[#414] ir: Serve ControlService

Serve `ControlService` instance on configured endpoint (do not serve if not
specified). Read allowed keys from config.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-06-09 18:49:10 +03:00 committed by Alex Vanin
parent 4001ba2967
commit 455fd952dd
5 changed files with 73 additions and 10 deletions

View file

@ -117,4 +117,7 @@ func defaultConfiguration(cfg *viper.Viper) {
// extra fee values for working mode without notary contract
cfg.SetDefault("fee.main_chain", 5000_0000) // 0.5 Fixed8
cfg.SetDefault("fee.side_chain", 2_0000_0000) // 2.0 Fixed8
cfg.SetDefault("control.authorized_keys", []string{})
cfg.SetDefault("control.grpc.endpoint", "")
}

View file

@ -2,9 +2,11 @@ package innerring
import (
"context"
"encoding/hex"
"errors"
"fmt"
"io"
"net"
"github.com/nspcc-dev/neo-go/pkg/core/block"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@ -32,6 +34,8 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/morph/subscriber"
"github.com/nspcc-dev/neofs-node/pkg/morph/timer"
audittask "github.com/nspcc-dev/neofs-node/pkg/services/audit/taskmanager"
control "github.com/nspcc-dev/neofs-node/pkg/services/control/ir"
controlsrv "github.com/nspcc-dev/neofs-node/pkg/services/control/ir/server"
util2 "github.com/nspcc-dev/neofs-node/pkg/util"
utilConfig "github.com/nspcc-dev/neofs-node/pkg/util/config"
"github.com/nspcc-dev/neofs-node/pkg/util/precision"
@ -39,6 +43,7 @@ import (
"github.com/spf13/viper"
"go.uber.org/atomic"
"go.uber.org/zap"
"google.golang.org/grpc"
)
type (
@ -91,6 +96,13 @@ type (
//
// Errors are logged.
closers []func() error
// Set of component runners which
// should report start errors
// to the application.
//
// TODO: unify with workers.
runners []func(chan<- error)
}
contracts struct {
@ -152,7 +164,7 @@ func (s *Server) Start(ctx context.Context, intError chan<- error) (err error) {
}
}
err := s.initConfigFromBlockchain()
err = s.initConfigFromBlockchain()
if err != nil {
return err
}
@ -210,6 +222,10 @@ func (s *Server) Start(ctx context.Context, intError chan<- error) (err error) {
s.tickTimers()
})
for _, runner := range s.runners {
runner(intError)
}
go s.morphListener.ListenWithError(ctx, morphErr) // listen for neo:morph events
go s.mainnetListener.ListenWithError(ctx, mainnnetErr) // listen for neo:mainnet events
@ -285,6 +301,8 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
server.key = acc.PrivateKey()
fmt.Println(hex.EncodeToString(server.key.PublicKey().Bytes()))
// get all script hashes of contracts
server.contracts, err = parseContracts(cfg)
if err != nil {
@ -728,6 +746,52 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
server.addBlockTimer(sideNotaryTimer)
}
controlSvcEndpoint := cfg.GetString("control.grpc.endpoint")
if controlSvcEndpoint != "" {
authKeysStr := cfg.GetStringSlice("control.authorized_keys")
authKeys := make([][]byte, 0, len(authKeysStr))
for i := range authKeysStr {
key, err := hex.DecodeString(authKeysStr[i])
if err != nil {
return nil, fmt.Errorf("could not parse Control authorized key %s: %w",
authKeysStr[i],
err,
)
}
authKeys = append(authKeys, key)
}
var p controlsrv.Prm
p.SetPrivateKey(*server.key)
p.SetHealthChecker(server)
controlSvc := controlsrv.New(p,
controlsrv.WithAllowedKeys(authKeys),
)
grpcControlSrv := grpc.NewServer()
control.RegisterControlServiceServer(grpcControlSrv, controlSvc)
server.runners = append(server.runners, func(ch chan<- error) {
lis, err := net.Listen("tcp", controlSvcEndpoint)
if err != nil {
ch <- err
return
}
go func() {
ch <- grpcControlSrv.Serve(lis)
}()
})
server.registerNoErrCloser(grpcControlSrv.GracefulStop)
} else {
log.Info("no Control server endpoint specified, service is disabled")
}
return server, nil
}

View file

@ -26,7 +26,7 @@ func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest)
body.SetHealthStatus(s.prm.healthChecker.HealthStatus())
// sign the response
if err := SignMessage(s.prm.key, resp); err != nil {
if err := SignMessage(&s.prm.key.PrivateKey, resp); err != nil {
return nil, status.Error(codes.Internal, err.Error())
}

View file

@ -1,19 +1,19 @@
package control
import (
"crypto/ecdsa"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
)
// Prm groups required parameters of
// Server's constructor.
type Prm struct {
key *ecdsa.PrivateKey
key keys.PrivateKey
healthChecker HealthChecker
}
// SetPrivateKey sets private key to sign responses.
func (x *Prm) SetPrivateKey(key *ecdsa.PrivateKey) {
func (x *Prm) SetPrivateKey(key keys.PrivateKey) {
x.key = key
}

View file

@ -2,8 +2,6 @@ package control
import (
"fmt"
crypto "github.com/nspcc-dev/neofs-crypto"
)
// Server is an entity that serves
@ -34,8 +32,6 @@ func panicOnPrmValue(n string, v interface{}) {
func New(prm Prm, opts ...Option) *Server {
// verify required parameters
switch {
case prm.key == nil:
panicOnPrmValue("key", prm.key)
case prm.healthChecker == nil:
panicOnPrmValue("health checker", prm.healthChecker)
}
@ -50,6 +46,6 @@ func New(prm Prm, opts ...Option) *Server {
return &Server{
prm: prm,
allowedKeys: append(o.allowedKeys, crypto.MarshalPublicKey(&prm.key.PublicKey)),
allowedKeys: append(o.allowedKeys, prm.key.PublicKey().Bytes()),
}
}