adm: Make NewLocalActor receive accout name #1463

Merged
dstepanov-yadro merged 1 commit from aarifullin/frostfs-node:fix/adm_local_actor into master 2024-11-08 13:57:52 +00:00
Member
  • Some RPC-clients for contracts require different wallet account types.
    Since, Policy contract gets consensus accounts while NNS gets
    committee accounts.

Close #1393

* Some RPC-clients for contracts require different wallet account types. Since, `Policy` contract gets `consensus` accounts while `NNS` gets `committee` accounts. Close #1393
aarifullin force-pushed fix/adm_local_actor from 78188afee6 to 883b6327e3 2024-10-30 14:42:06 +00:00 Compare
Owner

Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side.

Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side.
Member

Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side.

In #1393 I've outlined that the fix could be either in frostfs-adm or in the contract. @alexvanin thinks we should fix frostfs-adm and not the contract (discussion in private chat)

> Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side. In #1393 I've outlined that the fix could be either in `frostfs-adm` or in the contract. @alexvanin thinks we should fix `frostfs-adm` and not the contract (discussion in [private chat](https://chat.yadro.com/yadro/pl/7b7pmaqae3bqim339bwk4c6a3w))
fyrchik requested changes 2024-10-31 11:36:05 +00:00
Dismissed
fyrchik left a comment
Owner

By itself this PR just introduces complexity for no reason. Could you solve #1393 so that we can review everything together?

By itself this PR just introduces complexity for no reason. Could you solve #1393 so that we can review everything together?
@ -49,11 +58,13 @@ func NewLocalActor(cmd *cobra.Command, c actor.RPCActor) (*LocalActor, error) {
return nil, err
}
} else {
commonCmd.ExitOnErr(cmd, "%w", checkAccountName(accName))
Owner

Why do we have this check? GetWalletAccount already returns an error.
Especially given that this accName is given statically.

Why do we have this check? `GetWalletAccount` already returns an error. Especially given that this `accName` is given statically.
Author
Member

Good point. Fixed

Good point. Fixed
fyrchik marked this conversation as resolved
@ -54,3 +65,3 @@
for _, w := range wallets {
acc, err := GetWalletAccount(w, constants.CommitteeAccountName)
acc, err := GetWalletAccount(w, accName) //constants.CommitteeAccountName)
Owner

Error message should be changed as well.

Error message should be changed as well.
Author
Member

Fixed

Fixed
fyrchik marked this conversation as resolved
Member

🎉 I've just checked and this PR does solve the problem described in #1393:

  • I've reproduced the error on clean cluster with frostfs-adm v0.43.2
  • Everything worked correctly with frostfs-adm from this PR
🎉 I've just checked and this PR does solve the problem described in #1393: - I've reproduced the error on clean cluster with frostfs-adm v0.43.2 - Everything worked correctly with frostfs-adm from this PR
Author
Member

By itself this PR just introduces complexity for no reason. Could you solve #1393 so that we can review everything together?

Initially, I've created this PR rather to agree with @potyarkin to build frostfs-adm and check if it can change Policy contract state with these signatures. So, that's why I left it with WIP prefix :) So, it seems it works out.

For now, let's discuss the solution

I think the problem could be with the incorrect signature on the contract side.

Policy contract has got this:

func checkAuthorization(ctx storage.Context) {
	admin := getAdmin(ctx)
	if admin != nil && runtime.CheckWitness(admin) {
		return
	}
	if runtime.CheckWitness(common.AlphabetAddress()) {
		return
	}

	panic(ErrNotAuthorized)
}

So, I can ask you (because you're an author of this check) to understand the problem's context:

  1. Did you actually mean common.AlphabetAddress() or policy contract state can be changed with a transaction signed by common.CommitteeAddress()?
  2. What if we allow both common.CommitteeAddress() and common.AlphabetAddress() signers to change the state? Like proxy contract does

If it actually means invocation can be verified only with common.AlphabetAddress() signers, then we need to select consensus accounts from wallets like this PR does

> By itself this PR just introduces complexity for no reason. Could you solve #1393 so that we can review everything together? Initially, I've created this PR rather to agree with @potyarkin to build `frostfs-adm` and check if it can change `Policy` contract state with these signatures. So, that's why I left it with `WIP` prefix :) So, it seems it works out. For now, let's discuss the solution > I think the problem could be with the incorrect signature on the contract side. `Policy` contract has got this: ```go func checkAuthorization(ctx storage.Context) { admin := getAdmin(ctx) if admin != nil && runtime.CheckWitness(admin) { return } if runtime.CheckWitness(common.AlphabetAddress()) { return } panic(ErrNotAuthorized) } ``` So, I can ask you (because you're an author of this check) to understand the problem's context: 1. Did you actually mean `common.AlphabetAddress()` or policy contract state can be changed with a transaction signed by `common.CommitteeAddress()`? 2. What if we allow both `common.CommitteeAddress()` and `common.AlphabetAddress()` signers to change the state? Like `proxy` contract does If it actually means invocation can be verified only with `common.AlphabetAddress()` signers, then we need to select `consensus` accounts from wallets like this PR does
Member
  1. What if we allow both common.CommitteeAddress() and common.AlphabetAddress() signers to change the state? Like proxy contract does

For what it's worth, this is the workaround I've been using for my cluster. Thought of it as a kludge. I don't quite understand the mechanics of policy contract though; a clarification from @fyrchik would be very welcome.

> 2. What if we allow both `common.CommitteeAddress()` and `common.AlphabetAddress()` signers to change the state? Like `proxy` contract does For what it's worth, this is the workaround [I've been using](https://git.frostfs.info/TrueCloudLab/frostfs-infra/issues/109#issuecomment-52991) for my cluster. Thought of it as a kludge. I don't quite understand the mechanics of policy contract though; a clarification from @fyrchik would be very welcome.
Owner

It's what we use in other contracts for data-path related operations, so you are right, AlphabetAddress() seems right there.

It's what we use in other contracts for data-path related operations, so you are right, `AlphabetAddress()` seems right there.
aarifullin force-pushed fix/adm_local_actor from 883b6327e3 to e631c30309 2024-11-08 11:28:59 +00:00 Compare
aarifullin requested review from storage-core-committers 2024-11-08 11:30:12 +00:00
aarifullin changed title from WIP: adm: Make NewLocalActor receive accout name to adm: Make NewLocalActor receive accout name 2024-11-08 11:30:16 +00:00
aarifullin requested review from storage-core-developers 2024-11-08 11:30:17 +00:00
Author
Member

Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side.

Let summarize our discussion in the PR:

  • If I correctly understand, then the verification by AlphabetAddress() is correct according to your comment above. So, frostfs-adm should be changed by this reason
  • frostfs-adm should be able to choose accounts from wallets by a contract requirements: nns requires to sign with CommitteeAccountName while policy expects for ConsensusAccountName. I left a comment for NewLocalActor to specify how to choose accounts before actor creation
> Are you trying to solve #1393? I think the problem could be with the incorrect signature on the contract side. Let summarize our discussion in the PR: - If I correctly understand, then the verification by `AlphabetAddress()` is correct according to your comment above. So, `frostfs-adm` should be changed by this reason - `frostfs-adm` should be able to choose accounts from wallets by a contract requirements: `nns` requires to sign with `CommitteeAccountName` while `policy` expects for `ConsensusAccountName`. I left a comment for `NewLocalActor` to specify how to choose accounts before actor creation
fyrchik approved these changes 2024-11-08 12:18:27 +00:00
acid-ant approved these changes 2024-11-08 12:38:21 +00:00
dstepanov-yadro approved these changes 2024-11-08 13:57:41 +00:00
dstepanov-yadro merged commit d336f2d487 into master 2024-11-08 13:57:52 +00:00
Sign in to join this conversation.
No reviewers
TrueCloudLab/storage-core-developers
No milestone
No project
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#1463
No description provided.