* Skip APE check if a role is Container.
* Skip APE check if a role is IR and methods are get-like.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
`fmt.Errorf can be replaced with errors.New` and `fmt.Sprintf can be replaced with string addition`
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
* Remove removed flag in service.proto for RemoveChainLocalOverrideResponse.
* Regenerate control API.
* Return error only if RemoveOverride returns non-NotFound code.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* If APE check returns NoRuleFound, then it is taken for request deny.
* Add more unit-test for ape container middleware.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Soft APE check means that APE should allow request even
it gets status NoRuleFound for a request. Otherwise,
it is interpreted as Deny.
* Soft APE check is performed if basic ACL mask is not set.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
There may be a race condition between put an object and
flushing the writecache:
1. Put object to the writecache
2. Writecache flushes object to the blobstore and sets blobstore's
storageID
3. Put object to the metabase, set writecache's storageID
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Initial prefetch size can be arbitrary an restricted only by VM/RPC
limits. For TraverseIterator() there is an explicit check on the
server-side, though.
Introduced in df055fead5.
Refs #931.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Proxy contract can now be used as an owner of NNS domains, thus we need
it not only to pay for the transaction but also to check domain
ownership. CalledByEntry is not enough, because we may register NNS
domains owned by proxy indirectly from the container contract.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Most of the time it exits, e.g. when it is per-container and use on each
object PUT. Bbolt implementation first tries to create bucket and then
returns it if it exists. Create operation uses cursor and thus is not
very lightweight, we can avoid it.
```
goos: linux
goarch: amd64
pkg: git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/metabase
cpu: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
│ old │ new │
│ sec/op │ sec/op vs base │
Put/parallel-8 174.4µ ± 3% 163.3µ ± 3% -6.39% (p=0.000 n=10)
Put/sequential-8 263.3µ ± 2% 259.0µ ± 1% -1.64% (p=0.000 n=10)
geomean 214.3µ 205.6µ -4.05%
│ old │ new │
│ B/op │ B/op vs base │
Put/parallel-8 275.3Ki ± 3% 281.1Ki ± 4% ~ (p=0.063 n=10)
Put/sequential-8 413.0Ki ± 2% 426.6Ki ± 2% +3.29% (p=0.003 n=10)
geomean 337.2Ki 346.3Ki +2.70%
│ old │ new │
│ allocs/op │ allocs/op vs base │
Put/parallel-8 678.0 ± 1% 524.5 ± 2% -22.64% (p=0.000 n=10)
Put/sequential-8 1.329k ± 0% 1.183k ± 0% -10.91% (p=0.000 n=10)
geomean 949.1 787.9 -16.98%
```
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Unless tested, generic version can start gaining bugs. With a separate
build tag we can have the best of both worlds:
1. Use optimized implementation for linux by default.
2. Run tests or benchmarks for both. Note that they are not actually
run automatically now, but this is at leas possible.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
It is not a part of FSTree itself, but rather a way to solve concurrent
counter update on non-linux implementations. New linux implementations
is pretty simple: link fails when the file exists, unlink fails when the
file doesn't exist.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Metabase test relied on this behaviour, so fix the test too.
Cherry-picking was hard and did too many conflicts,
here is an original PR:
https://github.com/nspcc-dev/neofs-node/pull/2624
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
It may be required to evacuate only objects or only tree or all, so
now it spossible to specify.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
We already provide the pool and this argument is used only for
preallocation. No functional changes.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
GC inhumes expired locks and tombstones on all the shards.
So it could be GC mark without object.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
ContainersOf() is better in almost every aspect, besides creating a
session when the containers number is between 1024 and 2048 (prefetch
script does limited unwrapping). Making List() private helps to ensure
it is no longer used and can be safely removed in future.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
processObject() returns 3 types of errors: container not found errors,
could not get container error and placement vector building error. Every
error will occur for all objects in container simultaneously, so we can
log each error once and safely ignore the rest.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
* Those methods that can access already existing containers and thus
can get container properties should read namespace from Zone
property. If Zone is not set, take a namespace for root.
* Otherwise, define namespaces by owner ID via frostfs-id contract.
* Improve unit-tests, consider more cases.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
If metric value hasn't changed, but we update metric, then
non existed metric will apear with zero value.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Besides VM stack item limit we also have restrictions on the size of
JSON for a stackitem, which is 128k. This limit is much harder to
calculate, because JSON representation includes type and the encoding is
different for different items. Thus is makes no sense to invent our own
default, so use the one provided by neo-go. But for container listing we
know exactly what we process, so use big enough value, which is tested.
Introduced in be8607a1f6.
Refs #902
Refs https://github.com/nspcc-dev/neo-go/blob/v0.105.0/pkg/vm/stackitem/json.go#L353
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Previously, the check was in place only when session token was missing.
Format validator checks are applied only to fully-prepared object, so
this lead to the following situation:
1. Object is put locally with malformed token, because there are no
checks.
2. Object cannot be replicated, because the token is malformed.
This is now fixed and token check is done before any payload receival.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Introduce switch rpc guarded rpc actor in morph client
to prevent using invalidated rpc actor when RPC switch
happens.
* Initialize NewContractStorage with SwitchRPCGuardedActor.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Wrap all APE middleware errors in apeErr that
makes errors more explicit with status AccessDenied.
* Use denyingRuleErr for denying status from chain router.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Get range can perform GET request, so this request must be done
from container node to not to get access denied error.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
When the number of items to iterate over is less than 2048, there is no
need to create a session and consume resources.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
