forked from TrueCloudLab/frostfs-node
[#943] service/object: Refactor private key fetching during execution
`CommonPrm` structure has private key for remote operations. It obtained in the beginning of request processing. However, not every operation triggers remote calls. Therefore, key might not be used. It is important to avoid early key fetching because `TokenStore` now returns error if session token does not exist. This is valid case when container nodes receive request with session token (for ACL pass) and they should process request locally. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
2fbdcbdee1
commit
c30aa20b04
7 changed files with 57 additions and 58 deletions
|
@ -2,7 +2,6 @@ package deletesvc
|
|||
|
||||
import (
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/session"
|
||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||
deletesvc "github.com/nspcc-dev/neofs-node/pkg/services/object/delete"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/services/object/util"
|
||||
|
@ -13,13 +12,6 @@ type tombstoneBodyWriter struct {
|
|||
}
|
||||
|
||||
func (s *Service) toPrm(req *objectV2.DeleteRequest, respBody *objectV2.DeleteResponseBody) (*deletesvc.Prm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(session.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -27,7 +19,7 @@ func (s *Service) toPrm(req *objectV2.DeleteRequest, respBody *objectV2.DeleteRe
|
|||
|
||||
p := new(deletesvc.Prm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
body := req.GetBody()
|
||||
|
|
|
@ -104,14 +104,19 @@ func (exec execCtx) isChild(obj *object.Object) bool {
|
|||
return par != nil && equalAddresses(exec.address(), par.Address())
|
||||
}
|
||||
|
||||
func (exec execCtx) key() *ecdsa.PrivateKey {
|
||||
return exec.prm.common.PrivateKey()
|
||||
func (exec execCtx) key() (*ecdsa.PrivateKey, error) {
|
||||
return exec.prm.common.KeyStorage().GetKey(exec.prm.common.SessionToken())
|
||||
}
|
||||
|
||||
func (exec execCtx) callOptions() ([]client.CallOption, error) {
|
||||
key, err := exec.key()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
func (exec execCtx) callOptions() []client.CallOption {
|
||||
return exec.prm.common.RemoteCallOptions(
|
||||
util.WithNetmapEpoch(exec.curProcEpoch),
|
||||
util.WithKey(exec.key()))
|
||||
util.WithKey(key)), nil
|
||||
}
|
||||
|
||||
func (exec execCtx) remotePrm() *client.GetObjectParams {
|
||||
|
|
|
@ -88,12 +88,17 @@ func (c *clientWrapper) getObject(exec *execCtx, info coreclient.NodeInfo) (*obj
|
|||
return exec.prm.forwarder(info, c.client)
|
||||
}
|
||||
|
||||
opts, err := exec.callOptions()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if exec.headOnly() {
|
||||
return c.client.GetObjectHeader(exec.context(),
|
||||
new(client.ObjectHeaderParams).
|
||||
WithAddress(exec.address()).
|
||||
WithRawFlag(exec.isRaw()),
|
||||
exec.callOptions()...,
|
||||
opts...,
|
||||
)
|
||||
}
|
||||
// we don't specify payload writer because we accumulate
|
||||
|
@ -104,7 +109,7 @@ func (c *clientWrapper) getObject(exec *execCtx, info coreclient.NodeInfo) (*obj
|
|||
WithAddress(exec.address()).
|
||||
WithRange(rng).
|
||||
WithRaw(exec.isRaw()),
|
||||
exec.callOptions()...,
|
||||
opts...,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -115,7 +120,7 @@ func (c *clientWrapper) getObject(exec *execCtx, info coreclient.NodeInfo) (*obj
|
|||
|
||||
return c.client.GetObject(exec.context(),
|
||||
exec.remotePrm(),
|
||||
exec.callOptions()...,
|
||||
opts...,
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -10,7 +10,6 @@ import (
|
|||
"sync"
|
||||
|
||||
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||
sessionsdk "github.com/nspcc-dev/neofs-api-go/pkg/session"
|
||||
rpcclient "github.com/nspcc-dev/neofs-api-go/rpc/client"
|
||||
signature2 "github.com/nspcc-dev/neofs-api-go/util/signature"
|
||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||
|
@ -33,11 +32,6 @@ var errWrongMessageSeq = errors.New("incorrect message sequence")
|
|||
func (s *Service) toPrm(req *objectV2.GetRequest, stream objectSvc.GetObjectStream) (*getsvc.Prm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(sessionsdk.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -45,7 +39,7 @@ func (s *Service) toPrm(req *objectV2.GetRequest, stream objectSvc.GetObjectStre
|
|||
|
||||
p := new(getsvc.Prm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
body := req.GetBody()
|
||||
|
@ -59,8 +53,14 @@ func (s *Service) toPrm(req *objectV2.GetRequest, stream objectSvc.GetObjectStre
|
|||
p.SetRequestForwarder(groupAddressRequestForwarder(func(addr network.Address, c client.Client, pubkey []byte) (*objectSDK.Object, error) {
|
||||
var err error
|
||||
|
||||
key, err := s.keyStorage.GetKey(nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// once compose and resign forwarding request
|
||||
onceResign.Do(func() {
|
||||
|
||||
// compose meta header of the local server
|
||||
metaHdr := new(session.RequestMetaHeader)
|
||||
metaHdr.SetTTL(meta.GetTTL() - 1)
|
||||
|
@ -159,11 +159,6 @@ func (s *Service) toPrm(req *objectV2.GetRequest, stream objectSvc.GetObjectStre
|
|||
func (s *Service) toRangePrm(req *objectV2.GetRangeRequest, stream objectSvc.GetObjectRangeStream) (*getsvc.RangePrm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(sessionsdk.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -171,7 +166,7 @@ func (s *Service) toRangePrm(req *objectV2.GetRangeRequest, stream objectSvc.Get
|
|||
|
||||
p := new(getsvc.RangePrm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
body := req.GetBody()
|
||||
|
@ -183,6 +178,11 @@ func (s *Service) toRangePrm(req *objectV2.GetRangeRequest, stream objectSvc.Get
|
|||
if !commonPrm.LocalOnly() {
|
||||
var onceResign sync.Once
|
||||
|
||||
key, err := s.keyStorage.GetKey(nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
p.SetRequestForwarder(groupAddressRequestForwarder(func(addr network.Address, c client.Client, pubkey []byte) (*objectSDK.Object, error) {
|
||||
var err error
|
||||
|
||||
|
@ -260,13 +260,6 @@ func (s *Service) toRangePrm(req *objectV2.GetRangeRequest, stream objectSvc.Get
|
|||
}
|
||||
|
||||
func (s *Service) toHashRangePrm(req *objectV2.GetRangeHashRequest) (*getsvc.RangeHashPrm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(sessionsdk.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -274,7 +267,7 @@ func (s *Service) toHashRangePrm(req *objectV2.GetRangeHashRequest) (*getsvc.Ran
|
|||
|
||||
p := new(getsvc.RangeHashPrm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
body := req.GetBody()
|
||||
|
@ -325,11 +318,6 @@ func (w *headResponseWriter) WriteHeader(hdr *object.Object) error {
|
|||
func (s *Service) toHeadPrm(ctx context.Context, req *objectV2.HeadRequest, resp *objectV2.HeadResponse) (*getsvc.HeadPrm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(sessionsdk.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -337,7 +325,7 @@ func (s *Service) toHeadPrm(ctx context.Context, req *objectV2.HeadRequest, resp
|
|||
|
||||
p := new(getsvc.HeadPrm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
body := req.GetBody()
|
||||
|
@ -354,6 +342,11 @@ func (s *Service) toHeadPrm(ctx context.Context, req *objectV2.HeadRequest, resp
|
|||
p.SetRequestForwarder(groupAddressRequestForwarder(func(addr network.Address, c client.Client, pubkey []byte) (*objectSDK.Object, error) {
|
||||
var err error
|
||||
|
||||
key, err := s.keyStorage.GetKey(nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// once compose and resign forwarding request
|
||||
onceResign.Do(func() {
|
||||
// compose meta header of the local server
|
||||
|
|
|
@ -83,11 +83,16 @@ func (c *clientWrapper) searchObjects(exec *execCtx, info client.NodeInfo) ([]*o
|
|||
return exec.prm.forwarder(info, c.client)
|
||||
}
|
||||
|
||||
key, err := exec.prm.common.KeyStorage().GetKey(exec.prm.common.SessionToken())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return c.client.SearchObject(exec.context(),
|
||||
&exec.prm.SearchObjectParams,
|
||||
exec.prm.common.RemoteCallOptions(
|
||||
util.WithNetmapEpoch(exec.curProcEpoch),
|
||||
util.WithKey(exec.prm.common.PrivateKey()),
|
||||
util.WithKey(key),
|
||||
)...)
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,6 @@ import (
|
|||
|
||||
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
||||
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||
sessionsdk "github.com/nspcc-dev/neofs-api-go/pkg/session"
|
||||
rpcclient "github.com/nspcc-dev/neofs-api-go/rpc/client"
|
||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/rpc"
|
||||
|
@ -25,11 +24,6 @@ import (
|
|||
func (s *Service) toPrm(req *objectV2.SearchRequest, stream objectSvc.SearchStream) (*searchsvc.Prm, error) {
|
||||
meta := req.GetMetaHeader()
|
||||
|
||||
key, err := s.keyStorage.GetKey(sessionsdk.NewTokenFromV2(meta.GetSessionToken()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonPrm, err := util.CommonPrmFromV2(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -37,7 +31,7 @@ func (s *Service) toPrm(req *objectV2.SearchRequest, stream objectSvc.SearchStre
|
|||
|
||||
p := new(searchsvc.Prm)
|
||||
p.SetCommonParameters(commonPrm.
|
||||
WithPrivateKey(key),
|
||||
WithKeyStorage(s.keyStorage),
|
||||
)
|
||||
|
||||
p.SetWriter(&streamWriter{
|
||||
|
@ -47,6 +41,11 @@ func (s *Service) toPrm(req *objectV2.SearchRequest, stream objectSvc.SearchStre
|
|||
if !commonPrm.LocalOnly() {
|
||||
var onceResign sync.Once
|
||||
|
||||
key, err := s.keyStorage.GetKey(nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
p.SetRequestForwarder(groupAddressRequestForwarder(func(addr network.Address, c client.Client, pubkey []byte) ([]*objectSDK.ID, error) {
|
||||
var err error
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ type CommonPrm struct {
|
|||
|
||||
bearer *token.BearerToken
|
||||
|
||||
key *ecdsa.PrivateKey
|
||||
keyStor *KeyStorage
|
||||
|
||||
callOpts []client.CallOption
|
||||
}
|
||||
|
@ -63,19 +63,19 @@ func (p *CommonPrm) WithBearerToken(token *token.BearerToken) *CommonPrm {
|
|||
return p
|
||||
}
|
||||
|
||||
// WithPrivateKey sets private key to use during execution.
|
||||
func (p *CommonPrm) WithPrivateKey(key *ecdsa.PrivateKey) *CommonPrm {
|
||||
// WithKeyStorage sets private key storage to use during execution.
|
||||
func (p *CommonPrm) WithKeyStorage(stor *KeyStorage) *CommonPrm {
|
||||
if p != nil {
|
||||
p.key = key
|
||||
p.keyStor = stor
|
||||
}
|
||||
|
||||
return p
|
||||
}
|
||||
|
||||
// PrivateKey returns private key to use during execution.
|
||||
func (p *CommonPrm) PrivateKey() *ecdsa.PrivateKey {
|
||||
// KeyStorage returns private key storage to use during execution.
|
||||
func (p *CommonPrm) KeyStorage() *KeyStorage {
|
||||
if p != nil {
|
||||
return p.key
|
||||
return p.keyStor
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
Loading…
Reference in a new issue