forked from TrueCloudLab/frostfs-sdk-go
[#276] container: Remove session token and signature from Container/eACL
Session token and signature isn't presented in `Container` and `EACLTable` messages of NeoFS API V2 protocol. These entities are needed for access control and doesn't carry payload of these messages. Remove `SetSessionToken` / `SessionToken` methods of `container.Container` and `eacl.Table` types. Provide methods to specify these components in corresponding `Client` operations. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
e986f47807
commit
721df386c5
6 changed files with 74 additions and 131 deletions
|
@ -24,6 +24,9 @@ type PrmContainerPut struct {
|
|||
|
||||
cnrSet bool
|
||||
cnr container.Container
|
||||
|
||||
sessionSet bool
|
||||
session session.Container
|
||||
}
|
||||
|
||||
// SetContainer sets structured information about new NeoFS container.
|
||||
|
@ -33,6 +36,19 @@ func (x *PrmContainerPut) SetContainer(cnr container.Container) {
|
|||
x.cnrSet = true
|
||||
}
|
||||
|
||||
// WithinSession specifies session within which container should be saved.
|
||||
//
|
||||
// Creator of the session acquires the authorship of the request. This affects
|
||||
// the execution of an operation (e.g. access control).
|
||||
//
|
||||
// Session is optional, if set the following requirements apply:
|
||||
// - session operation MUST be session.VerbContainerPut (ForVerb)
|
||||
// - token MUST be signed using private key of the owner of the container to be saved
|
||||
func (x *PrmContainerPut) WithinSession(s session.Container) {
|
||||
x.session = s
|
||||
x.sessionSet = true
|
||||
}
|
||||
|
||||
// ResContainerPut groups resulting values of ContainerPut operation.
|
||||
type ResContainerPut struct {
|
||||
statusRes
|
||||
|
@ -104,9 +120,9 @@ func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResCon
|
|||
var meta v2session.RequestMetaHeader
|
||||
prm.prmCommonMeta.writeToMetaHeader(&meta)
|
||||
|
||||
if tok := prm.cnr.SessionToken(); tok != nil {
|
||||
if prm.sessionSet {
|
||||
var tokv2 v2session.Token
|
||||
tok.WriteToV2(&tokv2)
|
||||
prm.session.WriteToV2(&tokv2)
|
||||
|
||||
meta.SetSessionToken(&tokv2)
|
||||
}
|
||||
|
@ -241,26 +257,6 @@ func (c *Client) ContainerGet(ctx context.Context, prm PrmContainerGet) (*ResCon
|
|||
|
||||
cnr := container.NewContainerFromV2(body.GetContainer())
|
||||
|
||||
tokv2 := body.GetSessionToken()
|
||||
if tokv2 != nil {
|
||||
var tok session.Container
|
||||
|
||||
// FIXME: (neofs-sdk-go#221) need to handle the error
|
||||
err := tok.ReadFromV2(*tokv2)
|
||||
if err == nil {
|
||||
cnr.SetSessionToken(&tok)
|
||||
}
|
||||
}
|
||||
|
||||
var sig *neofscrypto.Signature
|
||||
|
||||
if sigv2 := body.GetSignature(); sigv2 != nil {
|
||||
sig = new(neofscrypto.Signature)
|
||||
sig.ReadFromV2(*sigv2)
|
||||
}
|
||||
|
||||
cnr.SetSignature(sig)
|
||||
|
||||
res.setContainer(cnr)
|
||||
}
|
||||
|
||||
|
@ -589,26 +585,6 @@ func (c *Client) ContainerEACL(ctx context.Context, prm PrmContainerEACL) (*ResC
|
|||
|
||||
table := eacl.NewTableFromV2(body.GetEACL())
|
||||
|
||||
tokv2 := body.GetSessionToken()
|
||||
if tokv2 != nil {
|
||||
var tok session.Container
|
||||
|
||||
// FIXME: (neofs-sdk-go#221) need to handle the error
|
||||
err := tok.ReadFromV2(*tokv2)
|
||||
if err == nil {
|
||||
table.SetSessionToken(&tok)
|
||||
}
|
||||
}
|
||||
|
||||
var sig *neofscrypto.Signature
|
||||
|
||||
if sigv2 := body.GetSignature(); sigv2 != nil {
|
||||
sig = new(neofscrypto.Signature)
|
||||
sig.ReadFromV2(*sigv2)
|
||||
}
|
||||
|
||||
table.SetSignature(sig)
|
||||
|
||||
res.setTable(table)
|
||||
}
|
||||
|
||||
|
@ -626,6 +602,9 @@ type PrmContainerSetEACL struct {
|
|||
|
||||
tableSet bool
|
||||
table eacl.Table
|
||||
|
||||
sessionSet bool
|
||||
session session.Container
|
||||
}
|
||||
|
||||
// SetTable sets eACL table structure to be set for the container.
|
||||
|
@ -635,6 +614,22 @@ func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
|
|||
x.tableSet = true
|
||||
}
|
||||
|
||||
// WithinSession specifies session within which extended ACL of the container
|
||||
// should be saved.
|
||||
//
|
||||
// Creator of the session acquires the authorship of the request. This affects
|
||||
// the execution of an operation (e.g. access control).
|
||||
//
|
||||
// Session is optional, if set the following requirements apply:
|
||||
// - if particular container is specified (ApplyOnlyTo), it MUST equal the container
|
||||
// for which extended ACL is going to be set
|
||||
// - session operation MUST be session.VerbContainerSetEACL (ForVerb)
|
||||
// - token MUST be signed using private key of the owner of the container to be saved
|
||||
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
|
||||
x.session = s
|
||||
x.sessionSet = true
|
||||
}
|
||||
|
||||
// ResContainerSetEACL groups resulting values of ContainerSetEACL operation.
|
||||
type ResContainerSetEACL struct {
|
||||
statusRes
|
||||
|
@ -690,9 +685,9 @@ func (c *Client) ContainerSetEACL(ctx context.Context, prm PrmContainerSetEACL)
|
|||
var meta v2session.RequestMetaHeader
|
||||
prm.prmCommonMeta.writeToMetaHeader(&meta)
|
||||
|
||||
if tok := prm.table.SessionToken(); tok != nil {
|
||||
if prm.sessionSet {
|
||||
var tokv2 v2session.Token
|
||||
tok.WriteToV2(&tokv2)
|
||||
prm.session.WriteToV2(&tokv2)
|
||||
|
||||
meta.SetSessionToken(&tokv2)
|
||||
}
|
||||
|
|
|
@ -9,19 +9,13 @@ import (
|
|||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/acl"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/version"
|
||||
)
|
||||
|
||||
type Container struct {
|
||||
v2 container.Container
|
||||
|
||||
token *session.Container
|
||||
|
||||
sig *neofscrypto.Signature
|
||||
}
|
||||
|
||||
// New creates, initializes and returns blank Container instance.
|
||||
|
@ -185,28 +179,6 @@ func (c *Container) SetPlacementPolicy(v *netmap.PlacementPolicy) {
|
|||
c.v2.SetPlacementPolicy(m)
|
||||
}
|
||||
|
||||
// SessionToken returns token of the session within
|
||||
// which container was created.
|
||||
func (c Container) SessionToken() *session.Container {
|
||||
return c.token
|
||||
}
|
||||
|
||||
// SetSessionToken sets token of the session within
|
||||
// which container was created.
|
||||
func (c *Container) SetSessionToken(t *session.Container) {
|
||||
c.token = t
|
||||
}
|
||||
|
||||
// Signature returns signature of the marshaled container.
|
||||
func (c Container) Signature() *neofscrypto.Signature {
|
||||
return c.sig
|
||||
}
|
||||
|
||||
// SetSignature sets signature of the marshaled container.
|
||||
func (c *Container) SetSignature(sig *neofscrypto.Signature) {
|
||||
c.sig = sig
|
||||
}
|
||||
|
||||
// Marshal marshals Container into a protobuf binary form.
|
||||
func (c *Container) Marshal() ([]byte, error) {
|
||||
return c.v2.StableMarshal(nil), nil
|
||||
|
|
|
@ -9,7 +9,6 @@ import (
|
|||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
containertest "github.com/nspcc-dev/neofs-sdk-go/container/test"
|
||||
netmaptest "github.com/nspcc-dev/neofs-sdk-go/netmap/test"
|
||||
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
||||
usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/version"
|
||||
versiontest "github.com/nspcc-dev/neofs-sdk-go/version/test"
|
||||
|
@ -75,16 +74,6 @@ func TestContainerEncoding(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestContainer_SessionToken(t *testing.T) {
|
||||
tok := sessiontest.Container()
|
||||
|
||||
cnr := container.New()
|
||||
|
||||
cnr.SetSessionToken(tok)
|
||||
|
||||
require.Equal(t, tok, cnr.SessionToken())
|
||||
}
|
||||
|
||||
func TestContainer_ToV2(t *testing.T) {
|
||||
t.Run("nil", func(t *testing.T) {
|
||||
var x *container.Container
|
||||
|
@ -96,8 +85,6 @@ func TestContainer_ToV2(t *testing.T) {
|
|||
cnt := container.New()
|
||||
|
||||
// check initial values
|
||||
require.Nil(t, cnt.SessionToken())
|
||||
require.Nil(t, cnt.Signature())
|
||||
require.Nil(t, cnt.Attributes())
|
||||
require.Nil(t, cnt.PlacementPolicy())
|
||||
require.Nil(t, cnt.OwnerID())
|
||||
|
|
|
@ -7,8 +7,6 @@ import (
|
|||
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/version"
|
||||
)
|
||||
|
||||
|
@ -18,8 +16,6 @@ import (
|
|||
type Table struct {
|
||||
version version.Version
|
||||
cid *cid.ID
|
||||
token *session.Container
|
||||
sig *neofscrypto.Signature
|
||||
records []Record
|
||||
}
|
||||
|
||||
|
@ -60,28 +56,6 @@ func (t *Table) AddRecord(r *Record) {
|
|||
}
|
||||
}
|
||||
|
||||
// SessionToken returns token of the session
|
||||
// within which Table was set.
|
||||
func (t Table) SessionToken() *session.Container {
|
||||
return t.token
|
||||
}
|
||||
|
||||
// SetSessionToken sets token of the session
|
||||
// within which Table was set.
|
||||
func (t *Table) SetSessionToken(tok *session.Container) {
|
||||
t.token = tok
|
||||
}
|
||||
|
||||
// Signature returns Table signature.
|
||||
func (t Table) Signature() *neofscrypto.Signature {
|
||||
return t.sig
|
||||
}
|
||||
|
||||
// SetSignature sets Table signature.
|
||||
func (t *Table) SetSignature(sig *neofscrypto.Signature) {
|
||||
t.sig = sig
|
||||
}
|
||||
|
||||
// ToV2 converts Table to v2 acl.EACLTable message.
|
||||
//
|
||||
// Nil Table converts to nil.
|
||||
|
|
|
@ -8,7 +8,6 @@ import (
|
|||
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
|
||||
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/version"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
@ -92,15 +91,6 @@ func TestTableEncoding(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestTable_SessionToken(t *testing.T) {
|
||||
tok := sessiontest.Container()
|
||||
|
||||
table := eacl.NewTable()
|
||||
table.SetSessionToken(tok)
|
||||
|
||||
require.Equal(t, tok, table.SessionToken())
|
||||
}
|
||||
|
||||
func TestTable_ToV2(t *testing.T) {
|
||||
t.Run("nil", func(t *testing.T) {
|
||||
var x *eacl.Table
|
||||
|
@ -116,8 +106,6 @@ func TestTable_ToV2(t *testing.T) {
|
|||
require.Nil(t, table.Records())
|
||||
_, set := table.CID()
|
||||
require.False(t, set)
|
||||
require.Nil(t, table.SessionToken())
|
||||
require.Nil(t, table.Signature())
|
||||
|
||||
// convert to v2 message
|
||||
tableV2 := table.ToV2()
|
||||
|
|
43
pool/pool.go
43
pool/pool.go
|
@ -114,10 +114,7 @@ func (c *clientWrapper) balanceGet(ctx context.Context, prm PrmBalanceGet) (*acc
|
|||
}
|
||||
|
||||
func (c *clientWrapper) containerPut(ctx context.Context, prm PrmContainerPut) (*cid.ID, error) {
|
||||
var cliPrm sdkClient.PrmContainerPut
|
||||
cliPrm.SetContainer(prm.cnr)
|
||||
|
||||
res, err := c.client.ContainerPut(ctx, cliPrm)
|
||||
res, err := c.client.ContainerPut(ctx, prm.prmClient)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -184,6 +181,10 @@ func (c *clientWrapper) containerSetEACL(ctx context.Context, prm PrmContainerSe
|
|||
var cliPrm sdkClient.PrmContainerSetEACL
|
||||
cliPrm.SetTable(prm.table)
|
||||
|
||||
if prm.sessionSet {
|
||||
cliPrm.WithinSession(prm.session)
|
||||
}
|
||||
|
||||
if _, err := c.client.ContainerSetEACL(ctx, cliPrm); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -720,15 +721,26 @@ func (x *PrmObjectSearch) SetFilters(filters object.SearchFilters) {
|
|||
|
||||
// PrmContainerPut groups parameters of PutContainer operation.
|
||||
type PrmContainerPut struct {
|
||||
cnr container.Container
|
||||
prmClient sdkClient.PrmContainerPut
|
||||
|
||||
waitParams WaitParams
|
||||
waitParamsSet bool
|
||||
}
|
||||
|
||||
// SetContainer specifies structured information about new NeoFS container.
|
||||
// SetContainer container structure to be used as a parameter of the base
|
||||
// client's operation.
|
||||
//
|
||||
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.SetContainer.
|
||||
func (x *PrmContainerPut) SetContainer(cnr container.Container) {
|
||||
x.cnr = cnr
|
||||
x.prmClient.SetContainer(cnr)
|
||||
}
|
||||
|
||||
// WithinSession specifies session to be used as a parameter of the base
|
||||
// client's operation.
|
||||
//
|
||||
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.WithinSession.
|
||||
func (x *PrmContainerPut) WithinSession(s session.Container) {
|
||||
x.prmClient.WithinSession(s)
|
||||
}
|
||||
|
||||
// SetWaitParams specifies timeout params to complete operation.
|
||||
|
@ -805,15 +817,30 @@ func (x *PrmContainerEACL) SetContainerID(cnrID cid.ID) {
|
|||
type PrmContainerSetEACL struct {
|
||||
table eacl.Table
|
||||
|
||||
sessionSet bool
|
||||
session session.Container
|
||||
|
||||
waitParams WaitParams
|
||||
waitParamsSet bool
|
||||
}
|
||||
|
||||
// SetTable specifies eACL table structure to be set for the container.
|
||||
// SetTable sets structure of container's extended ACL to be used as a
|
||||
// parameter of the base client's operation.
|
||||
//
|
||||
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.SetTable.
|
||||
func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
|
||||
x.table = table
|
||||
}
|
||||
|
||||
// WithinSession specifies session to be used as a parameter of the base
|
||||
// client's operation.
|
||||
//
|
||||
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.WithinSession.
|
||||
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
|
||||
x.session = s
|
||||
x.sessionSet = true
|
||||
}
|
||||
|
||||
// SetWaitParams specifies timeout params to complete operation.
|
||||
// If not provided the default one will be used.
|
||||
// Panics if any of the wait params isn't positive.
|
||||
|
|
Loading…
Reference in a new issue