From 8fc19b11dbeacbbc937002b1ced89f694b172ddb Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Tue, 25 Jan 2022 17:41:01 +0300 Subject: [PATCH] [#333] Update sdk Update sdk to fix "invalid session token owner" error Signed-off-by: Denis Kirillov --- api/layer/container.go | 3 ++- api/layer/layer.go | 4 +--- api/layer/versioning_test.go | 2 +- authmate/authmate.go | 26 +++++--------------------- go.mod | 4 ++-- go.sum | 8 ++++---- 6 files changed, 15 insertions(+), 32 deletions(-) diff --git a/api/layer/container.go b/api/layer/container.go index a807f1a..6bff192 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -11,6 +11,7 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/errors" + "github.com/nspcc-dev/neofs-sdk-go/acl" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" "github.com/nspcc-dev/neofs-sdk-go/eacl" @@ -130,7 +131,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*ci options := []container.Option{ container.WithPolicy(p.Policy), - container.WithCustomBasicACL(p.ACL), + container.WithCustomBasicACL(acl.BasicACL(p.ACL)), container.WithAttribute(container.AttributeName, p.Name), container.WithAttribute(container.AttributeTimestamp, strconv.FormatInt(bktInfo.Created.Unix(), 10)), } diff --git a/api/layer/layer.go b/api/layer/layer.go index 3c7e7fb..5062770 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -16,7 +16,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/errors" "github.com/nspcc-dev/neofs-s3-gw/api/resolver" - "github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" "github.com/nspcc-dev/neofs-sdk-go/client" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -288,8 +287,7 @@ func (n *layer) Owner(ctx context.Context) *owner.ID { return data.Gate.BearerToken.Issuer() } - id, _ := authmate.OwnerIDFromNeoFSKey(n.EphemeralKey()) - return id + return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(n.EphemeralKey())) } // CallOptions returns []pool.CallOption options: client.WithBearer or client.WithKey (if request is anonymous). diff --git a/api/layer/versioning_test.go b/api/layer/versioning_test.go index 3b8aba8..50aa599 100644 --- a/api/layer/versioning_test.go +++ b/api/layer/versioning_test.go @@ -201,7 +201,7 @@ func (t *testPool) AnnounceContainerUsedSpace(ctx context.Context, announcements panic("implement me") } -func (t *testPool) Connection() (client.Client, *session.Token, error) { +func (t *testPool) Connection() (pool.Client, *session.Token, error) { panic("implement me") } diff --git a/authmate/authmate.go b/authmate/authmate.go index f268678..6510226 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -18,6 +18,7 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/cache" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens" + "github.com/nspcc-dev/neofs-sdk-go/acl" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -33,7 +34,7 @@ import ( ) const ( - defaultAuthContainerBasicACL uint32 = 0b00111100100011001000110011001110 + defaultAuthContainerBasicACL acl.BasicACL = 0b00111100100011001000110011001110 // 0x3C8C8CCE - private container with only GET allowed to others ) // Agent contains client communicating with NeoFS and logger. @@ -252,10 +253,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr box.ContainerPolicy = policies - oid, err := OwnerIDFromNeoFSKey(options.NeoFSKey.PublicKey()) - if err != nil { - return err - } + oid := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey) a.log.Info("store bearer token into NeoFS", zap.Stringer("owner_tkn", oid)) @@ -403,10 +401,7 @@ func buildContext(rules []byte) (*session.ContainerContext, error) { } func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*token.BearerToken, error) { - oid, err := OwnerIDFromNeoFSKey(gateKey) - if err != nil { - return nil, err - } + oid := owner.NewIDFromPublicKey((*ecdsa.PublicKey)(gateKey)) bearerToken := token.NewBearerToken() bearerToken.SetEACLTable(table) @@ -478,11 +473,8 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions, cid *ci if err != nil { return nil, fmt.Errorf("failed to build context for session token: %w", err) } - oid, err := OwnerIDFromNeoFSKey(options.NeoFSKey.PublicKey()) - if err != nil { - return nil, err - } + oid := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey) sessionTokens, err := buildSessionTokens(options.NeoFSKey, oid, lifetime, sessionRules, options.GatesPublicKeys) if err != nil { return nil, err @@ -494,11 +486,3 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions, cid *ci return gates, nil } - -func OwnerIDFromNeoFSKey(key *keys.PublicKey) (*owner.ID, error) { - wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key)) - if err != nil { - return nil, err - } - return owner.NewIDFromNeo3Wallet(wallet), nil -} diff --git a/go.mod b/go.mod index e9ed692..697ce1f 100644 --- a/go.mod +++ b/go.mod @@ -10,8 +10,8 @@ require ( github.com/google/uuid v1.2.0 github.com/gorilla/mux v1.8.0 github.com/nspcc-dev/neo-go v0.98.0 - github.com/nspcc-dev/neofs-api-go/v2 v2.11.1 - github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644 + github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac + github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3 github.com/prometheus/client_golang v1.11.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.7.1 diff --git a/go.sum b/go.sum index 437565a..bda0b18 100644 --- a/go.sum +++ b/go.sum @@ -276,15 +276,15 @@ github.com/nspcc-dev/neo-go v0.73.1-pre.0.20200303142215-f5a1b928ce09/go.mod h1: github.com/nspcc-dev/neo-go v0.98.0 h1:yyW4sgY88/pLf0949qmgfkQXzRKC3CI/WyhqXNnwMd8= github.com/nspcc-dev/neo-go v0.98.0/go.mod h1:E3cc1x6RXSXrJb2nDWXTXjnXk3rIqVN8YdFyWv+FrqM= github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs= -github.com/nspcc-dev/neofs-api-go/v2 v2.11.1 h1:SVqc523pZsSaS9vnPS1mm3VV6b6xY0gvdA0uYJ/GWZQ= -github.com/nspcc-dev/neofs-api-go/v2 v2.11.1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs= +github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac h1:65C4z7pybLT2HjtY96abZj6kbgVp34AbrApn5DD+ZxY= +github.com/nspcc-dev/neofs-api-go/v2 v2.11.2-0.20220114101721-227a871a04ac/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs= github.com/nspcc-dev/neofs-crypto v0.2.0/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA= github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnBg0L4ifM= github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= -github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644 h1:AytMrbwumNIfjYcG1ng+OuEXTtBslya96UAYj/h+dTQ= -github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211228125935-3edaf9ecb644/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= +github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3 h1:Llot/7cnQwCfhSrnNLDhuYxKpX4Ay+xa6x7B1jI2eaU= +github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220121080144-596774ce5bd3/go.mod h1:fhs4v6uts7bEgwYP05NXbAQlQ0YhK4WVjJRKQKFKBxY= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=