From 6ea4bb290d15e0cd4b4d7a1f4d20a6f196dd024d Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Wed, 8 Nov 2023 16:36:55 +0300
Subject: [PATCH 1/2] [#793] adm: Support new FrostFS ID contract

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 .../internal/modules/morph/frostfsid_util.go  | 41 +++++++++++++++++
 .../modules/morph/frostfsid_util_test.go      | 45 +++++++++++++++++++
 .../modules/morph/initialize_deploy.go        | 12 +++--
 3 files changed, 95 insertions(+), 3 deletions(-)
 create mode 100644 cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
 create mode 100644 cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go

diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
new file mode 100644
index 000000000..54a64a67a
--- /dev/null
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
@@ -0,0 +1,41 @@
+package morph
+
+import (
+	"fmt"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/spf13/viper"
+)
+
+// neo-go doesn't support []util.Uint160 type:
+// https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262
+// Thus, return []smartcontract.Parameter.
+func getFrostfsIDAuthorizedKeys(v *viper.Viper) ([]smartcontract.Parameter, error) {
+	var res []smartcontract.Parameter
+
+	ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey)
+	for i := range ks {
+		h, err := address.StringToUint160(ks[i])
+		if err == nil {
+			res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: h})
+			continue
+		}
+
+		h, err = util.Uint160DecodeStringLE(ks[i])
+		if err == nil {
+			res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: h})
+			continue
+		}
+
+		pk, err := keys.NewPublicKeyFromString(ks[i])
+		if err == nil {
+			res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: pk.GetScriptHash()})
+			continue
+		}
+		return nil, fmt.Errorf("frostfsid: #%d item in authorized_keys is invalid: '%s'", i, ks[i])
+	}
+	return res, nil
+}
diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
new file mode 100644
index 000000000..9982c0815
--- /dev/null
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
@@ -0,0 +1,45 @@
+package morph
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	v := viper.New()
+	v.Set("frostfsid.authorized_keys", []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	})
+
+	actual, err := getFrostfsIDAuthorizedKeys(v)
+	require.NoError(t, err)
+	require.Equal(t, len(pks), len(actual))
+	for i := range pks {
+		require.Equal(t, smartcontract.Hash160Type, actual[i].Type)
+		require.Equal(t, pks[i].GetScriptHash(), actual[i].Value)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.authorized_keys", []string{"abc"})
+
+		_, err := getFrostfsIDAuthorizedKeys(v)
+		require.Error(t, err)
+	})
+}
diff --git a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
index f6100f4f9..34475fe8b 100644
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
@@ -31,6 +31,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/spf13/viper"
 )
 
 const (
@@ -46,6 +47,8 @@ const (
 	proxyContract      = "proxy"
 )
 
+const frostfsIDAuthorizedKeysConfigKey = "frostfsid.authorized_keys"
+
 var (
 	contractList = []string{
 		balanceContract,
@@ -535,9 +538,12 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an
 			nnsCs.Hash,
 			"container")
 	case frostfsIDContract:
-		items = append(items,
-			c.Contracts[netmapContract].Hash,
-			c.Contracts[containerContract].Hash)
+		hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper())
+		if err != nil {
+			panic(err)
+		}
+
+		items = append(items, hs)
 	case netmapContract:
 		md := getDefaultNetmapContractConfigMap()
 		if method == updateMethodName {
-- 
2.45.2


From 2d954dfacf87fd2b65840d26b3de28419ee1a4db Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Mon, 13 Nov 2023 12:41:40 +0300
Subject: [PATCH 2/2] [#793] adm: Always use committee as FrostFS ID owner

Committee should be able to authorize everything, there are no other
usecases for the frostfs-adm currently. Also, it somewhat eases
configuration, because committee hash depends on the protocol
configuration.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 .../internal/modules/morph/frostfsid_util.go       |  3 ++-
 .../internal/modules/morph/frostfsid_util_test.go  | 14 +++++++++-----
 .../internal/modules/morph/initialize_deploy.go    |  2 +-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
index 54a64a67a..248ad76b0 100644
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
@@ -13,8 +13,9 @@ import (
 // neo-go doesn't support []util.Uint160 type:
 // https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262
 // Thus, return []smartcontract.Parameter.
-func getFrostfsIDAuthorizedKeys(v *viper.Viper) ([]smartcontract.Parameter, error) {
+func getFrostfsIDAuthorizedKeys(v *viper.Viper, defaultOwner util.Uint160) ([]smartcontract.Parameter, error) {
 	var res []smartcontract.Parameter
+	res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: defaultOwner})
 
 	ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey)
 	for i := range ks {
diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
index 9982c0815..f4b6a66f6 100644
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
@@ -27,19 +28,22 @@ func TestFrostfsIDConfig(t *testing.T) {
 		hex.EncodeToString(pks[3].PublicKey().Bytes()),
 	})
 
-	actual, err := getFrostfsIDAuthorizedKeys(v)
+	comm := util.Uint160{1, 2, 3}
+	actual, err := getFrostfsIDAuthorizedKeys(v, comm)
 	require.NoError(t, err)
-	require.Equal(t, len(pks), len(actual))
+	require.Equal(t, len(pks)+1, len(actual))
+	require.Equal(t, smartcontract.Hash160Type, actual[0].Type)
+	require.Equal(t, comm, actual[0].Value)
 	for i := range pks {
-		require.Equal(t, smartcontract.Hash160Type, actual[i].Type)
-		require.Equal(t, pks[i].GetScriptHash(), actual[i].Value)
+		require.Equal(t, smartcontract.Hash160Type, actual[i+1].Type)
+		require.Equal(t, pks[i].GetScriptHash(), actual[i+1].Value)
 	}
 
 	t.Run("bad key", func(t *testing.T) {
 		v := viper.New()
 		v.Set("frostfsid.authorized_keys", []string{"abc"})
 
-		_, err := getFrostfsIDAuthorizedKeys(v)
+		_, err := getFrostfsIDAuthorizedKeys(v, comm)
 		require.Error(t, err)
 	})
 }
diff --git a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
index 34475fe8b..5183114f9 100644
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
@@ -538,7 +538,7 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an
 			nnsCs.Hash,
 			"container")
 	case frostfsIDContract:
-		hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper())
+		hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper(), c.CommitteeAcc.PublicKey().GetScriptHash())
 		if err != nil {
 			panic(err)
 		}
-- 
2.45.2