adm/ape: Adopt policy reader #1607

dkirillov · 2025-01-20T06:28:44Z

dkirillov commented

2025-01-20 06:28:44 +00:00

Embed https://git.frostfs.info/dkirillov/policy-reader
tool to 'frostfs-adm morph ape' command

Signed-off-by: Denis Kirillov d.kirillov@yadro.com

Embed https://git.frostfs.info/dkirillov/policy-reader tool to 'frostfs-adm morph ape' command Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

dkirillov force-pushed feature/adopt_policy_reader from 603c6b2fa7 to ef84808576

2025-01-20 06:33:45 +00:00

Compare

dkirillov changed title from ~~WIP: [#XX] adm/ape: Adopt policy reader~~ to WIP: [#1607] adm/ape: Adopt policy reader

2025-01-20 06:33:58 +00:00

dkirillov changed title from ~~WIP: [#1607] adm/ape: Adopt policy reader~~ to [#1607] adm/ape: Adopt policy reader

2025-01-20 06:34:14 +00:00

requested reviews from storage-core-committers, storage-core-developers

2025-01-20 06:34:15 +00:00

dkirillov force-pushed feature/adopt_policy_reader from ef84808576 to 4706a15743

2025-01-20 06:36:42 +00:00

Compare

dstepanov-yadro reviewed 2025-01-20 09:24:09 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +18,4 @@

				)

				var listContainerCmd = &cobra.Command{

					Use:   "list-container",

dstepanov-yadro commented

2025-01-20 09:18:39 +00:00

What is the difference with list-rule-chains command?

What is the difference with `list-rule-chains` command?

aarifullin commented

2025-01-20 10:22:43 +00:00

It seems this runs listing under chains subcommand
ape chains list-container (although it can be just ape chains list and flags can define targets) instead of ape list-rule-chains.

It seems this runs listing under `chains` subcommand `ape chains list-container` (although it can be just `ape chains list` and flags can define targets) instead of `ape list-rule-chains`.

dkirillov commented

2025-01-20 12:26:38 +00:00

This command is aimed to list all container related chains. Not only for container target but also for namespace target (in which container is location)

This command is aimed to list all container related chains. Not only for `container` target but also for `namespace` target (in which container is location)

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +52,4 @@

					commonCmd.ExitOnErr(cmd, "can't parse chain-name: %w", err)

					endpoint := viper.GetString(commonflags.EndpointFlag)

					namespace := viper.GetString(namespaceFlag)

dstepanov-yadro commented

2025-01-20 09:20:33 +00:00

Other ape-related commands have root to empty string replacement:

if name == "root" {

Other ape-related commands have `root` to empty string replacement: https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/c98357606b4e387f7a8063331438dccfb24d255e/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go#L27

👍 1

cmd/frostfs-adm/internal/modules/morph/ape/lowlevel/output/chains.go Outdated

					
				@ -0,0 +13,4 @@

					maxPrintable = 127

				)

				func PrintChains(cmd *cobra.Command, list []stackitem.Item, decodeChain, decodeID bool) error {

dstepanov-yadro commented

2025-01-20 09:16:36 +00:00

In which case is it expected that frostfs-adm user will not want to decode ID and chain?

In which case is it expected that `frostfs-adm` user will not want to decode ID and chain?

dkirillov commented

2025-01-20 12:29:24 +00:00

When data in policy contract isn't actually chain. For i kind we store aws policy json (that isn't compatible with ape chain format)

When data in policy contract isn't actually chain. For `i` kind we store aws policy json (that isn't compatible with ape chain format)

cmd/frostfs-adm/internal/modules/morph/ape/lowlevel/root.go Outdated

					
				@ -0,0 +7,4 @@

				)

				var Cmd = &cobra.Command{

					Use:   "low-level",

dstepanov-yadro commented

2025-01-20 09:23:32 +00:00

What about raw?

What about `raw`?

🚀 1

dkirillov commented

2025-01-20 12:27:27 +00:00

I thought about it but for some reason I decided that you wouldn't like it

aarifullin requested changes 2025-01-20 10:28:47 +00:00

Dismissed

aarifullin left a comment

@dkirillov, look, I believe I can figure out your intentions, but you should take in account that we can't leave such aliases for subcommands.

Currently morph ape also defines such commands to manage/read chains

initAddRuleChainCmd()
initRemoveRuleChainCmd()
initListRuleChainsCmd()

This can't be accepted without refactoring. Is it possible to implement policy-reader features adding functionality to the current frostfs-adm morph ape subcommands?

@dkirillov, look, I believe I can figure out your intentions, but you should take in account that we can't leave such aliases for subcommands. Currently `morph ape` also defines such commands to manage/read chains ```go initAddRuleChainCmd() initRemoveRuleChainCmd() initListRuleChainsCmd() ``` This can't be accepted without refactoring. Is it possible to implement `policy-reader` features adding functionality to the current `frostfs-adm morph ape` subcommands?

cmd/frostfs-adm/internal/modules/morph/ape/chains/root.go Outdated

					
				@ -0,0 +20,4 @@

				}

				const (

					policyHashFlag    = "policy-hash"

aarifullin commented

2025-01-20 10:25:24 +00:00

We don't need to pass it. See

We don't need to pass it. [See](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go#L64-L65)

dkirillov commented

2025-01-20 12:32:16 +00:00

These commands aimed to debug policy contract in any environment. In some environment this contract isn't registered in NNS

These commands aimed to debug `policy` contract in any environment. In some environment this contract isn't registered in NNS

aarifullin commented

2025-01-20 14:40:42 +00:00

Okay. You haven't marked the flag as required but it's not processed when it's empty either.
Could we use searching within NNS as default behavior if its value is empty?

Okay. You haven't marked the flag as required but it's not processed when it's empty either. Could we use searching within NNS as default behavior if its value is empty?

aarifullin marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/lowlevel/list_chain_names.go Outdated

					
				@ -0,0 +31,4 @@

				func initListChainNamesCmd() {

					listChainNamesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)

					listChainNamesCmd.Flags().String(kindFlag, "n", "Target kind (1-byte) to list (n(namespace)/c(container)/g(group)/u(user)/i(iam))")

aarifullin commented

2025-01-20 10:28:40 +00:00

Consider reusing flag names from common package, please!

Consider reusing flag names from [common](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/cmd/internal/common/ape/flags.go#L7-L10) package, please!

dkirillov commented

2025-01-20 12:38:39 +00:00

Actually, I tried. But it leads to huge unwanted refactor in APE because target-type be parsed to this. This TargetType is widely used in RequestTarget and function like this.
But for i kind (

IAM = 'i'

) we store aws json policy and this data MUST NOT be used in IsAllowed APE function because it isn't valid APE chain.
So I don't this that it's good idea change APE and provide user way for incorrect using APE library with i kind (target-type)

Actually, I tried. But it leads to huge unwanted refactor in APE because [target-type](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/c98357606b4e387f7a8063331438dccfb24d255e/cmd/internal/common/ape/flags.go#L9) be parsed to [this](https://git.frostfs.info/TrueCloudLab/policy-engine/src/commit/a3bc3099bd5bfefd702b44070d58982e477a56e9/pkg/engine/interface.go#L35-L42). This `TargetType` is widely used in `RequestTarget` and function like [this](https://git.frostfs.info/TrueCloudLab/policy-engine/src/commit/a3bc3099bd5bfefd702b44070d58982e477a56e9/pkg/engine/chain_router.go#L27). But for `i` kind (https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/commit/201db45bd739fb729448ea8c806ae51ff01a5f2d/policy/policy_contract.go#L21) we store aws json policy and this data **MUST NOT** be used in `IsAllowed` APE function because it isn't valid APE chain. So I don't this that it's good idea change APE and provide user way for incorrect using APE library with `i` kind (target-type)

aarifullin commented

2025-01-20 15:18:15 +00:00

Okay. Let me explain my point of view and, probably, we'll find a compromise.

These types are not bound to frostfs-node. It implied you can manage chains on the different protocol levels (ingress, s3 etc.), but it seems s3-gw doesn't use the interface yet (or it' not adapted ?)

s3-gw manages IAM chains on S3 level
IsAllowed will never list s3 chains, only ingress
Overrides and chains added by ape-manager are created on ingress level. i won't affect its work

So, ideally, policy-engine could introduce i type that could be listed on S3 level using policy contract interface. So, it doesn't look like a huge refactoring

Anyway, I just asked to use flag names and description. Parsing to target hasn't been on point :))

Okay. Let me explain my point of view and, probably, we'll find a compromise. These [types](https://git.frostfs.info/TrueCloudLab/policy-engine/src/commit/a3bc3099bd5bfefd702b44070d58982e477a56e9/pkg/engine/interface.go#L35-L42) are not bound to `frostfs-node`. It implied you can manage chains on the different protocol levels (`ingress`, `s3` etc.), but it seems `s3-gw` doesn't use the interface yet (or it' not adapted **?**) 1. `s3-gw` manages IAM chains on `S3` [level](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/src/branch/master/internal/frostfs/policy/morph_rule_chain_storage.go#L79) 2. `IsAllowed` will never list `s3` chains, only `ingress` 3. Overrides and chains added by `ape-manager` are created on `ingress` level. `i` won't affect its work So, ideally, `policy-engine` could introduce `i` type that could be listed on [S3](https://git.frostfs.info/TrueCloudLab/policy-engine/src/branch/master/pkg/chain/chain_names.go#L12) level using policy contract interface. So, it doesn't look like a huge refactoring Anyway, I just asked to use flag names and description. Parsing to target hasn't been on point :))

dkirillov commented

2025-01-21 14:20:52 +00:00

Anyway, I just asked to use flag names and description. Parsing to target hasn't been on point :))

#1607 (comment)

> Anyway, I just asked to use flag names and description. Parsing to target hasn't been on point :)) https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/1607#issuecomment-64812

aarifullin marked this conversation as resolved

dkirillov commented

2025-01-20 12:40:58 +00:00

Is it possible to implement policy-reader features adding functionality to the current frostfs-adm morph ape subcommands?

To the current subcommands? I believe it isn't possible (without a huge kludge).

> Is it possible to implement policy-reader features adding functionality to the current frostfs-adm morph ape subcommands? To the current subcommands? I believe it isn't possible (without a huge kludge).

dkirillov force-pushed feature/adopt_policy_reader from 4706a15743 to 98eeed2e74

2025-01-20 13:08:58 +00:00

Compare

fyrchik requested changes 2025-01-20 13:51:30 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +12,4 @@

					apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"

					"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"

					cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"

					"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ns"

fyrchik commented

2025-01-20 13:40:29 +00:00

I would like to avoid using this package in this repo.
Ideally all node <-> neo-go communication is done via autogenerated code or helpers from the frostfs-contract.
We already have multiple commands using different mechanisms (actors vs common client from the frostfsid), let's not add yet another one.

Specifically, I would like to make this a thing #1035, so connection handling should be decoupled from the argument parsing.

I would like to avoid using this package in this repo. Ideally all node <-> neo-go communication is done via autogenerated code or helpers from the `frostfs-contract`. We already have multiple commands using different mechanisms (actors vs common client from the frostfsid), let's not add yet another one. Specifically, I would like to make this a thing #1035, so connection handling should be decoupled from the argument parsing.

👍 1

fyrchik marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +19,4 @@

				var listContainerCmd = &cobra.Command{

					Use:   "list-container",

					Short: "List container related (namespace) policies",

fyrchik commented

2025-01-20 13:32:10 +00:00

I would use different naming: namespace somewhere in the command name and --container as an optional argument (aka filter).
Current implementation looks too specific.

I would use different naming: `namespace` somewhere in the command name and `--container` as an optional argument (aka filter). Current implementation looks too specific.

dkirillov commented

2025-01-23 08:38:28 +00:00

Current implementation looks too specific.

Indeed it is. This command is aimed to get all container related policies. In container target and in namespace target.

The similar command for user that get all user related (affected) policies (from namespace, group, user targets)

I'm not sure if using "--container as optional argument (aka filter)" is appropriate here

> Current implementation looks too specific. Indeed it is. This command is aimed to get all **container** related policies. In `container` target and in `namespace` target. The similar command for user that get all user related (affected) policies (from `namespace`, `group`, `user` targets) I'm not sure if using "`--container` as optional argument (aka filter)" is appropriate here

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +24,4 @@

					Example: `chains list-container -r http://localhost:40332 list --container 7h7NcXcF6k6b1yidqEHc1jkyXUm1MfUDrrTuHAefhiDe

				chains list-container -r http://localhost:40332 --policy-hash 81c1a41d09e08087a4b679418b12be5d3ab15742 list --container 7h7NcXcF6k6b1yidqEHc1jkyXUm1MfUDrrTuHAefhiDe --namespace test`,

					PreRun: func(cmd *cobra.Command, _ []string) {

						_ = viper.BindPFlag(containerFlag, cmd.Flags().Lookup(containerFlag))

fyrchik commented

2025-01-20 13:33:05 +00:00

We use BindPFlag to allow providing command values via configuration.
I doubt it is useful for any of these 4 flags.
(containerFlag is required, to this bind seems definitely useless).

We use `BindPFlag` to allow providing command values via configuration. I doubt it is useful for any of these 4 flags. (`containerFlag` is required, to this bind seems definitely useless).

👍 1 🚀 1

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +72,4 @@

					res, err = commonclient.ReadIteratorItems(inv, 100, policyHash, methodIteratorChainsByPrefix, big.NewInt(int64(policycontract.Container)), cnrID.String(), string(chainName))

					commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)

					cmd.Printf("container policies: %d\n", len(res))

fyrchik commented

2025-01-20 13:36:01 +00:00

Why do we have %s for namespace message, but no CID for this one?

Why do we have `%s` for namespace message, but no CID for this one?

👀 1

fyrchik marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_container.go Outdated

					
				@ -0,0 +77,4 @@

				}

				// ResolveContainerID determine container id by resolving NNS name.

				func ResolveContainerID(endpoint, namespace, containerName string) (cid.ID, error) {

fyrchik commented

2025-01-20 13:36:48 +00:00

It is used only once and in this package, why is it public?

👍 1

fyrchik commented

2025-01-29 09:54:14 +00:00

Why have you decided to move it to helper package instead of making it private?

Why have you decided to move it to `helper` package instead of making it private?

dkirillov commented

2025-01-29 11:34:37 +00:00

To make it similar to NNSResolveHash. Probably it can be helpful in some other places

To make it similar to `NNSResolveHash`. Probably it can be helpful in some other places

fyrchik commented

2025-01-29 11:39:23 +00:00

Probably can, probably not.
To me it complicates things now.

Probably can, probably not. To me it complicates things now.

fyrchik marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_user.go Outdated

					
				@ -0,0 +128,4 @@

					return ffsid.GetSubjectExtended(subj.PrimaryKey.GetScriptHash())

				}

				func parseChainName(service string) (apechain.Name, error) {

fyrchik commented

2025-01-20 13:45:20 +00:00

To my complete surprise, there is an old and undone issue: https://github.com/spf13/pflag/issues/236 which could be helpful here.

😕 1

fyrchik marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_user.go Outdated

					
				@ -0,0 +141,4 @@

					return "", errUnknownServiceType

				}

				func printSubject(cmd *cobra.Command, subj *ffsidclient.SubjectExtended) {

fyrchik commented

2025-01-20 13:46:04 +00:00

It accepts SubjectExtended but doesn't print AdditionalKeys. It this intended?

It accepts `SubjectExtended` but doesn't print `AdditionalKeys`. It this intended?

dkirillov commented

2025-01-20 14:28:02 +00:00

Probably this was done (in policy-reader tool) before additional keys starts to be useful to see

Probably this was done (in `policy-reader` tool) before additional keys starts to be useful to see

fyrchik marked this conversation as resolved

cmd/frostfs-adm/internal/modules/morph/ape/chains/root.go Outdated

					
				@ -0,0 +25,4 @@

				)

				func init() {

					Cmd.PersistentFlags().String(policyHashFlag, "policy.frostfs", "NNS name or script hash of policy contract")

fyrchik commented

2025-01-20 13:47:19 +00:00

Every other command may resolve contract hash from NNS.
frostfs-adm may resolve any domain too.
Why this argument exists?

Every other command may resolve contract hash from NNS. `frostfs-adm` may resolve any domain too. Why this argument exists?

dkirillov commented

2025-01-20 14:26:19 +00:00

#1607 (comment)

https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/1607#issuecomment-64644

cmd/frostfs-adm/internal/modules/morph/ape/raw/list_targets.go Outdated

					
				@ -0,0 +70,4 @@

						return nil, fmt.Errorf("invalid type: %s", typ)

					}

					return big.NewInt(int64(typ[0])), nil

fyrchik commented

2025-01-20 13:49:06 +00:00

This is very error-prone: we connect some constants from contracts with CLI interface in the frostfs-adm.
If something changes, we won't notice.
Can we make this an implicit switch that uses some exported constants from the policy contract?

And, to be fair, full multi-byte names or even boolean flags look better IMO.

This is very error-prone: we connect some constants from contracts with CLI interface in the frostfs-adm. If something changes, we won't notice. Can we make this an implicit switch that uses some exported constants from the `policy` contract? And, to be fair, full multi-byte names or even boolean flags look better IMO.

dkirillov commented

2025-01-21 14:20:24 +00:00

I consider this command as low-level one, so I would like to be able to invoke ListTarget using any valid one-byte parameter (the same way as I can do this by neo-go contract testinvokefuntion)

I consider this command as low-level one, so I would like to be able to invoke [ListTarget](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/commit/201db45bd739fb729448ea8c806ae51ff01a5f2d/policy/policy_contract.go#L254) using any valid one-byte parameter (the same way as I can do this by `neo-go contract testinvokefuntion`)

fyrchik commented

2025-01-29 11:38:22 +00:00

But can we provide e.g. \x00?

But can we provide e.g. `\x00`?

dkirillov commented

2025-02-04 11:58:18 +00:00

Update parsing to be able provide just number

cmd/internal/common/ape/flags.go Outdated

					
				@ -8,3 +8,3 @@

					TargetNameFlagDesc = "Resource name in APE resource name format"

					TargetTypeFlag     = "target-type"

					TargetTypeFlagDesc = "Resource type(container/namespace)"

					TargetTypeFlagDesc = "Resource type(container/namespace/group/user)"

fyrchik commented

2025-01-20 13:51:27 +00:00

This should be in a separate commit.

fyrchik marked this conversation as resolved

dkirillov force-pushed feature/adopt_policy_reader from 98eeed2e74 to 4022349fbe

2025-01-21 14:21:14 +00:00

Compare

aarifullin reviewed 2025-01-22 07:54:17 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/raw/root.go Outdated

					
				@ -0,0 +9,4 @@

				var Cmd = &cobra.Command{

					Use:   "raw",

					Short: "FrostFS policy contract raw reader",

					Long:  "Helps reading policy information from contact in FrostFS network",

aarifullin commented

2025-01-22 07:54:17 +00:00

raw is subcommand and Long won't be showed in the prompt. You can leave Short only

`raw` is subcommand and `Long` won't be showed in the prompt. You can leave `Short` only

aarifullin marked this conversation as resolved

aarifullin reviewed 2025-01-22 11:55:29 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/raw/list_targets.go Outdated

					
				@ -0,0 +81,4 @@

					commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)

					policyHashStr, _ := cmd.Flags().GetString(policyHashFlag)

					policyHash, err := helper.NNSResolveHash(inv, nnsCs.Hash, policyHashStr)

aarifullin commented

2025-01-22 11:55:29 +00:00

Please, let this flag be optional (see this)

Please, let this flag be optional (see [this](https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/1607#issuecomment-64674))

dkirillov commented

2025-01-23 08:31:38 +00:00

This is already optional, If I understood you correctly. I have default policy.frostfs value for this flag

Cmd.PersistentFlags().String(policyHashFlag, "policy.frostfs", "NNS name or script hash of policy contract")

This is already optional, If I understood you correctly. I have default `policy.frostfs` value for this flag https://git.frostfs.info/dkirillov/frostfs-node/src/commit/4022349fbe06f374bd15cf9a29f043d5827c2f2a/cmd/frostfs-adm/internal/modules/morph/ape/raw/root.go#L23

aarifullin commented

2025-01-23 13:21:25 +00:00

Ah, yeah. Correct!

aarifullin marked this conversation as resolved

dkirillov force-pushed feature/adopt_policy_reader from 4022349fbe to a1154801d1

2025-01-23 08:34:38 +00:00

Compare

fyrchik changed title from ~~[#1607] adm/ape: Adopt policy reader~~ to adm/ape: Adopt policy reader

2025-01-29 09:52:26 +00:00

fyrchik reviewed 2025-01-29 11:37:25 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_user.go Outdated

					
				@ -0,0 +158,4 @@

					for i, key := range subj.AdditionalKeys {

						additionalKeys[i] = hex.EncodeToString(key.Bytes())

					}

					cmd.Printf("\tadditional keys: %v\n", additionalKeys)

fyrchik commented

2025-01-29 11:36:50 +00:00

We print all other arrays line-by-line, and here we use %v, why so?

We print all other arrays line-by-line, and here we use `%v`, why so?

dkirillov commented

2025-02-04 11:17:10 +00:00

Because we don't need extra formatting in this case

fyrchik commented

2025-02-05 11:31:21 +00:00

I mean, why we don't need it?
Having keys line-by-line is easier to read and will correspond to the formatting of other array values.

I mean, why we don't need it? Having keys line-by-line is easier to read and will correspond to the formatting of other array values.

👍 1

dkirillov force-pushed feature/adopt_policy_reader from a1154801d1 to a6f300ea17

2025-02-04 11:57:17 +00:00

Compare

dkirillov force-pushed feature/adopt_policy_reader from a6f300ea17 to ee4c32ad6e

2025-02-06 14:52:06 +00:00

Compare

aarifullin approved these changes 2025-02-07 08:28:10 +00:00

Dismissed

aarifullin left a comment

We definitely should have this thing in our cli

fyrchik requested changes 2025-02-28 15:08:23 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/raw/list_targets.go Outdated

					
				@ -0,0 +87,4 @@

					nnsCs, err := helper.GetContractByID(management.NewReader(inv), 1)

					commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)

					policyHashStr, _ := cmd.Flags().GetString(policyHashFlag)

fyrchik commented

2025-02-28 15:07:32 +00:00

Could you explain, why this code works?
We get policyhash, which is hex-encoded contract hash we would like to use.
But instead of decoding it we use NNSResolveHash where policyHashStr is provided as a domain and resolved.
Secondly, regardless of how it works, if the user provides explicit policy hash, we should not care about NNS at all.

What am I missing here?

Could you explain, why this code works? We get policyhash, which is hex-encoded contract hash we would like to use. But instead of decoding it we use `NNSResolveHash` where `policyHashStr` is provided as a _domain_ and resolved. Secondly, regardless of how it works, if the user provides explicit policy hash, we should not care about NNS at all. What am I missing here?

dkirillov commented

2025-03-03 06:49:41 +00:00

Oh, It seems I've lost decoding during refactor. I'll fix it

fyrchik commented

2025-03-03 06:58:28 +00:00

There are other places like this too, please check them.
Now we skip err != nil for some reason. Why? We expect the hash, if it is invalid command should fail.

1. There are other places like this too, please check them. 2. Now we skip `err != nil` for some reason. Why? We expect the hash, if it is invalid command should fail.

dkirillov commented

2025-03-03 08:17:48 +00:00

It's similar to the getting flags across frostfs-adm code e.g.
cmd/frostfs-adm/internal/modules/morph/ape/ape.go
Line 202 in 0991077
s, _ := cmd.Flags().GetString(addrAdminFlag)

2. It's similar to the getting flags across frostfs-adm code e.g. https://git.frostfs.info/TrueCloudLab/frostfs-node/src/commit/0991077cb364c94e40f6838035acab4754b4d8af/cmd/frostfs-adm/internal/modules/morph/ape/ape.go#L202

fyrchik commented

2025-03-03 08:46:41 +00:00

We skip an error there because it cannot possibly happen (the flag is defined and all flags can be used as string).
The error you skip (in the if below this line) happens during parsing.

We skip an error there because it cannot possibly happen (the flag is defined and all flags can be used as string). The error you skip (in the `if` below this line) happens during parsing.

dkirillov commented

2025-03-03 09:30:25 +00:00

If parsing failed then we should try to resolve it in NNS, because it can have format like policy.frostfs

If parsing failed then we should try to resolve it in NNS, because it can have format like `policy.frostfs`

fyrchik commented

2025-03-03 11:13:02 +00:00

Then it should be a --policy-domain and not --policy-hash.
However, I think policy-hash is enough, if we want to use a custom domain, we might as well resolve it separately.

Then it should be a `--policy-domain` and not `--policy-hash`. However, I think `policy-hash` is enough, if we want to use a custom domain, we might as well resolve it separately.

dkirillov force-pushed feature/adopt_policy_reader from ee4c32ad6e to 05517ae305

2025-03-03 06:53:22 +00:00

Compare

dkirillov dismissed aarifullin's review 2025-03-03 06:53:22 +00:00

Reason:

New commits pushed, approval review dismissed automatically according to repository settings

dkirillov force-pushed feature/adopt_policy_reader from 05517ae305 to 10574f8ff0

2025-03-03 08:15:20 +00:00

Compare

fyrchik reviewed 2025-03-05 07:19:35 +00:00

cmd/frostfs-adm/internal/modules/morph/ape/chains/list_user.go

					
				@ -0,0 +187,4 @@

					}

					frostfsidHashStr, _ := cmd.Flags().GetString(frostfsidHashFlag)

					frostfsidHash, err := util.Uint160DecodeStringLE(policyHashStr)