From 04c5b65ad5d10bcadcdd02e4004ff3a2118b2e80 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Wed, 31 Jul 2024 11:56:54 +0300
Subject: [PATCH] [#16] Allow to configure several sources

Allow to explicitly specify which credential source use

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 cmd/s3-lifecycler/app.go      |  6 +---
 cmd/s3-lifecycler/settings.go | 24 ++++++++++++-
 config/config.env             |  1 +
 config/config.yaml            | 12 ++++---
 docs/configuration.md         | 63 +++++++++++++++++++++++------------
 internal/logs/logs.go         |  1 +
 6 files changed, 74 insertions(+), 33 deletions(-)

diff --git a/cmd/s3-lifecycler/app.go b/cmd/s3-lifecycler/app.go
index 5848429..7a92268 100644
--- a/cmd/s3-lifecycler/app.go
+++ b/cmd/s3-lifecycler/app.go
@@ -8,7 +8,6 @@ import (
 	"syscall"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
@@ -89,10 +88,7 @@ func (a *App) init(ctx context.Context) {
 		a.log.Fatal(logs.FailedToInitMorphClient, zap.Error(err))
 	}
 
-	credSource, err := walletsource.New(fetchWalletsCredentials(a.cfg, a.log))
-	if err != nil {
-		a.log.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
-	}
+	credSource := fetchCredentialSource(a.cfg, a.log)
 
 	frostfsidContract, err := resolver.ResolveContractHash(cli, a.cfg.GetString(cfgMorphContractFrostfsID))
 	if err != nil {
diff --git a/cmd/s3-lifecycler/settings.go b/cmd/s3-lifecycler/settings.go
index b69e10a..6b1d94c 100644
--- a/cmd/s3-lifecycler/settings.go
+++ b/cmd/s3-lifecycler/settings.go
@@ -10,6 +10,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	neogoflags "github.com/nspcc-dev/neo-go/cli/flags"
@@ -52,7 +53,8 @@ const (
 	cfgMorphContractContainer            = "morph.contract.container"
 
 	// Credential source.
-	cfgCredentialSourceWalletsPrefixTmpl     = "credential_source.wallets.%d."
+	cfgCredentialUse                         = "credential.use"
+	cfgCredentialSourceWalletsPrefixTmpl     = "credential.source.wallets.%d."
 	cfgCredentialSourceWalletsPathTmpl       = cfgCredentialSourceWalletsPrefixTmpl + "path"
 	cfgCredentialSourceWalletsAddressTmpl    = cfgCredentialSourceWalletsPrefixTmpl + "address"
 	cfgCredentialSourceWalletsPassphraseTmpl = cfgCredentialSourceWalletsPrefixTmpl + "passphrase"
@@ -477,3 +479,23 @@ func fetchLifecycleServices(v *viper.Viper) (keys.PublicKeys, error) {
 
 	return result, nil
 }
+
+func fetchCredentialSource(v *viper.Viper, l *zap.Logger) lifecycle.CredentialSource {
+	credUse := v.GetString(cfgCredentialUse)
+
+	var (
+		err        error
+		credSource lifecycle.CredentialSource
+	)
+
+	switch credUse {
+	case "wallets":
+		if credSource, err = walletsource.New(fetchWalletsCredentials(v, l)); err != nil {
+			l.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
+		}
+	default:
+		l.Fatal(logs.UnknownCredentialSource, zap.String(cfgCredentialUse, credUse))
+	}
+
+	return credSource
+}
diff --git a/config/config.env b/config/config.env
index fda537e..b7799e7 100644
--- a/config/config.env
+++ b/config/config.env
@@ -32,6 +32,7 @@ S3_LIFECYCLER_MORPH_CONTRACT_FROSTFSID=frostfsid.frostfs
 S3_LIFECYCLER_MORPH_CONTRACT_CONTAINER=container.frostfs
 
 # Credential source
+S3_LIFECYCLER_CREDENTIAL_USE=wallets
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PATH=/path/to/user/wallet.json
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PASSPHRASE=""
diff --git a/config/config.yaml b/config/config.yaml
index bc3d598..8b92c42 100644
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -33,11 +33,13 @@ morph:
     frostfsid: frostfsid.frostfs
     container: container.frostfs
 
-credential_source:
-  wallets:
-    - path: /path/to/wallet.json
-      address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
-      passphrase: ""
+credential:
+  use: wallets
+  source:
+    wallets:
+      - path: /path/to/wallet.json
+        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
+        passphrase: ""
 
 lifecycle:
   job_fetcher_buffer: 1000
diff --git a/docs/configuration.md b/docs/configuration.md
index 0a24eaa..684d1c0 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -4,16 +4,16 @@ This section contains detailed FrostFS S3 Lifecycler component configuration des
 
 # Structure
 
-| Section             | Description                                                  |
-|---------------------|--------------------------------------------------------------|
-| `wallet`            | [Wallet configuration](#wallet-section)                      |
-| `logger`            | [Logger configuration](#logger-section)                      |
-| `pprof`             | [Pprof configuration](#pprof-section)                        |
-| `prometheus`        | [Prometheus configuration](#prometheus-section)              |
-| `morph`             | [Morph configuration](#morph-section)                        |
-| `credential_source` | [Credential source configuration](#credentialsource-section) |
-| `lifecycle`         | [Lifecycle configuration](#lifecycle-section)                |
-| `frostfs`           | [FrostFS configuration](#frostfs-section)                    |
+| Section             | Description                                            |
+|---------------------|--------------------------------------------------------|
+| `wallet`            | [Wallet configuration](#wallet-section)                |
+| `logger`            | [Logger configuration](#logger-section)                |
+| `pprof`             | [Pprof configuration](#pprof-section)                  |
+| `prometheus`        | [Prometheus configuration](#prometheus-section)        |
+| `morph`             | [Morph configuration](#morph-section)                  |
+| `credential_source` | [Credential source configuration](#credential-section) |
+| `lifecycle`         | [Lifecycle configuration](#lifecycle-section)          |
+| `frostfs`           | [FrostFS configuration](#frostfs-section)              |
 
 ### Reload on SIGHUP
 
@@ -121,24 +121,43 @@ morph:
 | `contract.frostfsid`           | `string`   | no            | `frostfsid.frostfs` | FrostfsID contract hash (LE) or name in NNS. This contract is used to get all users to process their containers. |
 | `contract.container`           | `string`   | no            | `container.frostfs` | Container contract hash (LE) or name in NNS.                                                                     |
 
-# `credential_source` section
+# `credential` section
 
 Contains configuration for the source of user private keys (credentials).
 
 ```yaml
-credential_source:
-  wallets:
-    - path: /path/to/wallet.json
-      address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
-      passphrase: ""
+credential:
+  use: wallets
+  source:
+    wallets:
+      - path: /path/to/wallet.json
+        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
+        passphrase: ""
 ```
 
-| Parameter            | Type     | SIGHUP reload | Default value | Description                                                     |
-|----------------------|----------|---------------|---------------|-----------------------------------------------------------------|
-| `wallets`            |          |               |               | Source of user private keys as wallets files on filesystem.     |
-| `wallets.path`       | `string` | no            |               | Path to wallet on filesystem.                                   |
-| `wallets.address`    | `string` | no            |               | Account address in wallet. If omitted default one will be used. |
-| `wallets.passphrase` | `string` | no            |               | Passphrase to decrypt wallet.                                   |
+| Parameter | Type     | SIGHUP reload | Default value | Description                   |
+|-----------|----------|---------------|---------------|-------------------------------|
+| `use`     | `string` | no            |               | Name of source to use.        |
+| `source`  | `map`    | no            |               | Available credential sources. |
+
+## `wallets` subsection
+
+Source of user private keys as wallets files on filesystem.
+
+```yaml
+credential:
+  source:
+    wallets:
+      - path: /path/to/wallet.json
+        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
+        passphrase: ""
+```
+
+| Parameter    | Type     | SIGHUP reload | Default value | Description                                                     |
+|--------------|----------|---------------|---------------|-----------------------------------------------------------------|
+| `path`       | `string` | no            |               | Path to wallet on filesystem.                                   |
+| `address`    | `string` | no            |               | Account address in wallet. If omitted default one will be used. |
+| `passphrase` | `string` | no            |               | Passphrase to decrypt wallet.                                   |
 
 # `lifecycle` section
 
diff --git a/internal/logs/logs.go b/internal/logs/logs.go
index 868dc07..2bc94b9 100644
--- a/internal/logs/logs.go
+++ b/internal/logs/logs.go
@@ -63,4 +63,5 @@ const (
 	AddDeleteMarker                         = "add delete marker"
 	DeleteObjectVersionFromTree             = "delete object version from tree"
 	EpochMismatched                         = "epoch mismatched"
+	UnknownCredentialSource                 = "unknown credential source to use"
 )