package client import ( "context" "fmt" v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature" frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto" frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" ) // PrmContainerSetEACL groups parameters of ContainerSetEACL operation. type PrmContainerSetEACL struct { // FrostFS request X-Headers. XHeaders []string Table *eacl.Table Session *session.Container } // SetTable sets eACL table structure to be set for the container. // Required parameter. // // Deprecated: Use PrmContainerSetEACL.Table instead. func (x *PrmContainerSetEACL) SetTable(table eacl.Table) { x.Table = &table } // WithinSession specifies session within which extended ACL of the container // should be saved. // // Creator of the session acquires the authorship of the request. This affects // the execution of an operation (e.g. access control). // // Session is optional, if set the following requirements apply: // - if particular container is specified (ApplyOnlyTo), it MUST equal the container // for which extended ACL is going to be set // - session operation MUST be session.VerbContainerSetEACL (ForVerb) // - token MUST be signed using private key of the owner of the container to be saved // // Deprecated: Use PrmContainerSetEACL.Session instead. func (x *PrmContainerSetEACL) WithinSession(s session.Container) { x.Session = &s } func (x *PrmContainerSetEACL) buildRequest(c *Client) (*v2container.SetExtendedACLRequest, error) { if x.Table == nil { return nil, errorEACLTableNotSet } if len(x.XHeaders)%2 != 0 { return nil, errorInvalidXHeaders } eaclV2 := x.Table.ToV2() var sig frostfscrypto.Signature err := sig.Calculate(frostfsecdsa.SignerRFC6979(c.prm.key), eaclV2.StableMarshal(nil)) if err != nil { return nil, fmt.Errorf("calculate signature: %w", err) } var sigv2 refs.Signature sig.WriteToV2(&sigv2) reqBody := new(v2container.SetExtendedACLRequestBody) reqBody.SetEACL(eaclV2) reqBody.SetSignature(&sigv2) var meta v2session.RequestMetaHeader writeXHeadersToMeta(x.XHeaders, &meta) if x.Session != nil { var tokv2 v2session.Token x.Session.WriteToV2(&tokv2) meta.SetSessionToken(&tokv2) } var req v2container.SetExtendedACLRequest req.SetBody(reqBody) c.prepareRequest(&req, &meta) return &req, nil } // ResContainerSetEACL groups resulting values of ContainerSetEACL operation. type ResContainerSetEACL struct { statusRes } // ContainerSetEACL sends request to update eACL table of the FrostFS container. // // Exactly one return value is non-nil. By default, server status is returned in res structure. // Any client's internal or transport errors are returned as `error`. // If PrmInit.ResolveFrostFSFailures has been called, unsuccessful // FrostFS status codes are returned as `error`, otherwise, are included // in the returned result structure. // // Operation is asynchronous and no guaranteed even in the absence of errors. // The required time is also not predictable. // // Success can be verified by reading by identifier (see EACL). // // Returns an error if parameters are set incorrectly (see PrmContainerSetEACL docs). // Context is required and must not be nil. It is used for network communication. // // Return statuses: // - global (see Client docs). func (c *Client) ContainerSetEACL(ctx context.Context, prm PrmContainerSetEACL) (*ResContainerSetEACL, error) { req, err := prm.buildRequest(c) if err != nil { return nil, err } if err := signature.SignServiceMessage(&c.prm.key, req); err != nil { return nil, fmt.Errorf("sign request: %w", err) } resp, err := rpcapi.SetEACL(&c.c, req, client.WithContext(ctx)) if err != nil { return nil, err } var res ResContainerSetEACL res.st, err = c.processResponse(resp) return &res, err }