[#793] adm: Always use committee as FrostFS ID owner

Committee should be able to authorize everything, there are no other usecases for the frostfs-adm currently. Also, it somewhat eases configuration, because committee hash depends on the protocol configuration. Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-11-13 12:41:40 +03:00 · 2023-11-13 12:41:40 +03:00 · c1ec6e33b4
parent f871f5cc6c
commit c1ec6e33b4
3 changed files with 12 additions and 7 deletions
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go
@ -13,8 +13,9 @@ import (
 // neo-go doesn't support []util.Uint160 type:
 // https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262
 // Thus, return []smartcontract.Parameter.
-func getFrostfsIDAuthorizedKeys(v *viper.Viper) ([]smartcontract.Parameter, error) {
+func getFrostfsIDAuthorizedKeys(v *viper.Viper, defaultOwner util.Uint160) ([]smartcontract.Parameter, error) {
 	var res []smartcontract.Parameter
+	res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: defaultOwner})

 	ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey)
 	for i := range ks {
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
@ -7,6 +7,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
@ -27,19 +28,22 @@ func TestFrostfsIDConfig(t *testing.T) {
 		hex.EncodeToString(pks[3].PublicKey().Bytes()),
 	})

-	actual, err := getFrostfsIDAuthorizedKeys(v)
+	comm := util.Uint160{1, 2, 3}
+	actual, err := getFrostfsIDAuthorizedKeys(v, comm)
 	require.NoError(t, err)
-	require.Equal(t, len(pks), len(actual))
+	require.Equal(t, len(pks)+1, len(actual))
+	require.Equal(t, smartcontract.Hash160Type, actual[0].Type)
+	require.Equal(t, comm, actual[0].Value)
 	for i := range pks {
-		require.Equal(t, smartcontract.Hash160Type, actual[i].Type)
-		require.Equal(t, pks[i].GetScriptHash(), actual[i].Value)
+		require.Equal(t, smartcontract.Hash160Type, actual[i+1].Type)
+		require.Equal(t, pks[i].GetScriptHash(), actual[i+1].Value)
 	}

 	t.Run("bad key", func(t *testing.T) {
 		v := viper.New()
 		v.Set("frostfsid.authorized_keys", []string{"abc"})

-		_, err := getFrostfsIDAuthorizedKeys(v)
+		_, err := getFrostfsIDAuthorizedKeys(v, comm)
 		require.Error(t, err)
 	})
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
@ -538,7 +538,7 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an
 			nnsCs.Hash,
 			"container")
 	case frostfsIDContract:
-		hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper())
+		hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper(), c.CommitteeAcc.PublicKey().GetScriptHash())
 		if err != nil {
 			panic(err)
 		}