diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go new file mode 100644 index 000000000..248ad76b0 --- /dev/null +++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go @@ -0,0 +1,42 @@ +package morph + +import ( + "fmt" + + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neo-go/pkg/encoding/address" + "github.com/nspcc-dev/neo-go/pkg/smartcontract" + "github.com/nspcc-dev/neo-go/pkg/util" + "github.com/spf13/viper" +) + +// neo-go doesn't support []util.Uint160 type: +// https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262 +// Thus, return []smartcontract.Parameter. +func getFrostfsIDAuthorizedKeys(v *viper.Viper, defaultOwner util.Uint160) ([]smartcontract.Parameter, error) { + var res []smartcontract.Parameter + res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: defaultOwner}) + + ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey) + for i := range ks { + h, err := address.StringToUint160(ks[i]) + if err == nil { + res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: h}) + continue + } + + h, err = util.Uint160DecodeStringLE(ks[i]) + if err == nil { + res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: h}) + continue + } + + pk, err := keys.NewPublicKeyFromString(ks[i]) + if err == nil { + res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: pk.GetScriptHash()}) + continue + } + return nil, fmt.Errorf("frostfsid: #%d item in authorized_keys is invalid: '%s'", i, ks[i]) + } + return res, nil +} diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go new file mode 100644 index 000000000..f4b6a66f6 --- /dev/null +++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go @@ -0,0 +1,49 @@ +package morph + +import ( + "encoding/hex" + "testing" + + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neo-go/pkg/encoding/address" + "github.com/nspcc-dev/neo-go/pkg/smartcontract" + "github.com/nspcc-dev/neo-go/pkg/util" + "github.com/spf13/viper" + "github.com/stretchr/testify/require" +) + +func TestFrostfsIDConfig(t *testing.T) { + pks := make([]*keys.PrivateKey, 4) + for i := range pks { + pk, err := keys.NewPrivateKey() + require.NoError(t, err) + pks[i] = pk + } + + v := viper.New() + v.Set("frostfsid.authorized_keys", []string{ + pks[0].GetScriptHash().StringLE(), + address.Uint160ToString(pks[1].GetScriptHash()), + hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()), + hex.EncodeToString(pks[3].PublicKey().Bytes()), + }) + + comm := util.Uint160{1, 2, 3} + actual, err := getFrostfsIDAuthorizedKeys(v, comm) + require.NoError(t, err) + require.Equal(t, len(pks)+1, len(actual)) + require.Equal(t, smartcontract.Hash160Type, actual[0].Type) + require.Equal(t, comm, actual[0].Value) + for i := range pks { + require.Equal(t, smartcontract.Hash160Type, actual[i+1].Type) + require.Equal(t, pks[i].GetScriptHash(), actual[i+1].Value) + } + + t.Run("bad key", func(t *testing.T) { + v := viper.New() + v.Set("frostfsid.authorized_keys", []string{"abc"}) + + _, err := getFrostfsIDAuthorizedKeys(v, comm) + require.Error(t, err) + }) +} diff --git a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go index f6100f4f9..5183114f9 100644 --- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go +++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go @@ -31,6 +31,7 @@ import ( "github.com/nspcc-dev/neo-go/pkg/vm/emit" "github.com/nspcc-dev/neo-go/pkg/vm/opcode" "github.com/nspcc-dev/neo-go/pkg/vm/stackitem" + "github.com/spf13/viper" ) const ( @@ -46,6 +47,8 @@ const ( proxyContract = "proxy" ) +const frostfsIDAuthorizedKeysConfigKey = "frostfsid.authorized_keys" + var ( contractList = []string{ balanceContract, @@ -535,9 +538,12 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an nnsCs.Hash, "container") case frostfsIDContract: - items = append(items, - c.Contracts[netmapContract].Hash, - c.Contracts[containerContract].Hash) + hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper(), c.CommitteeAcc.PublicKey().GetScriptHash()) + if err != nil { + panic(err) + } + + items = append(items, hs) case netmapContract: md := getDefaultNetmapContractConfigMap() if method == updateMethodName {