,.@-]{1,64}$` ``` - Used to test subject name (`--subject-name`) for command `frostfs-adm morph frostfsid create-subject` Regexp for `GroupName`: ``` `^[\w+=,.@-]{1,128}$` ``` - Used when group created: ``` $ $ frostfs-adm morph frostfsid create-group -c cfg.yml --rpc-endpoint http://morph-chain.frostfs.devenv:30333 --group-name wqe13-%%^^ invalid group name: name must match regexp: ^[\w+=,.@-]{1,128}$ ``` Regexp for `NamespaceName`: ``` `(^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$)` ``` - Used to test namespace when created in blockchain: ``` $ frostfs-adm morph frostfsid create-namespace -c cfg.yml --rpc-endpoint http:////morph-chain.frostfs.devenv:30333 --namespace test@ invalid namespace: name must match regexp: (^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$) ``` - For other subcommands of `adm morph frostfsid ...` with parameter `--namespace` - When local rule created via control service: ``` $ frostfs-cli control add-rule --endpoint s01.frostfs.devenv:8081 -c cfg.yml --address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --rule "deny Container.Put asd.12313/*" --target-type namespace --target-name nsname Parsed chain: Chain ID: HEX: Rules: Status: Access denied Any: false Conditions: Actions: Inverted:false PutContainer Resources: Inverted:false native:container/asd.12313/* rpc error: rpc error: code = InvalidArgument desc = invalid resource: namespace must match regexp: (^$)|(^[a-z0-9]{1,2}$)|(^[a-z0-9][a-z0-9-]{1,48}[a-z0-9]$) ```