Compare commits

...

3 commits

Author SHA1 Message Date
9646d77ae1 [#851] ape: Initialize and use policy contract interface
* Replace inmemory policy contract mock by initialized
  policy contract interface.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-13 15:50:00 +03:00
da9c75f9aa [#XX] object: Pass just CID to chain router
* Do not convert CID from request to native-schema resource
  format - this step is unneccessary for APE.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-13 15:29:17 +03:00
9275c6b3e1 [#XX] cli: Pass only CID in requests for control API
* Fix add-rule, list-rules, remove-rule, get-rule commands:
  do not convert container ID to native-schema resource format
  and pass it to control API.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-13 15:25:47 +03:00
12 changed files with 23 additions and 25 deletions

View file

@ -4,7 +4,6 @@ import (
"bytes" "bytes"
"crypto/sha256" "crypto/sha256"
"encoding/json" "encoding/json"
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -14,7 +13,6 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -62,13 +60,11 @@ func addRule(cmd *cobra.Command, _ []string) {
cmd.Println("Container ID: " + cidStr) cmd.Println("Container ID: " + cidStr)
cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain)) cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain))
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
req := &control.AddChainLocalOverrideRequest{ req := &control.AddChainLocalOverrideRequest{
Body: &control.AddChainLocalOverrideRequest_Body{ Body: &control.AddChainLocalOverrideRequest_Body{
Target: &control.ChainTarget{ Target: &control.ChainTarget{
Type: control.ChainTarget_CONTAINER, Type: control.ChainTarget_CONTAINER,
Name: name, Name: cidStr,
}, },
Chain: serializedChain, Chain: serializedChain,
}, },

View file

@ -2,7 +2,6 @@ package control
import ( import (
"crypto/sha256" "crypto/sha256"
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -11,7 +10,6 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -34,12 +32,10 @@ func getRule(cmd *cobra.Command, _ []string) {
chainID, _ := cmd.Flags().GetString(chainIDFlag) chainID, _ := cmd.Flags().GetString(chainIDFlag)
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
req := &control.GetChainLocalOverrideRequest{ req := &control.GetChainLocalOverrideRequest{
Body: &control.GetChainLocalOverrideRequest_Body{ Body: &control.GetChainLocalOverrideRequest_Body{
Target: &control.ChainTarget{ Target: &control.ChainTarget{
Name: name, Name: cidStr,
Type: control.ChainTarget_CONTAINER, Type: control.ChainTarget_CONTAINER,
}, },
ChainId: chainID, ChainId: chainID,

View file

@ -2,7 +2,6 @@ package control
import ( import (
"crypto/sha256" "crypto/sha256"
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -11,7 +10,6 @@ import (
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -32,12 +30,10 @@ func listRules(cmd *cobra.Command, _ []string) {
rawCID := make([]byte, sha256.Size) rawCID := make([]byte, sha256.Size)
cnr.Encode(rawCID) cnr.Encode(rawCID)
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
req := &control.ListChainLocalOverridesRequest{ req := &control.ListChainLocalOverridesRequest{
Body: &control.ListChainLocalOverridesRequest_Body{ Body: &control.ListChainLocalOverridesRequest_Body{
Target: &control.ChainTarget{ Target: &control.ChainTarget{
Name: name, Name: cidStr,
Type: control.ChainTarget_CONTAINER, Type: control.ChainTarget_CONTAINER,
}, },
}, },

View file

@ -2,7 +2,6 @@ package control
import ( import (
"crypto/sha256" "crypto/sha256"
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -10,7 +9,6 @@ import (
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common" commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -37,12 +35,10 @@ func removeRule(cmd *cobra.Command, _ []string) {
chainID, _ := cmd.Flags().GetString(chainIDFlag) chainID, _ := cmd.Flags().GetString(chainIDFlag)
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
req := &control.RemoveChainLocalOverrideRequest{ req := &control.RemoveChainLocalOverrideRequest{
Body: &control.RemoveChainLocalOverrideRequest_Body{ Body: &control.RemoveChainLocalOverrideRequest_Body{
Target: &control.ChainTarget{ Target: &control.ChainTarget{
Name: name, Name: cidStr,
Type: control.ChainTarget_CONTAINER, Type: control.ChainTarget_CONTAINER,
}, },
ChainId: chainID, ChainId: chainID,

View file

@ -69,7 +69,7 @@ import (
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object" objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory" policy_client "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
neogoutil "github.com/nspcc-dev/neo-go/pkg/util" neogoutil "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/panjf2000/ants/v2" "github.com/panjf2000/ants/v2"
@ -542,6 +542,8 @@ type cfgLocalStorage struct {
} }
type cfgAccessPolicyEngine struct { type cfgAccessPolicyEngine struct {
policyContractHash neogoutil.Uint160
accessPolicyEngine *accessPolicyEngine accessPolicyEngine *accessPolicyEngine
} }
@ -987,7 +989,9 @@ func initAccessPolicyEngine(_ context.Context, c *cfg) {
) )
} }
morphRuleStorage := inmemory.NewInmemoryMorphRuleChainStorage() morphRuleStorage := policy_client.NewContractStorage(
c.cfgMorph.client.GetActor(),
c.cfgObject.cfgAccessPolicyEngine.policyContractHash)
ape := newAccessPolicyEngine(morphRuleStorage, localOverrideDB) ape := newAccessPolicyEngine(morphRuleStorage, localOverrideDB)
c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine = ape c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine = ape

View file

@ -98,14 +98,15 @@ func initApp(ctx context.Context, c *cfg) {
fatalOnErr(c.cfgObject.cfgLocalStorage.localStorage.Init(ctx)) fatalOnErr(c.cfgObject.cfgLocalStorage.localStorage.Init(ctx))
}) })
initAndLog(c, "gRPC", initGRPC)
initAndLog(c, "netmap", func(c *cfg) { initNetmapService(ctx, c) })
initAccessPolicyEngine(ctx, c) initAccessPolicyEngine(ctx, c)
initAndLog(c, "access policy engine", func(c *cfg) { initAndLog(c, "access policy engine", func(c *cfg) {
fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Open(ctx)) fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Open(ctx))
fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Init()) fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Init())
}) })
initAndLog(c, "gRPC", initGRPC)
initAndLog(c, "netmap", func(c *cfg) { initNetmapService(ctx, c) })
initAndLog(c, "accounting", func(c *cfg) { initAccountingService(ctx, c) }) initAndLog(c, "accounting", func(c *cfg) { initAccountingService(ctx, c) })
initAndLog(c, "container", func(c *cfg) { initContainerService(ctx, c) }) initAndLog(c, "container", func(c *cfg) { initContainerService(ctx, c) })
initAndLog(c, "session", initSessionService) initAndLog(c, "session", initSessionService)

View file

@ -289,6 +289,7 @@ func lookupScriptHashesInNNS(c *cfg) {
{&c.cfgAccounting.scriptHash, client.NNSBalanceContractName}, {&c.cfgAccounting.scriptHash, client.NNSBalanceContractName},
{&c.cfgContainer.scriptHash, client.NNSContainerContractName}, {&c.cfgContainer.scriptHash, client.NNSContainerContractName},
{&c.cfgMorph.proxyScriptHash, client.NNSProxyContractName}, {&c.cfgMorph.proxyScriptHash, client.NNSProxyContractName},
{&c.cfgObject.cfgAccessPolicyEngine.policyContractHash, client.NNSPolicyContractName},
} }
) )

2
go.mod
View file

@ -2,6 +2,8 @@ module git.frostfs.info/TrueCloudLab/frostfs-node
go 1.20 go 1.20
replace git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231211080303-8c673ee4f4af => git.frostfs.info/aarifullin/policy-engine v0.0.0-20231212185618-def903261503
require ( require (
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20231031104748-498877e378fd git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20231031104748-498877e378fd
git.frostfs.info/TrueCloudLab/frostfs-contract v0.18.1-0.20231129062201-a1b61d394958 git.frostfs.info/TrueCloudLab/frostfs-contract v0.18.1-0.20231129062201-a1b61d394958

BIN
go.sum

Binary file not shown.

View file

@ -539,3 +539,7 @@ func (c *Client) setActor(act *actor.Actor) {
c.gasToken = nep17.New(act, gas.Hash) c.gasToken = nep17.New(act, gas.Hash)
c.rolemgmt = rolemgmt.New(act) c.rolemgmt = rolemgmt.New(act)
} }
func (c *Client) GetActor() *actor.Actor {
return c.rpcActor
}

View file

@ -33,6 +33,8 @@ const (
NNSProxyContractName = "proxy.frostfs" NNSProxyContractName = "proxy.frostfs"
// NNSGroupKeyName is a name for the FrostFS group key record in NNS. // NNSGroupKeyName is a name for the FrostFS group key record in NNS.
NNSGroupKeyName = "group.frostfs" NNSGroupKeyName = "group.frostfs"
// NNSPolicyContractName is a name of the policy contract in NNS.
NNSPolicyContractName = "policy.frostfs"
) )
var ( var (

View file

@ -26,7 +26,7 @@ func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
request := new(Request) request := new(Request)
request.FromRequestInfo(reqInfo) request.FromRequestInfo(reqInfo)
cnrTarget := getResource(reqInfo).Name() cnrTarget := reqInfo.ContainerID().EncodeToString()
status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request) status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
if err != nil { if err != nil {