a-savchuk/frostfs-sdk-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-sdk-go
Code Pull requests Activity

[#276] container: Remove session token and signature from Container/eACL

Browse source 
Session token and signature isn't presented in `Container` and
`EACLTable` messages of NeoFS API V2 protocol. These entities are needed
for access control and doesn't carry payload of these messages.

Remove `SetSessionToken` / `SessionToken` methods of
`container.Container` and `eacl.Table` types. Provide methods to specify
these components in corresponding `Client` operations.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-21 17:50:39 +03:00 committed by fyrchik
parent e986f47807
commit 721df386c5
6 changed files with 74 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
client/container.go
View file

@ -24,6 +24,9 @@ type PrmContainerPut struct {
cnrSet bool
cnr container.Container
sessionSet bool
session session.Container
}
// SetContainer sets structured information about new NeoFS container.
@ -33,6 +36,19 @@ func (x *PrmContainerPut) SetContainer(cnr container.Container) {
x.cnrSet = true
}
// WithinSession specifies session within which container should be saved.
//
// Creator of the session acquires the authorship of the request. This affects
// the execution of an operation (e.g. access control).
//
// Session is optional, if set the following requirements apply:
// - session operation MUST be session.VerbContainerPut (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved
func (x *PrmContainerPut) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// ResContainerPut groups resulting values of ContainerPut operation.
type ResContainerPut struct {
statusRes
@ -104,9 +120,9 @@ func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResCon
var meta v2session.RequestMetaHeader
prm.prmCommonMeta.writeToMetaHeader(&meta)
if tok := prm.cnr.SessionToken(); tok != nil {
if prm.sessionSet {
var tokv2 v2session.Token
tok.WriteToV2(&tokv2)
prm.session.WriteToV2(&tokv2)
meta.SetSessionToken(&tokv2)
}
@ -241,26 +257,6 @@ func (c *Client) ContainerGet(ctx context.Context, prm PrmContainerGet) (*ResCon
cnr := container.NewContainerFromV2(body.GetContainer())
tokv2 := body.GetSessionToken()
if tokv2 != nil {
var tok session.Container
// FIXME: (neofs-sdk-go#221) need to handle the error
err := tok.ReadFromV2(*tokv2)
if err == nil {
cnr.SetSessionToken(&tok)
}
}
var sig *neofscrypto.Signature
if sigv2 := body.GetSignature(); sigv2 != nil {
sig = new(neofscrypto.Signature)
sig.ReadFromV2(*sigv2)
}
cnr.SetSignature(sig)
res.setContainer(cnr)
}
@ -589,26 +585,6 @@ func (c *Client) ContainerEACL(ctx context.Context, prm PrmContainerEACL) (*ResC
table := eacl.NewTableFromV2(body.GetEACL())
tokv2 := body.GetSessionToken()
if tokv2 != nil {
var tok session.Container
// FIXME: (neofs-sdk-go#221) need to handle the error
err := tok.ReadFromV2(*tokv2)
if err == nil {
table.SetSessionToken(&tok)
}
}
var sig *neofscrypto.Signature
if sigv2 := body.GetSignature(); sigv2 != nil {
sig = new(neofscrypto.Signature)
sig.ReadFromV2(*sigv2)
}
table.SetSignature(sig)
res.setTable(table)
}
@ -626,6 +602,9 @@ type PrmContainerSetEACL struct {
tableSet bool
table eacl.Table
sessionSet bool
session session.Container
}
// SetTable sets eACL table structure to be set for the container.
@ -635,6 +614,22 @@ func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
x.tableSet = true
}
// WithinSession specifies session within which extended ACL of the container
// should be saved.
//
// Creator of the session acquires the authorship of the request. This affects
// the execution of an operation (e.g. access control).
//
// Session is optional, if set the following requirements apply:
// - if particular container is specified (ApplyOnlyTo), it MUST equal the container
// for which extended ACL is going to be set
// - session operation MUST be session.VerbContainerSetEACL (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// ResContainerSetEACL groups resulting values of ContainerSetEACL operation.
type ResContainerSetEACL struct {
statusRes
@ -690,9 +685,9 @@ func (c *Client) ContainerSetEACL(ctx context.Context, prm PrmContainerSetEACL)
var meta v2session.RequestMetaHeader
prm.prmCommonMeta.writeToMetaHeader(&meta)
if tok := prm.table.SessionToken(); tok != nil {
if prm.sessionSet {
var tokv2 v2session.Token
tok.WriteToV2(&tokv2)
prm.session.WriteToV2(&tokv2)
meta.SetSessionToken(&tokv2)
}

28
container/container.go
View file

@ -9,19 +9,13 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-sdk-go/acl"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"github.com/nspcc-dev/neofs-sdk-go/version"
)
type Container struct {
v2 container.Container
token *session.Container
sig *neofscrypto.Signature
}
// New creates, initializes and returns blank Container instance.
@ -185,28 +179,6 @@ func (c *Container) SetPlacementPolicy(v *netmap.PlacementPolicy) {
c.v2.SetPlacementPolicy(m)
}
// SessionToken returns token of the session within
// which container was created.
func (c Container) SessionToken() *session.Container {
return c.token
}
// SetSessionToken sets token of the session within
// which container was created.
func (c *Container) SetSessionToken(t *session.Container) {
c.token = t
}
// Signature returns signature of the marshaled container.
func (c Container) Signature() *neofscrypto.Signature {
return c.sig
}
// SetSignature sets signature of the marshaled container.
func (c *Container) SetSignature(sig *neofscrypto.Signature) {
c.sig = sig
}
// Marshal marshals Container into a protobuf binary form.
func (c *Container) Marshal() ([]byte, error) {
return c.v2.StableMarshal(nil), nil

13
container/container_test.go
View file

@ -9,7 +9,6 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/container"
containertest "github.com/nspcc-dev/neofs-sdk-go/container/test"
netmaptest "github.com/nspcc-dev/neofs-sdk-go/netmap/test"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
"github.com/nspcc-dev/neofs-sdk-go/version"
versiontest "github.com/nspcc-dev/neofs-sdk-go/version/test"
@ -75,16 +74,6 @@ func TestContainerEncoding(t *testing.T) {
})
}
func TestContainer_SessionToken(t *testing.T) {
tok := sessiontest.Container()
cnr := container.New()
cnr.SetSessionToken(tok)
require.Equal(t, tok, cnr.SessionToken())
}
func TestContainer_ToV2(t *testing.T) {
t.Run("nil", func(t *testing.T) {
var x *container.Container
@ -96,8 +85,6 @@ func TestContainer_ToV2(t *testing.T) {
cnt := container.New()
// check initial values
require.Nil(t, cnt.SessionToken())
require.Nil(t, cnt.Signature())
require.Nil(t, cnt.Attributes())
require.Nil(t, cnt.PlacementPolicy())
require.Nil(t, cnt.OwnerID())

26
eacl/table.go
View file

@ -7,8 +7,6 @@ import (
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
"github.com/nspcc-dev/neofs-api-go/v2/refs"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/version"
)
@ -18,8 +16,6 @@ import (
type Table struct {
version version.Version
cid *cid.ID
token *session.Container
sig *neofscrypto.Signature
records []Record
}
@ -60,28 +56,6 @@ func (t *Table) AddRecord(r *Record) {
}
}
// SessionToken returns token of the session
// within which Table was set.
func (t Table) SessionToken() *session.Container {
return t.token
}
// SetSessionToken sets token of the session
// within which Table was set.
func (t *Table) SetSessionToken(tok *session.Container) {
t.token = tok
}
// Signature returns Table signature.
func (t Table) Signature() *neofscrypto.Signature {
return t.sig
}
// SetSignature sets Table signature.
func (t *Table) SetSignature(sig *neofscrypto.Signature) {
t.sig = sig
}
// ToV2 converts Table to v2 acl.EACLTable message.
//
// Nil Table converts to nil.

12
eacl/table_test.go
View file

@ -8,7 +8,6 @@ import (
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
"github.com/nspcc-dev/neofs-sdk-go/version"
"github.com/stretchr/testify/require"
)
@ -92,15 +91,6 @@ func TestTableEncoding(t *testing.T) {
})
}
func TestTable_SessionToken(t *testing.T) {
tok := sessiontest.Container()
table := eacl.NewTable()
table.SetSessionToken(tok)
require.Equal(t, tok, table.SessionToken())
}
func TestTable_ToV2(t *testing.T) {
t.Run("nil", func(t *testing.T) {
var x *eacl.Table
@ -116,8 +106,6 @@ func TestTable_ToV2(t *testing.T) {
require.Nil(t, table.Records())
_, set := table.CID()
require.False(t, set)
require.Nil(t, table.SessionToken())
require.Nil(t, table.Signature())
// convert to v2 message
tableV2 := table.ToV2()

43
pool/pool.go
View file

@ -114,10 +114,7 @@ func (c *clientWrapper) balanceGet(ctx context.Context, prm PrmBalanceGet) (*acc
}
func (c *clientWrapper) containerPut(ctx context.Context, prm PrmContainerPut) (*cid.ID, error) {
var cliPrm sdkClient.PrmContainerPut
cliPrm.SetContainer(prm.cnr)
res, err := c.client.ContainerPut(ctx, cliPrm)
res, err := c.client.ContainerPut(ctx, prm.prmClient)
if err != nil {
return nil, err
}
@ -184,6 +181,10 @@ func (c *clientWrapper) containerSetEACL(ctx context.Context, prm PrmContainerSe
var cliPrm sdkClient.PrmContainerSetEACL
cliPrm.SetTable(prm.table)
if prm.sessionSet {
cliPrm.WithinSession(prm.session)
}
if _, err := c.client.ContainerSetEACL(ctx, cliPrm); err != nil {
return err
}
@ -720,15 +721,26 @@ func (x *PrmObjectSearch) SetFilters(filters object.SearchFilters) {
// PrmContainerPut groups parameters of PutContainer operation.
type PrmContainerPut struct {
cnr container.Container
prmClient sdkClient.PrmContainerPut
waitParams WaitParams
waitParamsSet bool
}
// SetContainer specifies structured information about new NeoFS container.
// SetContainer container structure to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.SetContainer.
func (x *PrmContainerPut) SetContainer(cnr container.Container) {
x.cnr = cnr
x.prmClient.SetContainer(cnr)
}
// WithinSession specifies session to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.WithinSession.
func (x *PrmContainerPut) WithinSession(s session.Container) {
x.prmClient.WithinSession(s)
}
// SetWaitParams specifies timeout params to complete operation.
@ -805,15 +817,30 @@ func (x *PrmContainerEACL) SetContainerID(cnrID cid.ID) {
type PrmContainerSetEACL struct {
table eacl.Table
sessionSet bool
session session.Container
waitParams WaitParams
waitParamsSet bool
}
// SetTable specifies eACL table structure to be set for the container.
// SetTable sets structure of container's extended ACL to be used as a
// parameter of the base client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.SetTable.
func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
x.table = table
}
// WithinSession specifies session to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.WithinSession.
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// SetWaitParams specifies timeout params to complete operation.
// If not provided the default one will be used.
// Panics if any of the wait params isn't positive.