[#16] Allow to configure several sources

Allow to explicitly specify which credential source use Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-07-31 11:56:54 +03:00 · 2024-07-31 11:56:54 +03:00 · 04c5b65ad5
commit 04c5b65ad5
parent b3374bb565
6 changed files with 74 additions and 33 deletions
--- a/cmd/s3-lifecycler/app.go
+++ b/cmd/s3-lifecycler/app.go
@ -8,7 +8,6 @@ import (
 	"syscall"

 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
@ -89,10 +88,7 @@ func (a *App) init(ctx context.Context) {
 		a.log.Fatal(logs.FailedToInitMorphClient, zap.Error(err))
 	}

-	credSource, err := walletsource.New(fetchWalletsCredentials(a.cfg, a.log))
-	if err != nil {
-		a.log.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
-	}
+	credSource := fetchCredentialSource(a.cfg, a.log)

 	frostfsidContract, err := resolver.ResolveContractHash(cli, a.cfg.GetString(cfgMorphContractFrostfsID))
 	if err != nil {
--- a/cmd/s3-lifecycler/settings.go
+++ b/cmd/s3-lifecycler/settings.go
@ -10,6 +10,7 @@ import (

 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	neogoflags "github.com/nspcc-dev/neo-go/cli/flags"
@ -52,7 +53,8 @@ const (
 	cfgMorphContractContainer            = "morph.contract.container"

 	// Credential source.
-	cfgCredentialSourceWalletsPrefixTmpl     = "credential_source.wallets.%d."
+	cfgCredentialUse                         = "credential.use"
+	cfgCredentialSourceWalletsPrefixTmpl     = "credential.source.wallets.%d."
 	cfgCredentialSourceWalletsPathTmpl       = cfgCredentialSourceWalletsPrefixTmpl + "path"
 	cfgCredentialSourceWalletsAddressTmpl    = cfgCredentialSourceWalletsPrefixTmpl + "address"
 	cfgCredentialSourceWalletsPassphraseTmpl = cfgCredentialSourceWalletsPrefixTmpl + "passphrase"
@ -477,3 +479,23 @@ func fetchLifecycleServices(v *viper.Viper) (keys.PublicKeys, error) {

 	return result, nil
 }
+
+func fetchCredentialSource(v *viper.Viper, l *zap.Logger) lifecycle.CredentialSource {
+	credUse := v.GetString(cfgCredentialUse)
+
+	var (
+		err        error
+		credSource lifecycle.CredentialSource
+	)
+
+	switch credUse {
+	case "wallets":
+		if credSource, err = walletsource.New(fetchWalletsCredentials(v, l)); err != nil {
+			l.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
+		}
+	default:
+		l.Fatal(logs.UnknownCredentialSource, zap.String(cfgCredentialUse, credUse))
+	}
+
+	return credSource
+}
--- a/config/config.env
+++ b/config/config.env
@ -32,6 +32,7 @@ S3_LIFECYCLER_MORPH_CONTRACT_FROSTFSID=frostfsid.frostfs
 S3_LIFECYCLER_MORPH_CONTRACT_CONTAINER=container.frostfs

 # Credential source
+S3_LIFECYCLER_CREDENTIAL_USE=wallets
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PATH=/path/to/user/wallet.json
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
 S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PASSPHRASE=""
--- a/config/config.yaml
+++ b/config/config.yaml
@ -33,7 +33,9 @@ morph:
    frostfsid: frostfsid.frostfs
    container: container.frostfs

-credential_source:
+credential:
+  use: wallets
+  source:
    wallets:
      - path: /path/to/wallet.json
        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -5,13 +5,13 @@ This section contains detailed FrostFS S3 Lifecycler component configuration des
 # Structure

 | Section             | Description                                            |
-|---------------------|--------------------------------------------------------------|
+|---------------------|--------------------------------------------------------|
 | `wallet`            | [Wallet configuration](#wallet-section)                |
 | `logger`            | [Logger configuration](#logger-section)                |
 | `pprof`             | [Pprof configuration](#pprof-section)                  |
 | `prometheus`        | [Prometheus configuration](#prometheus-section)        |
 | `morph`             | [Morph configuration](#morph-section)                  |
-| `credential_source` | [Credential source configuration](#credentialsource-section) |
+| `credential_source` | [Credential source configuration](#credential-section) |
 | `lifecycle`         | [Lifecycle configuration](#lifecycle-section)          |
 | `frostfs`           | [FrostFS configuration](#frostfs-section)              |

@ -121,12 +121,14 @@ morph:
 | `contract.frostfsid`           | `string`   | no            | `frostfsid.frostfs` | FrostfsID contract hash (LE) or name in NNS. This contract is used to get all users to process their containers. |
 | `contract.container`           | `string`   | no            | `container.frostfs` | Container contract hash (LE) or name in NNS.                                                                     |

-# `credential_source` section
+# `credential` section

 Contains configuration for the source of user private keys (credentials).

 ```yaml
-credential_source:
+credential:
+  use: wallets
+  source:
    wallets:
      - path: /path/to/wallet.json
        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
@ -134,11 +136,28 @@ credential_source:
 ```

 | Parameter | Type     | SIGHUP reload | Default value | Description                   |
-|----------------------|----------|---------------|---------------|-----------------------------------------------------------------|
-| `wallets`            |          |               |               | Source of user private keys as wallets files on filesystem.     |
-| `wallets.path`       | `string` | no            |               | Path to wallet on filesystem.                                   |
-| `wallets.address`    | `string` | no            |               | Account address in wallet. If omitted default one will be used. |
-| `wallets.passphrase` | `string` | no            |               | Passphrase to decrypt wallet.                                   |
+|-----------|----------|---------------|---------------|-------------------------------|
+| `use`     | `string` | no            |               | Name of source to use.        |
+| `source`  | `map`    | no            |               | Available credential sources. |
+
+## `wallets` subsection
+
+Source of user private keys as wallets files on filesystem.
+
+```yaml
+credential:
+  source:
+    wallets:
+      - path: /path/to/wallet.json
+        address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
+        passphrase: ""
+```
+
+| Parameter    | Type     | SIGHUP reload | Default value | Description                                                     |
+|--------------|----------|---------------|---------------|-----------------------------------------------------------------|
+| `path`       | `string` | no            |               | Path to wallet on filesystem.                                   |
+| `address`    | `string` | no            |               | Account address in wallet. If omitted default one will be used. |
+| `passphrase` | `string` | no            |               | Passphrase to decrypt wallet.                                   |

 # `lifecycle` section

--- a/internal/logs/logs.go
+++ b/internal/logs/logs.go
@ -63,4 +63,5 @@ const (
 	AddDeleteMarker                         = "add delete marker"
 	DeleteObjectVersionFromTree             = "delete object version from tree"
 	EpochMismatched                         = "epoch mismatched"
+	UnknownCredentialSource                 = "unknown credential source to use"
 )