acid-ant/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#1109] object: Validate attribute EXPIRATION_EPOCH on put

Browse source 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
This commit is contained in:
Anton Nikiforov 2024-06-18 15:06:54 +03:00 committed by Evgenii Stratonikov
parent fd28461def
commit 40b68bcb6c
2 changed files with 28 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
pkg/core/object/fmt.go
View file

@ -124,15 +124,22 @@ func (v *FormatValidator) Validate(ctx context.Context, obj *objectSDK.Object, u
return fmt.Errorf("invalid attributes: %w", err) return fmt.Errorf("invalid attributes: %w", err)
} }
exp, err := expirationEpochAttribute(obj)
if err != nil {
if !errors.Is(err, errNoExpirationEpoch) {
return fmt.Errorf("object did not pass expiration check: %w", err)
}
} else if !unprepared && exp < v.netState.CurrentEpoch() {
if err := v.checkIfExpired(ctx, obj); err != nil {
return fmt.Errorf("object did not pass expiration check: %w", err)
}
}
if !unprepared { if !unprepared {
if err := v.validateSignatureKey(obj); err != nil { if err := v.validateSignatureKey(obj); err != nil {
return fmt.Errorf("(%T) could not validate signature key: %w", v, err) return fmt.Errorf("(%T) could not validate signature key: %w", v, err)
} }
if err := v.checkExpiration(ctx, obj); err != nil {
return fmt.Errorf("object did not pass expiration check: %w", err)
}
if err := objectSDK.CheckHeaderVerificationFields(obj); err != nil { if err := objectSDK.CheckHeaderVerificationFields(obj); err != nil {
return fmt.Errorf("(%T) could not validate header fields: %w", v, err) return fmt.Errorf("(%T) could not validate header fields: %w", v, err)
} }
@ -348,35 +355,24 @@ func (v *FormatValidator) fillAndValidateTombstoneMeta(o *objectSDK.Object, meta
var errExpired = errors.New("object has expired") var errExpired = errors.New("object has expired")
func (v *FormatValidator) checkExpiration(ctx context.Context, obj *objectSDK.Object) error { func (v *FormatValidator) checkIfExpired(ctx context.Context, obj *objectSDK.Object) error {
exp, err := expirationEpochAttribute(obj) // an object could be expired but locked;
if err != nil { // put such an object is a correct operation
if errors.Is(err, errNoExpirationEpoch) {
return nil // objects without expiration attribute are valid
}
return err cID, _ := obj.ContainerID()
oID, _ := obj.ID()
var addr oid.Address
addr.SetContainer(cID)
addr.SetObject(oID)
locked, err := v.e.IsLocked(ctx, addr)
if err != nil {
return fmt.Errorf("locking status check for an expired object: %w", err)
} }
if exp < v.netState.CurrentEpoch() { if !locked {
// an object could be expired but locked; return errExpired
// put such an object is a correct operation
cID, _ := obj.ContainerID()
oID, _ := obj.ID()
var addr oid.Address
addr.SetContainer(cID)
addr.SetObject(oID)
locked, err := v.e.IsLocked(ctx, addr)
if err != nil {
return fmt.Errorf("locking status check for an expired object: %w", err)
}
if !locked {
return errExpired
}
} }
return nil return nil

2
pkg/core/object/fmt_test.go
View file

@ -195,6 +195,8 @@ func TestFormatValidator_Validate(t *testing.T) {
val := "text" val := "text"
err := v.Validate(context.Background(), fn(val), false) err := v.Validate(context.Background(), fn(val), false)
require.Error(t, err) require.Error(t, err)
err = v.Validate(context.Background(), fn(val), true)
require.Error(t, err)
}) })
t.Run("expired object", func(t *testing.T) { t.Run("expired object", func(t *testing.T) {