forked from TrueCloudLab/frostfs-node
[#xx] adm: Policy contract
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
8d18fa159e
commit
9d74a8c6f4
4 changed files with 238 additions and 2559 deletions
150
cmd/frostfs-adm/internal/modules/morph/ape.go
Normal file
150
cmd/frostfs-adm/internal/modules/morph/ape.go
Normal file
|
|
@ -0,0 +1,150 @@
|
||||||
|
package morph
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
|
||||||
|
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
||||||
|
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||||
|
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
||||||
|
morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||||
|
"github.com/spf13/cobra"
|
||||||
|
"github.com/spf13/viper"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
namespaceTarget = "namespace"
|
||||||
|
containerTarget = "container"
|
||||||
|
)
|
||||||
|
|
||||||
|
func getPolicyContractHash(cmd *cobra.Command, inv *invoker.Invoker) (util.Uint160, error) {
|
||||||
|
s, err := cmd.Flags().GetString(apeContractFlag)
|
||||||
|
var ch util.Uint160
|
||||||
|
if err == nil {
|
||||||
|
ch, err = util.Uint160DecodeStringLE(s)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
r := management.NewReader(inv)
|
||||||
|
nnsCs, err := r.GetContractByID(1)
|
||||||
|
if err != nil {
|
||||||
|
return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
|
||||||
|
}
|
||||||
|
ch, err = nnsResolveHash(inv, nnsCs.Hash, policyContract+".frostfs")
|
||||||
|
if err != nil {
|
||||||
|
return util.Uint160{}, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ch, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseTarget(cmd *cobra.Command) policyengine.Target {
|
||||||
|
var targetType policyengine.TargetType
|
||||||
|
typ, _ := cmd.Flags().GetString(targetTypeFlag)
|
||||||
|
switch typ {
|
||||||
|
case namespaceTarget:
|
||||||
|
targetType = policyengine.Namespace
|
||||||
|
case containerTarget:
|
||||||
|
targetType = policyengine.Container
|
||||||
|
default:
|
||||||
|
commonCmd.ExitOnErr(cmd, "read target type error: %w", fmt.Errorf("unknown target type"))
|
||||||
|
}
|
||||||
|
name, _ := cmd.Flags().GetString(targetNameFlag)
|
||||||
|
|
||||||
|
return policyengine.Target{
|
||||||
|
Name: name,
|
||||||
|
Type: targetType,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func newPolicyContractInterface(cmd *cobra.Command) *morph.ContractStorage {
|
||||||
|
initCtx, err := newInitializeContext(cmd, viper.GetViper())
|
||||||
|
commonCmd.ExitOnErr(cmd, "can't initialize context: %w", err)
|
||||||
|
|
||||||
|
actor := initCtx.clientContext.CommitteeAct
|
||||||
|
|
||||||
|
hash, err := getPolicyContractHash(cmd, &actor.Invoker)
|
||||||
|
commonCmd.ExitOnErr(cmd, "unable to get contaract hash: %w", err)
|
||||||
|
|
||||||
|
return morph.NewContractStorage(actor, hash)
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseChainID(cmd *cobra.Command) apechain.ID {
|
||||||
|
chainID, _ := cmd.Flags().GetString(apeChainID)
|
||||||
|
if chainID == "" {
|
||||||
|
commonCmd.ExitOnErr(cmd, "read chain id error: %w",
|
||||||
|
fmt.Errorf("chain id cannot be empty"))
|
||||||
|
}
|
||||||
|
return apechain.ID(chainID)
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseChain(cmd *cobra.Command) *apechain.Chain {
|
||||||
|
chain := new(apechain.Chain)
|
||||||
|
|
||||||
|
if ruleStmt, _ := cmd.Flags().GetString(apeRuleFlag); ruleStmt != "" {
|
||||||
|
parseErr := parseutil.ParseAPEChain(chain, []string{ruleStmt})
|
||||||
|
commonCmd.ExitOnErr(cmd, "ape chain parser error: %w", parseErr)
|
||||||
|
} else if ruleJSON, _ := cmd.Flags().GetString(apeRuleJSONFlag); ruleJSON != "" {
|
||||||
|
var rule []byte
|
||||||
|
if _, err := os.Stat(ruleJSON); err == nil {
|
||||||
|
rule, err = os.ReadFile(ruleJSON)
|
||||||
|
commonCmd.ExitOnErr(cmd, "read file error: %w", err)
|
||||||
|
} else {
|
||||||
|
rule = []byte(ruleJSON)
|
||||||
|
if !json.Valid(rule) {
|
||||||
|
commonCmd.ExitOnErr(cmd, "read raw rule error: %w",
|
||||||
|
fmt.Errorf("invalid JSON"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
err := chain.DecodeBytes(rule)
|
||||||
|
commonCmd.ExitOnErr(cmd, "chain decode error: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
chain.ID = parseChainID(cmd)
|
||||||
|
|
||||||
|
return chain
|
||||||
|
}
|
||||||
|
|
||||||
|
func addChain(cmd *cobra.Command, _ []string) {
|
||||||
|
chain := parseChain(cmd)
|
||||||
|
|
||||||
|
target := parseTarget(cmd)
|
||||||
|
|
||||||
|
contractIface := newPolicyContractInterface(cmd)
|
||||||
|
_, _, err := contractIface.AddMorphRuleChain(apechain.Ingress, target, chain)
|
||||||
|
commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeChain(cmd *cobra.Command, _ []string) {
|
||||||
|
chainID := parseChainID(cmd)
|
||||||
|
|
||||||
|
target := parseTarget(cmd)
|
||||||
|
|
||||||
|
contractIface := newPolicyContractInterface(cmd)
|
||||||
|
_, _, err := contractIface.RemoveMorphRuleChain(apechain.Ingress, target, chainID)
|
||||||
|
commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
func listChains(cmd *cobra.Command, _ []string) {
|
||||||
|
target := parseTarget(cmd)
|
||||||
|
|
||||||
|
contractIface := newPolicyContractInterface(cmd)
|
||||||
|
chains, err := contractIface.ListMorphRuleChains(apechain.Ingress, target)
|
||||||
|
commonCmd.ExitOnErr(cmd, "list rule chain error: %w", err)
|
||||||
|
|
||||||
|
for _, c := range chains {
|
||||||
|
cmd.Println(prettyJSONFormat(cmd, c.Bytes()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func prettyJSONFormat(cmd *cobra.Command, serialized []byte) string {
|
||||||
|
wr := bytes.NewBufferString("")
|
||||||
|
err := json.Indent(wr, serialized, "", " ")
|
||||||
|
commonCmd.ExitOnErr(cmd, "%w", err)
|
||||||
|
return wr.String()
|
||||||
|
}
|
||||||
|
|
@ -38,6 +38,12 @@ const (
|
||||||
localDumpFlag = "local-dump"
|
localDumpFlag = "local-dump"
|
||||||
protoConfigPath = "protocol"
|
protoConfigPath = "protocol"
|
||||||
walletAddressFlag = "wallet-address"
|
walletAddressFlag = "wallet-address"
|
||||||
|
apeContractFlag = "ape-contract"
|
||||||
|
apeChainID = "chain-id"
|
||||||
|
apeRuleFlag = "rule"
|
||||||
|
apeRuleJSONFlag = "rule-path"
|
||||||
|
targetNameFlag = "target"
|
||||||
|
targetTypeFlag = "type"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -238,6 +244,36 @@ var (
|
||||||
},
|
},
|
||||||
Run: listNetmapCandidatesNodes,
|
Run: listNetmapCandidatesNodes,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
addChainCmd = &cobra.Command{
|
||||||
|
Use: "add-chain",
|
||||||
|
Short: "List netmap candidates nodes",
|
||||||
|
PreRun: func(cmd *cobra.Command, _ []string) {
|
||||||
|
_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
|
||||||
|
_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
|
||||||
|
},
|
||||||
|
Run: addChain,
|
||||||
|
}
|
||||||
|
|
||||||
|
removeChainCmd = &cobra.Command{
|
||||||
|
Use: "add-chain",
|
||||||
|
Short: "List netmap candidates nodes",
|
||||||
|
PreRun: func(cmd *cobra.Command, _ []string) {
|
||||||
|
_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
|
||||||
|
_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
|
||||||
|
},
|
||||||
|
Run: removeChain,
|
||||||
|
}
|
||||||
|
|
||||||
|
listChainsCmd = &cobra.Command{
|
||||||
|
Use: "list-chains",
|
||||||
|
Short: "List netmap candidates nodes",
|
||||||
|
PreRun: func(cmd *cobra.Command, _ []string) {
|
||||||
|
_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
|
||||||
|
_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
|
||||||
|
},
|
||||||
|
Run: listChains,
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -260,6 +296,45 @@ func init() {
|
||||||
initRefillGasCmd()
|
initRefillGasCmd()
|
||||||
initDepositoryNotaryCmd()
|
initDepositoryNotaryCmd()
|
||||||
initNetmapCandidatesCmd()
|
initNetmapCandidatesCmd()
|
||||||
|
initAddChainCmd()
|
||||||
|
initRemoveChainCmd()
|
||||||
|
initListChainCmd()
|
||||||
|
}
|
||||||
|
|
||||||
|
func initAddChainCmd() {
|
||||||
|
RootCmd.AddCommand(addChainCmd)
|
||||||
|
|
||||||
|
addChainCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
|
||||||
|
addChainCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
|
||||||
|
|
||||||
|
addChainCmd.Flags().String(targetTypeFlag, "", "Resource type. Allowed values: container, namespace")
|
||||||
|
addChainCmd.Flags().String(targetNameFlag, "", "Resource name in APE resource name format")
|
||||||
|
|
||||||
|
addChainCmd.Flags().String(apeChainID, "", "Rule chain ID")
|
||||||
|
addChainCmd.Flags().String(apeRuleFlag, "", "Rule chain in text format")
|
||||||
|
addChainCmd.Flags().String(apeRuleJSONFlag, "", "Path to chain rule in JSON format")
|
||||||
|
|
||||||
|
addChainCmd.MarkFlagsMutuallyExclusive(apeRuleFlag, apeRuleJSONFlag)
|
||||||
|
}
|
||||||
|
|
||||||
|
func initRemoveChainCmd() {
|
||||||
|
RootCmd.AddCommand(removeChainCmd)
|
||||||
|
|
||||||
|
addChainCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
|
||||||
|
addChainCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
|
||||||
|
|
||||||
|
addChainCmd.Flags().String(targetTypeFlag, "", "Resource type. Allowed values: container, namespace")
|
||||||
|
addChainCmd.Flags().String(targetNameFlag, "", "Resource name in APE resource name format")
|
||||||
|
|
||||||
|
addChainCmd.Flags().String(apeChainID, "", "Rule chain ID")
|
||||||
|
}
|
||||||
|
|
||||||
|
func initListChainCmd() {
|
||||||
|
RootCmd.AddCommand(listChainsCmd)
|
||||||
|
|
||||||
|
listChainsCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
|
||||||
|
listChainsCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
|
||||||
|
listChainsCmd.Flags().StringSlice(containerIDsFlag, []string{}, "Containers ids")
|
||||||
}
|
}
|
||||||
|
|
||||||
func initNetmapCandidatesCmd() {
|
func initNetmapCandidatesCmd() {
|
||||||
|
|
|
||||||
4
go.mod
4
go.mod
|
|
@ -2,9 +2,11 @@ module git.frostfs.info/TrueCloudLab/frostfs-node
|
||||||
|
|
||||||
go 1.20
|
go 1.20
|
||||||
|
|
||||||
|
replace git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231115094736-5db67021e10f => git.frostfs.info/aarifullin/policy-engine v0.0.0-20231130155622-87210589f123
|
||||||
|
|
||||||
require (
|
require (
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20231031104748-498877e378fd
|
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20231031104748-498877e378fd
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.18.1-0.20231102065436-9ed3845aa989
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.18.1-0.20231129062201-a1b61d394958
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231114081800-3787477133f3
|
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231114081800-3787477133f3
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue