Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.
Cover `Validator.VerifyAndUpdate` method with unit tests.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.
Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:
* NBF value is gt the current epoch;
* IAT is gt the current epoch;
* EXP is le the current epoch.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `owner.ID.Equal` signature was
implemented.
Replace the comparison of string representations with `Equal` method call
and remove related TODOs.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `Token.Verify` signature was implemented.
Replace previous version-casting approach with new method call in token
signature check stage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers
Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:
- token owner should be the owner of the related container;
- the intent must be signed with a session key;
- the power of attorney must be signed by the owner of the container.
Omitted checks (TBD):
- session token should have container session context;
- the verb of the context should correspond to the operation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved removed container ID should be stored in sidechain along with
related session token.
Forward session token from `Delete` event to `Wrapper.Delete` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Delete` method of latest `Container` contract accepts binary session token
as an argument.
Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved eACL table should be stored in sidechain along with related session
token.
Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.
Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved container should be stored in sidechain along with related session
token.
Forward session token from `Put` event to `Wrapper.Put` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Put` method of latest `Container` contract accepts binary session token as
an argument.
Provide `PutArgs.SetSessionToken` method. Accept session token as a `[]byte`
in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session token
from container in `wrapper.Put` function and pass it to the method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Owner identifier can be calculated from public key. If it matches, no
additional verification of key ownership is required.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.
Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `Delete` method on the wrapper over the Container contract's client
directly from `Processor.approveDeleteContainer`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `Put` method on the wrapper over the Container contract's client
directly from `Processor.approvePutContainer`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Split up `processContainerPut` and `processContainerDelete` methods of
container `Processor` into two sub-methods: checking the event and its
assertion.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Morph event structures defined in `pkg/morph/event` should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side.
Change data type of `Put.PublicKey` return to byte slice. `ParsePut` doesn't
unmarshal public key from now.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `setEACL` notification event parser (handler) to the return of the
`ListenerParsers` (`ListenerHandlers`) method. Read address of NeoFS ID
contract from `contracts.neofsid` config. Implement `NewNeoFSIDClient`
constructor in `invoke` package and use it in IR application.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Pre-allocate slices for a known number of elements. Use single `ParserInfo`
/ `HandlerInfo` variable in order to set Container contracts's address once
and change only values that differ between events.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
To enable TLS support we can't operate with IP addresses directly.
Certificates are issued with host names so it is required to
pass them into RPC client. DNS resolving should be done by transport
layer and not be a part of node. Therefore `IPAddrString` usage is
removed from code.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
For N3 Testnet RC2 release inner ring app supports three modes:
- notary enabled in all chains (default),
- notary disabled in all chains,
- notary enabled only in side chain.
All notary related functions are moved to notary.go
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Processors that use `invoke` package to make chain invocation should provide
fee config and client with enabled or disabled notary support. If notary
support is disabled, then functions from `invoke` package will perform
ordinary method invocation with extra fee.
Processors that use `morph/client` wrappers should check `notaryDisabled`
flag to call corresponding wrapper function.
Netmap processor omits some actions during validator syncronization
if notary is disabled.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
When notary disabled, inner ring should be able to
configure extra fee for vote collections inside the
contracts. Previously these values were hardcoded,
however we might want to change them depending on
a environment.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With `mainnet.notary_deposit=false` inner ring will ignore
notary deposit \ awaiting routines in the application start,
so it can run on the environments without notary support.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Alphabet nodes synchronize list of alphabet keys from main chain
`NeoFSAlphabet` role once per epoch. This can lead to a wrong behavior in
single chain deployment (`without_mainnet` config parameter). Alphabet node
in single chain environment will try to get NeoFSAlphabet role from main
chain client, but it'll get result from side chain instead. Side chain
stores list of all inner ring nodes in this role. Therefore it is possible
that alphabet nodes will try to appoint inner ring nodes as alphabet nodes,
which is not correct.
Fix incorrect behavior with disabling of synchronization of alphabet keys in
sidechain-only mode.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Mint, Burn and Cheque details should contain hash of
main net tx of Deposit and Withdraw invocation. They will
be formatted inside the contracts so alphabet nodes must
not modify them.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Unified format uses transfer type as the first byte
and extra details next. List of transfer types used in
contracts defined in `details.go`. It includes:
- audit settlement,
- basic income collection,
- basic income distribution.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Extra blocks for notary deposit must not be less than extra blocks
at notary tx rounding.
Consider you make notary deposit every 1000 block for next
1100 blocks. At block 555 you made notary deposit up to 1655.
At block 1554 you want to send notary tx. Notary client uses rounding
to calculate `until` value. By default notary client rounds with up
to 150 block ahead, thus for tx at 1554 `until` will be 1700.
1700 is bigger than deposit limit at 1655 and tx will fail. However
if extra blocks for notary deposit will be 200, then this case
won't be possible.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Alias type provide sort function so it is better to use it
everywhere where list of public keys is presented.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This method has been removed from netmap contract. Corresponding
event from neofs contract renamed to AlphabetUpdate and should not
be processed, because alphabet updated from `RoleManagement`
contract.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Replace usage of `cache.ClientCache` type with interface with similar
signature. This will further allow overloading clients without affecting the
logic of dependent packages.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
On the `Deposit` events add gas balance check.
Make transfer only if the balance is greater
than the `GasTransferThreshold` that is defined
with environmental variable.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Because options are not used when client is already in cache
providing them to shared cache is misleading at best.
In the worst case `dial_timeout` is set randomly (because of race
condition) which can lead to one service having `dial_timeout` of
another. Thus we set default client creation options when cache is
created.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Previously UN-LOCODE attribute was required for each network map candidate.
In the absence of this attribute, the candidate was not allowed into the
network map. After revising the requirements for candidates, it was decided
not to require the mandatory installation of the attribute by candidates.
From now inner ring does not modify location attributes of the network map
candidate in the absence of UN-LOCODE attribute and does not block entry
into the network map for this criterion.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
NeoFS contract can be deployed in sidechain instead of main chain.
Add `without_mainnet` config flag that can switch IR node to work with
sidechain only. By default this flag is unset.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation IR worked with exactly 7 alphabetic contracts
only. Actually number of contracts is limited to only the Glagolitic
alphabet.
Make IR to work with any valid number of alphabetic contracts. Change parser
of alphabetic contract addresses to read amount of processing contracts
before performance. Make Alphabet processor to use interface of the
alphabetic contract group. Use `alphabetContracts` type in IR `Server`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `alphabetContracts` type that map glagolic letters to smart contract
addresses. Implement constructor and all methods which are going to be used
in IR processing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `glagolicLetter` enumeration of the Glagolitsa alphabet letters.
Implement `configString` method that returns config-compatible string format
of the letters.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is no need to specify that IR indices are 32 bits in size.
Change return types of `Indexer` interface methods in audit and alphabet
packages. Support interface changes in `Server` implementation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
All node info attribute transformations can't guarantee
the order of attributes. However it should be consistent
otherwise smart-contract won't be able to collect signatures
and approve transaction.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Node info validator may change node attributes, e.g. update
it with human-readable location attributes based on LOCODE.
So inner ring node should provide new node info binary to
smart contract.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Inner ring Server does not modify LOCODE database (Put method), thus it is
better to open it in RO mode.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement DB interface required by LOCODE validator on new wrapper over the
LOCODE Bolt DB (Record on new wrapper over LOCODE Bolt DB entries).
Construct LOCODE validator and pass it to Netmap processor's constructor as
NodeValidator parameter.
Thus, candidates for a network map must set LOCODE attribute for which there
is an entry in the NeoFS location database.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Keep list of functions which are called first when the server starts (method
Server.Start). If any of the starters returns an error, the server will not
start. Such starters will mainly be used for resources that need to be
initialized after a successful server construction, but before its main work
(e.g. local files).
Keep list of functions which are called when the server stops (Server.Stop
method). Such closers will mainly be used for resources that need to be
released after server shutdown (e.g. initialized by starters).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define a structure for dealing with the geographic location of nodes.
Implement VerifyAndUpdate (with the same purpose as NodeValidator interface)
that checks LOCODE attribute and fills other attributes of the location.
Technically the entity is a wrapper over the NeoFS location database: it
maps the node LOCODE to the database record from which the new attributes
are generated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define NodeValidator interface of the entity that checks and finalizes
NodeInfo structure. Add NodeValidator to Netmap processor. Pass NodeInfo
structures of network map candidates to NodeValidator in order to verify it
and prepare to final state required by network.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Check if `new(big.Int)` will be efficient later and replace
all `big.NewInt()` in code or leave it as it is.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
TxTable used twice in context to transfer assets to
and from banking account. There is no need to store
instance of table persistently.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Some transfers from container owners into bank account may
fail due to lack of assets, so we have to deal with remaining
amount of assets in banking account.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Basic settlement context is a main structure that
implement logic of basic settlement phases: collecting
assets from container owners and then distributing them
to storage nodes.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
There are two notifications:
- start estimation notification produced at the beginning of the
epoch,
- stop estimation notifications should be produced before
basic audit settlement starts.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This small refactoring adds `blocktimer.go` file with
all timer related function and constructors. This way
we can create all timers in one place (at the end of
innerring.Server constructor).
To do that we had to move timer reset into global
server state so it can be accessed by netmap
processor.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
There is no point of making separate `Fee` and `NoFee`
wrappers because all reading operations are free disregarding
of fee value in static client. However we can use these same
wrappers so send transaction.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Pass handler of audit settlement event to netmap event processor. Generate
AuditEvent in during new epoch processing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define a processor of events related to monetary transactions. Define
audit-related event. Provide an interface for processing the audit payout
event.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Use client with extraFee instead of readOnlyFee. Rename
NewNoFeeBalanceClient to NewBalanceClient since no-fee client is no longer
used.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Do not pass zero transfers from the calculation table to Exchanger. Revert
transfers with negative amount since Exchanger interface requires positive
amounts of funds.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Move control of the minimum cost of payment for the audit from the
implementation of the Exchanger to the place where the amount is calculated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Calculate payments to storage nodes for the passed audit when changing the
epoch. The calculation results are wrapped in a call to the Balance contract
(one transaction per user-to-user transfer).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement component that analyzes audit results and generates transactions
for payment of awards for successfully passed audit. When calculating the
total fee, the declared price of the node (attribute) and the total volume
of storage groups, which were successfully audited by the container, are
taken into account. In one call the calculator processes all audit results
for the previous epoch (relative to the calculated parameter).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation handler was not called more the one time after
Reset. It was caused by tick counter not being reset inside Reset method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Listen to new blocks from mainnet until the required fix in neo-go lib is
released (https://github.com/nspcc-dev/neo-go/pull/1687).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call handler of the fractional block interval once between base interval
ticks by default. Add option to call handler of fractional block interval
multiple times (N times if fractional interval == BASE_INTERVAL / N).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Pivot used to shuffle nodes in the CRUSH tree. This is
required argument. We use container ID value to select
container nodes, so `nil` value produces incorrect placements.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Netmap snapshot table caches bootstrap `AddPeer` txs so inner ring
node does not produce redundant approval txs for bootstrapped nodes.
However if node updates states to `Offline`, then such node should
be flagged in snapshot table, so re-bootstrap will actually produce
approval tx.
`ev.PublicKey.String()` returns uncompressed representation of the
node's public key, while snapshot contains compressed values.
Therefore the node was not flagged and re-bootstrap tx was not
approved by inner ring nodes.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
We can't use enum values from SDK library directly, they can be
different from API specification. Therefore we need to convert them
into protocol level format.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Audit task manager should not discard tasks if all workers are
busy, therefore pools should not be non-blocking.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Add numeric return from TaskManager.Reset method that shows the number of
canceled tasks. This values will be used for assessment of the progress of
the audit.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define interface of the container communicator which methods are going to be
used in audit checks. Make innerring Server to implement this interface.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement Reset method on audit task manager that cleans task queue.
Extended TaskManager interface with Reset method on IR side. Call Reset
method in audit processor before new audit start.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Now alphabet contracts use signature collection to make
a vote. All inner ring nodes votes for some list of validators
the same way as they vote fore new epoch or new container.
As soon as list is accepted by alphabet contracts, each of them
votes for one candidate from the list.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With this argument neofs-ir will be run as an CLI
application that initialize inner ring server, invokes
`vote` method on corresponding alphabet contract and
exits.
User can provide a comma-separated list of validator
public keys.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This function calculates validator key based on inner ring index
and invokes `Vote` method of corresponding alphabet contract.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Refactored pkg/netmap package provides JSON converters for
NodeInfo and PlacementPolicy structures, that has been used
by client applications.
It also updates Node structure itself so it is a part of
grpc <-> v2 <-> pkg conversion chain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
With neo-project/neo-modules#358 nodes support RPC to
return used magic number. Therefore client doesn't need
that configuration value any more.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
There is an optimization to send ApprovePeer tx only in
case if `touch` returns false. It returns false if node
is not in the cache or it was flagged to removal.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>