[#xxx] Upgrade NeoFS SDK Go with changed container sessions

After recent changes in NeoFS SDK Go library session tokens aren't
embedded into `container.Container` and `eacl.Table` structures.

Group value, session token and signature in a structure for container
and eACL.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-22 13:55:31 +03:00 committed by fyrchik
parent 633b4e7d2d
commit b67974a8d3
26 changed files with 150 additions and 166 deletions

View file

@ -98,7 +98,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
issuer := tok.Issuer() issuer := tok.Issuer()
cnr.SetOwnerID(&issuer) cnr.SetOwnerID(&issuer)
cnr.SetSessionToken(tok)
} else { } else {
var idOwner user.ID var idOwner user.ID
user.IDFromKey(&idOwner, key.PublicKey) user.IDFromKey(&idOwner, key.PublicKey)
@ -113,7 +112,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
cnr.SetBasicACL(basicACL) cnr.SetBasicACL(basicACL)
cnr.SetAttributes(attributes) cnr.SetAttributes(attributes)
cnr.SetNonceUUID(nonce) cnr.SetNonceUUID(nonce)
cnr.SetSessionToken(tok)
cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC) cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
@ -121,6 +119,10 @@ It will be stored in sidechain when inner ring will accepts it.`,
putPrm.SetClient(cli) putPrm.SetClient(cli)
putPrm.SetContainer(*cnr) putPrm.SetContainer(*cnr)
if tok != nil {
putPrm.WithinSession(*tok)
}
res, err := internalclient.PutContainer(putPrm) res, err := internalclient.PutContainer(putPrm)
common.ExitOnErr(cmd, "rpc error: %w", err) common.ExitOnErr(cmd, "rpc error: %w", err)

View file

@ -3,7 +3,6 @@ package container
import ( import (
"os" "os"
"github.com/nspcc-dev/neofs-api-go/v2/refs"
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
@ -29,22 +28,10 @@ var getExtendedACLCmd = &cobra.Command{
eaclTable := res.EACL() eaclTable := res.EACL()
sig := eaclTable.Signature()
// TODO(@cthulhu-rider): #1387 avoid type conversion
var sigV2 refs.Signature
sig.WriteToV2(&sigV2)
if containerPathTo == "" { if containerPathTo == "" {
cmd.Println("eACL: ") cmd.Println("eACL: ")
common.PrettyPrintJSON(cmd, eaclTable, "eACL") common.PrettyPrintJSON(cmd, eaclTable, "eACL")
var sigV2 refs.Signature
sig.WriteToV2(&sigV2)
cmd.Println("Signature:")
common.PrettyPrintJSON(cmd, &sigV2, "signature")
return return
} }
@ -60,9 +47,6 @@ var getExtendedACLCmd = &cobra.Command{
cmd.Println("dumping data to file:", containerPathTo) cmd.Println("dumping data to file:", containerPathTo)
cmd.Println("Signature:")
common.PrettyPrintJSON(cmd, &sigV2, "signature")
err = os.WriteFile(containerPathTo, data, 0644) err = os.WriteFile(containerPathTo, data, 0644)
common.ExitOnErr(cmd, "could not write eACL to file: %w", err) common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
}, },

View file

@ -32,7 +32,6 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
} }
eaclTable.SetCID(id) eaclTable.SetCID(id)
eaclTable.SetSessionToken(tok)
pk := key.GetOrGenerate(cmd) pk := key.GetOrGenerate(cmd)
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC) cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
@ -41,6 +40,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
setEACLPrm.SetClient(cli) setEACLPrm.SetClient(cli)
setEACLPrm.SetTable(*eaclTable) setEACLPrm.SetTable(*eaclTable)
if tok != nil {
setEACLPrm.WithinSession(*tok)
}
_, err := internalclient.SetEACL(setEACLPrm) _, err := internalclient.SetEACL(setEACLPrm)
common.ExitOnErr(cmd, "rpc error: %w", err) common.ExitOnErr(cmd, "rpc error: %w", err)

View file

@ -10,9 +10,7 @@ import (
cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container" cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl" "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
putsvc "github.com/nspcc-dev/neofs-node/pkg/services/object/put" putsvc "github.com/nspcc-dev/neofs-node/pkg/services/object/put"
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap" netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -147,13 +145,13 @@ func newCachedContainerStorage(v container.Source) *ttlContainerStorage {
// Get returns container value from the cache. If value is missing in the cache // Get returns container value from the cache. If value is missing in the cache
// or expired, then it returns value from side chain and updates the cache. // or expired, then it returns value from side chain and updates the cache.
func (s *ttlContainerStorage) Get(cnr cid.ID) (*containerSDK.Container, error) { func (s *ttlContainerStorage) Get(cnr cid.ID) (*container.Container, error) {
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString()) val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
if err != nil { if err != nil {
return nil, err return nil, err
} }
return val.(*containerSDK.Container), nil return val.(*container.Container), nil
} }
type ttlEACLStorage ttlNetCache type ttlEACLStorage ttlNetCache
@ -180,13 +178,13 @@ func newCachedEACLStorage(v eacl.Source) *ttlEACLStorage {
// GetEACL returns eACL value from the cache. If value is missing in the cache // GetEACL returns eACL value from the cache. If value is missing in the cache
// or expired, then it returns value from side chain and updates cache. // or expired, then it returns value from side chain and updates cache.
func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) { func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*container.EACL, error) {
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString()) val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
if err != nil { if err != nil {
return nil, err return nil, err
} }
return val.(*eaclSDK.Table), nil return val.(*container.EACL), nil
} }
// InvalidateEACL removes cached eACL value. // InvalidateEACL removes cached eACL value.

View file

@ -30,7 +30,6 @@ import (
apiClient "github.com/nspcc-dev/neofs-sdk-go/client" apiClient "github.com/nspcc-dev/neofs-sdk-go/client"
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container" containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap" "go.uber.org/zap"
@ -355,7 +354,7 @@ func (l *loadPlacementBuilder) buildPlacement(epoch uint64, idCnr cid.ID) ([][]n
return nil, nil, err return nil, nil, err
} }
policy := cnr.PlacementPolicy() policy := cnr.Value.PlacementPolicy()
if policy == nil { if policy == nil {
return nil, nil, errors.New("missing placement policy in container") return nil, nil, errors.New("missing placement policy in container")
} }
@ -566,11 +565,11 @@ type morphContainerReader struct {
} }
} }
func (x *morphContainerReader) Get(id cid.ID) (*containerSDK.Container, error) { func (x *morphContainerReader) Get(id cid.ID) (*containerCore.Container, error) {
return x.get.Get(id) return x.get.Get(id)
} }
func (x *morphContainerReader) GetEACL(id cid.ID) (*eaclSDK.Table, error) { func (x *morphContainerReader) GetEACL(id cid.ID) (*containerCore.EACL, error) {
return x.eacl.GetEACL(id) return x.eacl.GetEACL(id)
} }
@ -586,13 +585,13 @@ type morphContainerWriter struct {
lists *ttlContainerLister lists *ttlContainerLister
} }
func (m morphContainerWriter) Put(cnr *containerSDK.Container) (*cid.ID, error) { func (m morphContainerWriter) Put(cnr containerCore.Container) (*cid.ID, error) {
containerID, err := cntClient.Put(m.neoClient, cnr) containerID, err := cntClient.Put(m.neoClient, cnr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
idOwner := cnr.OwnerID() idOwner := cnr.Value.OwnerID()
if idOwner == nil { if idOwner == nil {
return nil, errors.New("missing container owner") return nil, errors.New("missing container owner")
} }
@ -608,14 +607,14 @@ func (m morphContainerWriter) Delete(witness containerCore.RemovalWitness) error
return cntClient.Delete(m.neoClient, witness) return cntClient.Delete(m.neoClient, witness)
} }
func (m morphContainerWriter) PutEACL(table *eaclSDK.Table) error { func (m morphContainerWriter) PutEACL(eaclInfo containerCore.EACL) error {
err := cntClient.PutEACL(m.neoClient, table) err := cntClient.PutEACL(m.neoClient, eaclInfo)
if err != nil { if err != nil {
return err return err
} }
if m.cacheEnabled { if m.cacheEnabled {
id, _ := table.CID() id, _ := eaclInfo.Value.CID()
m.eacls.InvalidateEACL(id) m.eacls.InvalidateEACL(id)
} }

View file

@ -11,6 +11,7 @@ import (
policerconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/policer" policerconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/policer"
replicatorconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/replicator" replicatorconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/replicator"
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client" coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object" objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
@ -402,29 +403,23 @@ type morphEACLFetcher struct {
w *cntClient.Client w *cntClient.Client
} }
func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) { func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*containercore.EACL, error) {
table, err := s.w.GetEACL(cnr) eaclInfo, err := s.w.GetEACL(cnr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
sig := table.Signature() binTable, err := eaclInfo.Value.Marshal()
if sig == nil {
// TODO(@cthulhu-rider): #1387 use "const" error
return nil, errors.New("missing signature")
}
binTable, err := table.Marshal()
if err != nil { if err != nil {
return nil, fmt.Errorf("marshal eACL table: %w", err) return nil, fmt.Errorf("marshal eACL table: %w", err)
} }
if !sig.Verify(binTable) { if !eaclInfo.Signature.Verify(binTable) {
// TODO(@cthulhu-rider): #1387 use "const" error // TODO(@cthulhu-rider): #1387 use "const" error
return nil, errors.New("invalid signature of the eACL table") return nil, errors.New("invalid signature of the eACL table")
} }
return table, nil return eaclInfo, nil
} }
type reputationClientConstructor struct { type reputationClientConstructor struct {

2
go.mod
View file

@ -19,7 +19,7 @@ require (
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220601120906-3bec6657f5c5 // indirect github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220601120906-3bec6657f5c5 // indirect
github.com/nspcc-dev/neofs-api-go/v2 v2.12.3-0.20220620114558-454b5c0ed7e9 github.com/nspcc-dev/neofs-api-go/v2 v2.12.3-0.20220620114558-454b5c0ed7e9
github.com/nspcc-dev/neofs-contract v0.15.1 github.com/nspcc-dev/neofs-contract v0.15.1
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599
github.com/nspcc-dev/tzhash v1.5.2 github.com/nspcc-dev/tzhash v1.5.2
github.com/panjf2000/ants/v2 v2.4.0 github.com/panjf2000/ants/v2 v2.4.0
github.com/paulmach/orb v0.2.2 github.com/paulmach/orb v0.2.2

BIN
go.sum

Binary file not shown.

View file

@ -6,8 +6,23 @@ import (
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session"
) )
// Container groups information about the NeoFS container stored in the NeoFS network.
type Container struct {
// Container structure.
Value *container.Container
// Signature of the Value.
Signature neofscrypto.Signature
// Session within which Value was created. Nil means session absence.
Session *session.Container
}
// Source is an interface that wraps // Source is an interface that wraps
// basic container receiving method. // basic container receiving method.
type Source interface { type Source interface {
@ -19,7 +34,7 @@ type Source interface {
// //
// Implementations must not retain the container pointer and modify // Implementations must not retain the container pointer and modify
// the container through it. // the container through it.
Get(cid.ID) (*container.Container, error) Get(cid.ID) (*Container, error)
} }
// IsErrNotFound checks if the error returned by Source.Get corresponds // IsErrNotFound checks if the error returned by Source.Get corresponds
@ -31,3 +46,16 @@ func IsErrNotFound(err error) bool {
// ErrEACLNotFound is returned by eACL storage implementations when // ErrEACLNotFound is returned by eACL storage implementations when
// the requested eACL table is not in the storage. // the requested eACL table is not in the storage.
var ErrEACLNotFound = errors.New("extended ACL table is not set for this container") var ErrEACLNotFound = errors.New("extended ACL table is not set for this container")
// EACL groups information about the NeoFS container's extended ACL stored in
// the NeoFS network.
type EACL struct {
// Extended ACL structure.
Value *eacl.Table
// Signature of the Value.
Signature neofscrypto.Signature
// Session within which Value was set. Nil means session absence.
Session *session.Container
}

View file

@ -60,7 +60,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
continue continue
} }
policy := cnr.PlacementPolicy() policy := cnr.Value.PlacementPolicy()
if policy == nil { if policy == nil {
log.Error("missing placement policy in container, ignore", log.Error("missing placement policy in container, ignore",
zap.Stringer("cid", containers[i]), zap.Stringer("cid", containers[i]),
@ -108,7 +108,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
WithAuditContext(auditCtx). WithAuditContext(auditCtx).
WithContainerID(containers[i]). WithContainerID(containers[i]).
WithStorageGroupList(storageGroups). WithStorageGroupList(storageGroups).
WithContainerStructure(cnr). WithContainerStructure(cnr.Value).
WithContainerNodes(nodes). WithContainerNodes(nodes).
WithNetworkMap(nm) WithNetworkMap(nm)

View file

@ -169,7 +169,7 @@ func (cp *Processor) checkDeleteContainer(e *containerEvent.Delete) error {
return fmt.Errorf("could not receive the container: %w", err) return fmt.Errorf("could not receive the container: %w", err)
} }
ownerContainer := cnr.OwnerID() ownerContainer := cnr.Value.OwnerID()
if ownerContainer == nil { if ownerContainer == nil {
return errors.New("missing container owner") return errors.New("missing container owner")
} }

View file

@ -52,7 +52,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
} }
// ACL extensions can be disabled by basic ACL, check it // ACL extensions can be disabled by basic ACL, check it
basicACL := cnr.BasicACL() basicACL := cnr.Value.BasicACL()
const finalBitMask = 1 << 28 const finalBitMask = 1 << 28
// Temp solution: NeoFS SDK is going to provide convenient interface to do this soon. // Temp solution: NeoFS SDK is going to provide convenient interface to do this soon.
@ -61,7 +61,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
return errors.New("ACL extension disabled by container basic ACL") return errors.New("ACL extension disabled by container basic ACL")
} }
ownerContainer := cnr.OwnerID() ownerContainer := cnr.Value.OwnerID()
if ownerContainer == nil { if ownerContainer == nil {
return errors.New("missing container owner") return errors.New("missing container owner")
} }

View file

@ -123,7 +123,7 @@ func (s settlementDeps) ContainerInfo(cid cid.ID) (common.ContainerInfo, error)
return nil, fmt.Errorf("could not get container from storage: %w", err) return nil, fmt.Errorf("could not get container from storage: %w", err)
} }
return (*containerWrapper)(cnr), nil return (*containerWrapper)(cnr.Value), nil
} }
func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.NodeInfo, *netmapAPI.NetMap, error) { func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.NodeInfo, *netmapAPI.NetMap, error) {
@ -147,7 +147,7 @@ func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.Node
return nil, nil, fmt.Errorf("could not get container from sidechain: %w", err) return nil, nil, fmt.Errorf("could not get container from sidechain: %w", err)
} }
policy := cnr.PlacementPolicy() policy := cnr.Value.PlacementPolicy()
if policy == nil { if policy == nil {
return nil, nil, errors.New("missing placement policy in container") return nil, nil, errors.New("missing placement policy in container")
} }

View file

@ -8,14 +8,13 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/morph/client" "github.com/nspcc-dev/neofs-node/pkg/morph/client"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
) )
// GetEACL reads the extended ACL table from NeoFS system // GetEACL reads the extended ACL table from NeoFS system
// through Container contract call. // through Container contract call.
func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) { func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
binCnr := make([]byte, sha256.Size) binCnr := make([]byte, sha256.Size)
cnr.Encode(binCnr) cnr.Encode(binCnr)
@ -66,34 +65,29 @@ func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) {
return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err) return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
} }
table := eacl.NewTable() var res container.EACL
if err = table.Unmarshal(rawEACL); err != nil {
// use other major version if there any res.Value = eacl.NewTable()
if err = res.Value.Unmarshal(rawEACL); err != nil {
return nil, err return nil, err
} }
if len(binToken) > 0 { if len(binToken) > 0 {
var tok session.Container res.Session = new(session.Container)
err = tok.Unmarshal(binToken) err = res.Session.Unmarshal(binToken)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not unmarshal session token: %w", err) return nil, fmt.Errorf("could not unmarshal session token: %w", err)
} }
table.SetSessionToken(&tok)
} }
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
var sigV2 refs.Signature var sigV2 refs.Signature
sigV2.SetKey(pub) sigV2.SetKey(pub)
sigV2.SetSign(sig) sigV2.SetSign(sig)
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256) sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
var tableSignature neofscrypto.Signature res.Signature.ReadFromV2(sigV2)
tableSignature.ReadFromV2(sigV2)
table.SetSignature(&tableSignature) return &res, nil
return table, nil
} }

View file

@ -4,8 +4,8 @@ import (
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/morph/client" "github.com/nspcc-dev/neofs-node/pkg/morph/client"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
) )
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method // PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
@ -14,12 +14,12 @@ import (
// Returns error if table is nil. // Returns error if table is nil.
// //
// If TryNotary is provided, calls notary contract. // If TryNotary is provided, calls notary contract.
func PutEACL(c *Client, table *eacl.Table) error { func PutEACL(c *Client, eaclInfo containercore.EACL) error {
if table == nil { if eaclInfo.Value == nil {
return errNilArgument return errNilArgument
} }
data, err := table.Marshal() data, err := eaclInfo.Value.Marshal()
if err != nil { if err != nil {
return fmt.Errorf("can't marshal eacl table: %w", err) return fmt.Errorf("can't marshal eacl table: %w", err)
} }
@ -27,18 +27,16 @@ func PutEACL(c *Client, table *eacl.Table) error {
var prm PutEACLPrm var prm PutEACLPrm
prm.SetTable(data) prm.SetTable(data)
if tok := table.SessionToken(); tok != nil { if eaclInfo.Session != nil {
prm.SetToken(tok.Marshal()) prm.SetToken(eaclInfo.Session.Marshal())
} }
if sig := table.Signature(); sig != nil {
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
var sigV2 refs.Signature var sigV2 refs.Signature
sig.WriteToV2(&sigV2) eaclInfo.Signature.WriteToV2(&sigV2)
prm.SetKey(sigV2.GetKey()) prm.SetKey(sigV2.GetKey())
prm.SetSignature(sigV2.GetSign()) prm.SetSignature(sigV2.GetSign())
}
return c.PutEACL(prm) return c.PutEACL(prm)
} }

View file

@ -7,6 +7,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
containerContract "github.com/nspcc-dev/neofs-contract/container" containerContract "github.com/nspcc-dev/neofs-contract/container"
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
core "github.com/nspcc-dev/neofs-node/pkg/core/container" core "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/morph/client" "github.com/nspcc-dev/neofs-node/pkg/morph/client"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
@ -18,7 +19,7 @@ import (
type containerSource Client type containerSource Client
func (x *containerSource) Get(cnr cid.ID) (*container.Container, error) { func (x *containerSource) Get(cnr cid.ID) (*containercore.Container, error) {
return Get((*Client)(x), cnr) return Get((*Client)(x), cnr)
} }
@ -29,7 +30,7 @@ func AsContainerSource(w *Client) core.Source {
} }
// Get marshals container ID, and passes it to Wrapper's Get method. // Get marshals container ID, and passes it to Wrapper's Get method.
func Get(c *Client, cnr cid.ID) (*container.Container, error) { func Get(c *Client, cnr cid.ID) (*containercore.Container, error) {
binCnr := make([]byte, sha256.Size) binCnr := make([]byte, sha256.Size)
cnr.Encode(binCnr) cnr.Encode(binCnr)
@ -41,7 +42,7 @@ func Get(c *Client, cnr cid.ID) (*container.Container, error) {
// //
// If an empty slice is returned for the requested identifier, // If an empty slice is returned for the requested identifier,
// storage.ErrNotFound error is returned. // storage.ErrNotFound error is returned.
func (c *Client) Get(cid []byte) (*container.Container, error) { func (c *Client) Get(cid []byte) (*containercore.Container, error) {
prm := client.TestInvokePrm{} prm := client.TestInvokePrm{}
prm.SetMethod(getMethod) prm.SetMethod(getMethod)
prm.SetArgs(cid) prm.SetArgs(cid)
@ -87,25 +88,24 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
return nil, fmt.Errorf("could not get byte array of session token (%s): %w", getMethod, err) return nil, fmt.Errorf("could not get byte array of session token (%s): %w", getMethod, err)
} }
cnr := container.New() var cnr containercore.Container
if err := cnr.Unmarshal(cnrBytes); err != nil {
cnr.Value = container.New()
if err := cnr.Value.Unmarshal(cnrBytes); err != nil {
// use other major version if there any // use other major version if there any
return nil, fmt.Errorf("can't unmarshal container: %w", err) return nil, fmt.Errorf("can't unmarshal container: %w", err)
} }
if len(tokBytes) > 0 { if len(tokBytes) > 0 {
var tok session.Container cnr.Session = new(session.Container)
err = tok.Unmarshal(tokBytes) err = cnr.Session.Unmarshal(tokBytes)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not unmarshal session token: %w", err) return nil, fmt.Errorf("could not unmarshal session token: %w", err)
} }
cnr.SetSessionToken(&tok)
} }
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
var sigV2 refs.Signature var sigV2 refs.Signature
sigV2.SetKey(pub) sigV2.SetKey(pub)
sigV2.SetSign(sigBytes) sigV2.SetSign(sigBytes)
@ -114,7 +114,5 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
var sig neofscrypto.Signature var sig neofscrypto.Signature
sig.ReadFromV2(sigV2) sig.ReadFromV2(sigV2)
cnr.SetSignature(&sig) return &cnr, nil
return cnr, nil
} }

View file

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/morph/client" "github.com/nspcc-dev/neofs-node/pkg/morph/client"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -14,35 +15,33 @@ import (
// along with sig.Key() and sig.Sign(). // along with sig.Key() and sig.Sign().
// //
// Returns error if container is nil. // Returns error if container is nil.
func Put(c *Client, cnr *container.Container) (*cid.ID, error) { func Put(c *Client, cnr containercore.Container) (*cid.ID, error) {
if cnr == nil { if cnr.Value == nil {
return nil, errNilArgument return nil, errNilArgument
} }
data, err := cnr.Marshal() data, err := cnr.Value.Marshal()
if err != nil { if err != nil {
return nil, fmt.Errorf("can't marshal container: %w", err) return nil, fmt.Errorf("can't marshal container: %w", err)
} }
name, zone := container.GetNativeNameWithZone(cnr) name, zone := container.GetNativeNameWithZone(cnr.Value)
var prm PutPrm var prm PutPrm
prm.SetContainer(data) prm.SetContainer(data)
prm.SetName(name) prm.SetName(name)
prm.SetZone(zone) prm.SetZone(zone)
if tok := cnr.SessionToken(); tok != nil { if cnr.Session != nil {
prm.SetToken(tok.Marshal()) prm.SetToken(cnr.Session.Marshal())
} }
if sig := cnr.Signature(); sig != nil {
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
var sigV2 refs.Signature var sigV2 refs.Signature
sig.WriteToV2(&sigV2) cnr.Signature.WriteToV2(&sigV2)
prm.SetKey(sigV2.GetKey()) prm.SetKey(sigV2.GetKey())
prm.SetSignature(sigV2.GetSign()) prm.SetSignature(sigV2.GetSign())
}
err = c.Put(prm) err = c.Put(prm)
if err != nil { if err != nil {

View file

@ -13,7 +13,6 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl" "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container" containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
@ -38,11 +37,11 @@ type Reader interface {
// Writer is an interface of container storage updater. // Writer is an interface of container storage updater.
type Writer interface { type Writer interface {
// Put stores specified container in the side chain. // Put stores specified container in the side chain.
Put(*containerSDK.Container) (*cid.ID, error) Put(containercore.Container) (*cid.ID, error)
// Delete removes specified container from the side chain. // Delete removes specified container from the side chain.
Delete(containercore.RemovalWitness) error Delete(containercore.RemovalWitness) error
// PutEACL updates extended ACL table of specified container in the side chain. // PutEACL updates extended ACL table of specified container in the side chain.
PutEACL(*eaclSDK.Table) error PutEACL(containercore.EACL) error
} }
func NewExecutor(rdr Reader, wrt Writer) containerSvc.ServiceExecutor { func NewExecutor(rdr Reader, wrt Writer) containerSvc.ServiceExecutor {
@ -59,22 +58,19 @@ func (s *morphExecutor) Put(_ context.Context, tokV2 *sessionV2.Token, body *con
return nil, errors.New("missing signature") return nil, errors.New("missing signature")
} }
cnr := containerSDK.NewContainerFromV2(body.GetContainer()) cnr := containercore.Container{
Value: containerSDK.NewContainerFromV2(body.GetContainer()),
}
var sig neofscrypto.Signature cnr.Signature.ReadFromV2(*sigV2)
sig.ReadFromV2(*sigV2)
cnr.SetSignature(&sig)
if tokV2 != nil { if tokV2 != nil {
var tok session.Container cnr.Session = new(session.Container)
err := tok.ReadFromV2(*tokV2) err := cnr.Session.ReadFromV2(*tokV2)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid session token: %w", err) return nil, fmt.Errorf("invalid session token: %w", err)
} }
cnr.SetSessionToken(&tok)
} }
idCnr, err := s.wrt.Put(cnr) idCnr, err := s.wrt.Put(cnr)
@ -151,21 +147,19 @@ func (s *morphExecutor) Get(ctx context.Context, body *container.GetRequestBody)
var sigV2 *refs.Signature var sigV2 *refs.Signature
if sig := cnr.Signature(); sig != nil {
sigV2 = new(refs.Signature) sigV2 = new(refs.Signature)
sig.WriteToV2(sigV2) cnr.Signature.WriteToV2(sigV2)
}
var tokV2 *sessionV2.Token var tokV2 *sessionV2.Token
if tok := cnr.SessionToken(); tok != nil { if cnr.Session != nil {
tokV2 = new(sessionV2.Token) tokV2 = new(sessionV2.Token)
tok.WriteToV2(tokV2) cnr.Session.WriteToV2(tokV2)
} }
res := new(container.GetResponseBody) res := new(container.GetResponseBody)
res.SetContainer(cnr.ToV2()) res.SetContainer(cnr.Value.ToV2())
res.SetSignature(sigV2) res.SetSignature(sigV2)
res.SetSessionToken(tokV2) res.SetSessionToken(tokV2)
@ -208,25 +202,22 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok
return nil, errors.New("missing signature") return nil, errors.New("missing signature")
} }
table := eaclSDK.NewTableFromV2(body.GetEACL()) eaclInfo := containercore.EACL{
Value: eaclSDK.NewTableFromV2(body.GetEACL()),
}
var sig neofscrypto.Signature eaclInfo.Signature.ReadFromV2(*sigV2)
sig.ReadFromV2(*sigV2)
table.SetSignature(&sig)
if tokV2 != nil { if tokV2 != nil {
var tok session.Container eaclInfo.Session = new(session.Container)
err := tok.ReadFromV2(*tokV2) err := eaclInfo.Session.ReadFromV2(*tokV2)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid session token: %w", err) return nil, fmt.Errorf("invalid session token: %w", err)
} }
table.SetSessionToken(&tok)
} }
err := s.wrt.PutEACL(table) err := s.wrt.PutEACL(eaclInfo)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -247,29 +238,25 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
return nil, fmt.Errorf("invalid container ID: %w", err) return nil, fmt.Errorf("invalid container ID: %w", err)
} }
table, err := s.rdr.GetEACL(id) eaclInfo, err := s.rdr.GetEACL(id)
if err != nil { if err != nil {
return nil, err return nil, err
} }
var sigV2 *refs.Signature var sigV2 refs.Signature
eaclInfo.Signature.WriteToV2(&sigV2)
if sig := table.Signature(); sig != nil {
sigV2 = new(refs.Signature)
sig.WriteToV2(sigV2)
}
var tokV2 *sessionV2.Token var tokV2 *sessionV2.Token
if tok := table.SessionToken(); tok != nil { if eaclInfo.Session != nil {
tokV2 = new(sessionV2.Token) tokV2 = new(sessionV2.Token)
tok.WriteToV2(tokV2) eaclInfo.Session.WriteToV2(tokV2)
} }
res := new(container.GetExtendedACLResponseBody) res := new(container.GetExtendedACLResponseBody)
res.SetEACL(table.ToV2()) res.SetEACL(eaclInfo.Value.ToV2())
res.SetSignature(sigV2) res.SetSignature(&sigV2)
res.SetSessionToken(tokV2) res.SetSessionToken(tokV2)
return res, nil return res, nil

View file

@ -10,10 +10,8 @@ import (
containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container" containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container"
containerSvc "github.com/nspcc-dev/neofs-node/pkg/services/container" containerSvc "github.com/nspcc-dev/neofs-node/pkg/services/container"
containerSvcMorph "github.com/nspcc-dev/neofs-node/pkg/services/container/morph" containerSvcMorph "github.com/nspcc-dev/neofs-node/pkg/services/container/morph"
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -22,7 +20,7 @@ type mock struct {
containerSvcMorph.Reader containerSvcMorph.Reader
} }
func (m mock) Put(_ *containerSDK.Container) (*cid.ID, error) { func (m mock) Put(_ containerCore.Container) (*cid.ID, error) {
return new(cid.ID), nil return new(cid.ID), nil
} }
@ -30,7 +28,7 @@ func (m mock) Delete(_ containerCore.RemovalWitness) error {
return nil return nil
} }
func (m mock) PutEACL(_ *eacl.Table) error { func (m mock) PutEACL(_ containerCore.EACL) error {
return nil return nil
} }

View file

@ -148,7 +148,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
bearerTok := reqInfo.Bearer() bearerTok := reqInfo.Bearer()
if bearerTok == nil { if bearerTok == nil {
pTable, err := c.eaclSrc.GetEACL(cnr) eaclInfo, err := c.eaclSrc.GetEACL(cnr)
if err != nil { if err != nil {
if errors.Is(err, container.ErrEACLNotFound) { if errors.Is(err, container.ErrEACLNotFound) {
return nil return nil
@ -156,7 +156,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
return err return err
} }
table = *pTable table = *eaclInfo.Value
} else { } else {
table = bearerTok.EACLTable() table = bearerTok.EACLTable()
} }

View file

@ -3,6 +3,7 @@ package acl
import ( import (
"testing" "testing"
"github.com/nspcc-dev/neofs-node/pkg/core/container"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2" v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@ -14,7 +15,7 @@ import (
type emptyEACLSource struct{} type emptyEACLSource struct{}
func (e emptyEACLSource) GetEACL(_ cid.ID) (*eaclSDK.Table, error) { func (e emptyEACLSource) GetEACL(_ cid.ID) (*container.EACL, error) {
return nil, nil return nil, nil
} }

View file

@ -1,8 +1,8 @@
package eacl package eacl
import ( import (
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
) )
// Source is the interface that wraps // Source is the interface that wraps
@ -15,5 +15,5 @@ type Source interface {
// //
// Must return pkg/core/container.ErrEACLNotFound if requested // Must return pkg/core/container.ErrEACLNotFound if requested
// eACL table is not in source. // eACL table is not in source.
GetEACL(cid.ID) (*eacl.Table, error) GetEACL(cid.ID) (*containercore.EACL, error)
} }

View file

@ -506,7 +506,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
cnr, err := b.containers.Get(idCnr) // fetch actual container cnr, err := b.containers.Get(idCnr) // fetch actual container
if err != nil { if err != nil {
return info, err return info, err
} else if cnr.OwnerID() == nil { } else if cnr.Value.OwnerID() == nil {
return info, errors.New("missing owner in container descriptor") return info, errors.New("missing owner in container descriptor")
} }
@ -526,7 +526,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
} }
// find request role and key // find request role and key
res, err := b.c.classify(req, idCnr, cnr) res, err := b.c.classify(req, idCnr, cnr.Value)
if err != nil { if err != nil {
return info, err return info, err
} }
@ -535,11 +535,11 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
return info, ErrUnknownRole return info, ErrUnknownRole
} }
info.basicACL = cnr.BasicACL() info.basicACL = cnr.Value.BasicACL()
info.requestRole = res.role info.requestRole = res.role
info.isInnerRing = res.isIR info.isInnerRing = res.isIR
info.operation = op info.operation = op
info.cnrOwner = *cnr.OwnerID() info.cnrOwner = *cnr.Value.OwnerID()
info.idCnr = idCnr info.idCnr = idCnr
// it is assumed that at the moment the key will be valid, // it is assumed that at the moment the key will be valid,

View file

@ -156,7 +156,7 @@ func (p *Streamer) preparePrm(prm *PutInitPrm) error {
// add common options // add common options
prm.traverseOpts = append(prm.traverseOpts, prm.traverseOpts = append(prm.traverseOpts,
// set processing container // set processing container
placement.ForContainer(cnr), placement.ForContainer(cnr.Value),
) )
if id, ok := prm.hdr.ID(); ok { if id, ok := prm.hdr.ID(); ok {

View file

@ -147,7 +147,7 @@ func (g *TraverserGenerator) GenerateTraverser(idCnr cid.ID, idObj *oid.ID, epoc
traverseOpts = append(traverseOpts, traverseOpts = append(traverseOpts,
// set processing container // set processing container
placement.ForContainer(cnr), placement.ForContainer(cnr.Value),
// set placement builder // set placement builder
placement.UseBuilder(builder), placement.UseBuilder(builder),

View file

@ -44,7 +44,7 @@ func (p *Policer) processObject(ctx context.Context, addr oid.Address) {
return return
} }
policy := cnr.PlacementPolicy() policy := cnr.Value.PlacementPolicy()
if policy == nil { if policy == nil {
p.log.Error("missing placement policy in container", p.log.Error("missing placement policy in container",
zap.Stringer("cid", idCnr), zap.Stringer("cid", idCnr),