TrueCloudLab
/
frostfs-s3-gw
16
2
Fork 14
Code Issues 19 Pull Requests 4 Actions Packages Releases 6 Activity

[#544] Upgrade NeoFS SDK Go with another approach of container sessions 

After recent changes in NeoFS SDK Go library session tokens aren't
embedded into `container.Container` and `eacl.Table` structures.
Instead, the operations of storing given values in NeoFS are
parameterized by elements of the corresponding type.

Add dedicated session parameters to operations of bucket and eACL
setting.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
remotes/KirillovDenis/bugfix/681-fix_acl_parsing
Leonard Lyubich 2022-06-21 18:21:20 +03:00 committed by Alex Vanin
parent 8a1fc8ae3f
commit 028a152e04
10 changed files with 47 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/handler/acl.go
View File

@ -236,11 +236,10 @@ func (h *handler) updateBucketACL(r *http.Request, astChild *ast, bktInfo *data.
return false, fmt.Errorf("could not translate ast to table: %w", err) return false, fmt.Errorf("could not translate ast to table: %w", err)
} }
table.SetSessionToken(sessionToken)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: table, EACL: table,
SessionToken: sessionToken,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {

6
api/handler/copy.go
View File

@ -147,11 +147,11 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not get new eacl table", reqInfo, err) h.logAndSendError(w, "could not get new eacl table", reqInfo, err)
return return
} }
newEaclTable.SetSessionToken(sessionTokenEACL)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: dstBktInfo, BktInfo: dstBktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {

21
api/handler/put.go
View File

@ -250,7 +250,6 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not get new eacl table", reqInfo, err) h.logAndSendError(w, "could not get new eacl table", reqInfo, err)
return return
} }
newEaclTable.SetSessionToken(sessionTokenEACL)
} }
if tagSet != nil { if tagSet != nil {
@ -262,8 +261,9 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
if newEaclTable != nil { if newEaclTable != nil {
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {
@ -382,11 +382,10 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
} }
if newEaclTable != nil { if newEaclTable != nil {
newEaclTable.SetSessionToken(sessionTokenEACL)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {
@ -609,16 +608,16 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
boxData, err := layer.GetBoxData(r.Context()) boxData, err := layer.GetBoxData(r.Context())
if err == nil { if err == nil {
policies = boxData.Policies policies = boxData.Policies
p.SessionToken = boxData.Gate.SessionTokenForPut() p.SessionContainerCreation = boxData.Gate.SessionTokenForPut()
p.EACL.SetSessionToken(boxData.Gate.SessionTokenForSetEACL()) p.SessionEACL = boxData.Gate.SessionTokenForSetEACL()
} }
if p.SessionToken == nil { if p.SessionContainerCreation == nil {
h.logAndSendError(w, "couldn't find session token for put", reqInfo, errors.GetAPIError(errors.ErrAccessDenied)) h.logAndSendError(w, "couldn't find session token for put", reqInfo, errors.GetAPIError(errors.ErrAccessDenied))
return return
} }
if p.EACL.SessionToken() == nil { if p.SessionEACL == nil {
h.logAndSendError(w, "couldn't find session token for setEACL", reqInfo, errors.GetAPIError(errors.ErrAccessDenied)) h.logAndSendError(w, "couldn't find session token for setEACL", reqInfo, errors.GetAPIError(errors.ErrAccessDenied))
return return
} }

13
api/layer/container.go
View File

@ -147,7 +147,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
Creator: bktInfo.Owner, Creator: bktInfo.Owner,
Policy: p.Policy, Policy: p.Policy,
Name: p.Name, Name: p.Name,
SessionToken: p.SessionToken, SessionToken: p.SessionContainerCreation,
AdditionalAttributes: attributes, AdditionalAttributes: attributes,
}) })
if err != nil { if err != nil {
@ -156,7 +156,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
bktInfo.CID = *idCnr bktInfo.CID = *idCnr
if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL); err != nil { if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL, p.SessionEACL); err != nil {
return nil, err return nil, err
} }
@ -170,15 +170,10 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
return bktInfo, nil return bktInfo, nil
} }
func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table) error { func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table, sessionToken *session.Container) error {
table.SetCID(idCnr) table.SetCID(idCnr)
boxData, err := GetBoxData(ctx) return n.neoFS.SetContainerEACL(ctx, *table, sessionToken)
if err == nil {
table.SetSessionToken(boxData.Gate.SessionTokenForSetEACL())
}
return n.neoFS.SetContainerEACL(ctx, *table)
} }
func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) { func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) {

22
api/layer/layer.go
View File

@ -135,17 +135,19 @@ type (
} }
// CreateBucketParams stores bucket create request parameters. // CreateBucketParams stores bucket create request parameters.
CreateBucketParams struct { CreateBucketParams struct {
Name string Name string
Policy netmap.PlacementPolicy Policy netmap.PlacementPolicy
EACL *eacl.Table EACL *eacl.Table
SessionToken *session.Container SessionContainerCreation *session.Container
LocationConstraint string SessionEACL *session.Container
ObjectLockEnabled bool LocationConstraint string
ObjectLockEnabled bool
} }
// PutBucketACLParams stores put bucket acl request parameters. // PutBucketACLParams stores put bucket acl request parameters.
PutBucketACLParams struct { PutBucketACLParams struct {
BktInfo *data.BucketInfo BktInfo *data.BucketInfo
EACL *eacl.Table EACL *eacl.Table
SessionToken *session.Container
} }
// DeleteBucketParams stores delete bucket request parameters. // DeleteBucketParams stores delete bucket request parameters.
DeleteBucketParams struct { DeleteBucketParams struct {
@ -368,7 +370,7 @@ func (n *layer) GetBucketACL(ctx context.Context, bktInfo *data.BucketInfo) (*Bu
// PutBucketACL puts bucket acl by name. // PutBucketACL puts bucket acl by name.
func (n *layer) PutBucketACL(ctx context.Context, param *PutBucketACLParams) error { func (n *layer) PutBucketACL(ctx context.Context, param *PutBucketACLParams) error {
return n.setContainerEACLTable(ctx, param.BktInfo.CID, param.EACL) return n.setContainerEACLTable(ctx, param.BktInfo.CID, param.EACL, param.SessionToken)
} }
// ListBuckets returns all user containers. The name of the bucket is a container // ListBuckets returns all user containers. The name of the bucket is a container
@ -630,7 +632,7 @@ func (n *layer) CreateBucket(ctx context.Context, p *CreateBucketParams) (*data.
return nil, err return nil, err
} }
if p.SessionToken != nil && session.IssuedBy(*p.SessionToken, bktInfo.Owner) { if p.SessionContainerCreation != nil && session.IssuedBy(*p.SessionContainerCreation, bktInfo.Owner) {
return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou) return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou)
} }

5
api/layer/neofs.go
View File

@ -162,10 +162,11 @@ type NeoFS interface {
// prevented the containers from being listed. // prevented the containers from being listed.
UserContainers(context.Context, user.ID) ([]cid.ID, error) UserContainers(context.Context, user.ID) ([]cid.ID, error)
// SetContainerEACL saves the eACL table of the container in NeoFS. // SetContainerEACL saves the eACL table of the container in NeoFS. The
// extended ACL is modified within session if session token is not nil.
// //
// It returns any error encountered which prevented the eACL from being saved. // It returns any error encountered which prevented the eACL from being saved.
SetContainerEACL(context.Context, eacl.Table) error SetContainerEACL(context.Context, eacl.Table, *session.Container) error
// ContainerEACL reads the container eACL from NeoFS by the container ID. // ContainerEACL reads the container eACL from NeoFS by the container ID.
// //

1
api/layer/neofs_mock.go
View File

@ -82,7 +82,6 @@ func (t *TestNeoFS) CreateContainer(_ context.Context, prm PrmContainerCreate) (
} }
cnr := container.New(opts...) cnr := container.New(opts...)
cnr.SetSessionToken(prm.SessionToken)
if prm.Name != "" { if prm.Name != "" {
container.SetNativeName(cnr, prm.Name) container.SetNativeName(cnr, prm.Name)

2
go.mod
View File

@ -10,7 +10,7 @@ require (
github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d
github.com/nspcc-dev/neo-go v0.98.2 github.com/nspcc-dev/neo-go v0.98.2
github.com/nspcc-dev/neofs-api-go/v2 v2.12.2 github.com/nspcc-dev/neofs-api-go/v2 v2.12.2
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599
github.com/prometheus/client_golang v1.11.0 github.com/prometheus/client_golang v1.11.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.7.1 github.com/spf13/viper v1.7.1

4
go.sum
View File

@ -306,8 +306,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 h1:5Al3dddr0SG3ONhfglTyc2GSnQS0vMmygCD00vLo/jU= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599 h1:EkwWrbzImpqtNJa8IZIsfk/EqbmPwpd0DfdenrJLSbc=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU=
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=

11
internal/neofs/neofs.go
View File

@ -137,7 +137,6 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat
} }
cnr := container.New(cnrOptions...) cnr := container.New(cnrOptions...)
cnr.SetSessionToken(prm.SessionToken)
if prm.Name != "" { if prm.Name != "" {
container.SetNativeName(cnr, prm.Name) container.SetNativeName(cnr, prm.Name)
@ -147,6 +146,10 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat
prmPut.SetContainer(*cnr) prmPut.SetContainer(*cnr)
prmPut.SetWaitParams(x.await) prmPut.SetWaitParams(x.await)
if prm.SessionToken != nil {
prmPut.WithinSession(*prm.SessionToken)
}
// send request to save the container // send request to save the container
idCnr, err := x.pool.PutContainer(ctx, prmPut) idCnr, err := x.pool.PutContainer(ctx, prmPut)
if err != nil { if err != nil {
@ -170,11 +173,15 @@ func (x *NeoFS) UserContainers(ctx context.Context, id user.ID) ([]cid.ID, error
} }
// SetContainerEACL implements neofs.NeoFS interface method. // SetContainerEACL implements neofs.NeoFS interface method.
func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table) error { func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table, sessionToken *session.Container) error {
var prm pool.PrmContainerSetEACL var prm pool.PrmContainerSetEACL
prm.SetTable(table) prm.SetTable(table)
prm.SetWaitParams(x.await) prm.SetWaitParams(x.await)
if sessionToken != nil {
prm.WithinSession(*sessionToken)
}
err := x.pool.SetEACL(ctx, prm) err := x.pool.SetEACL(ctx, prm)
if err != nil { if err != nil {
return fmt.Errorf("save eACL via connection pool: %w", err) return fmt.Errorf("save eACL via connection pool: %w", err)