[#1348] go.mod: Update api-go and sdk-go

Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
2024-09-03 11:39:02 +03:00 · 2024-09-03 11:39:02 +03:00 · a4fb7f085b
commit a4fb7f085b
parent a685fcdc96
14 changed files with 2 additions and 298 deletions
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -17,7 +17,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@ -192,31 +191,6 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
 	return
 }

-// EACLPrm groups parameters of EACL operation.
-type EACLPrm struct {
-	Client       *client.Client
-	ClientParams client.PrmContainerEACL
-}
-
-// EACLRes groups the resulting values of EACL operation.
-type EACLRes struct {
-	cliRes *client.ResContainerEACL
-}
-
-// EACL returns requested eACL table.
-func (x EACLRes) EACL() eacl.Table {
-	return x.cliRes.Table()
-}
-
-// EACL reads eACL table from FrostFS by container ID.
-//
-// Returns any error which prevented the operation from completing correctly in error return.
-func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
-	res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
-
-	return
-}
-
 // NetworkInfoPrm groups parameters of NetworkInfo operation.
 type NetworkInfoPrm struct {
 	Client       *client.Client
--- a/cmd/frostfs-cli/modules/container/get_eacl.go
+++ b/cmd/frostfs-cli/modules/container/get_eacl.go
@ -1,68 +0,0 @@
-package container
-
-import (
-	"os"
-
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	"github.com/spf13/cobra"
-)
-
-var getExtendedACLCmd = &cobra.Command{
-	Use:   "get-eacl",
-	Short: "Get extended ACL table of container",
-	Long:  `Get extended ACL table of container`,
-	Run: func(cmd *cobra.Command, _ []string) {
-		id := parseContainerID(cmd)
-		pk := key.GetOrGenerate(cmd)
-		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
-
-		eaclPrm := internalclient.EACLPrm{
-			Client: cli,
-			ClientParams: client.PrmContainerEACL{
-				ContainerID: &id,
-			},
-		}
-
-		res, err := internalclient.EACL(cmd.Context(), eaclPrm)
-		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-		eaclTable := res.EACL()
-
-		if containerPathTo == "" {
-			cmd.Println("eACL: ")
-			common.PrettyPrintJSON(cmd, &eaclTable, "eACL")
-
-			return
-		}
-
-		var data []byte
-
-		if containerJSON {
-			data, err = eaclTable.MarshalJSON()
-			commonCmd.ExitOnErr(cmd, "can't encode to JSON: %w", err)
-		} else {
-			data, err = eaclTable.Marshal()
-			commonCmd.ExitOnErr(cmd, "can't encode to binary: %w", err)
-		}
-
-		cmd.Println("dumping data to file:", containerPathTo)
-
-		err = os.WriteFile(containerPathTo, data, 0o644)
-		commonCmd.ExitOnErr(cmd, "could not write eACL to file: %w", err)
-	},
-}
-
-func initContainerGetEACLCmd() {
-	commonflags.Init(getExtendedACLCmd)
-
-	flags := getExtendedACLCmd.Flags()
-
-	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
-	flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container (default: binary encoded)")
-	flags.BoolVar(&containerJSON, commonflags.JSON, false, "Encode EACL table in json format")
-}
--- a/cmd/frostfs-cli/modules/container/root.go
+++ b/cmd/frostfs-cli/modules/container/root.go
@ -25,7 +25,6 @@ func init() {
 		deleteContainerCmd,
 		listContainerObjectsCmd,
 		getContainerInfoCmd,
-		getExtendedACLCmd,
 		containerNodesCmd,
 		policyPlaygroundCmd,
 	}
@ -37,7 +36,6 @@ func init() {
 	initContainerDeleteCmd()
 	initContainerListObjectsCmd()
 	initContainerInfoCmd()
-	initContainerGetEACLCmd()
 	initContainerNodesCmd()
 	initContainerPolicyPlaygroundCmd()

--- a/cmd/frostfs-cli/modules/util/ape.go
+++ b/cmd/frostfs-cli/modules/util/ape.go
@ -258,10 +258,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
 		return []string{nativeschema.MethodDeleteContainer}, false, nil
 	case "container.get":
 		return []string{nativeschema.MethodGetContainer}, false, nil
-	case "container.setcontainereacl":
-		return []string{nativeschema.MethodSetContainerEACL}, false, nil
-	case "container.getcontainereacl":
-		return []string{nativeschema.MethodGetContainerEACL}, false, nil
 	case "container.list":
 		return []string{nativeschema.MethodListContainers}, false, nil
 	case "container.*":
@ -269,8 +265,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
 			nativeschema.MethodPutContainer,
 			nativeschema.MethodDeleteContainer,
 			nativeschema.MethodGetContainer,
-			nativeschema.MethodSetContainerEACL,
-			nativeschema.MethodGetContainerEACL,
 			nativeschema.MethodListContainers,
 		}, false, nil
 	default:
--- a/go.mod
+++ b/go.mod
@ -4,12 +4,12 @@ go 1.22

 require (
 	code.gitea.io/sdk/gitea v0.17.1
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240828085308-5e1c6a908f61
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240902111049-c11f50efeccb
 	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
 	git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240827083309-f0b9493ce3f7
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1
 	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0
--- a/go.sum
+++ b/go.sum
--- a/pkg/network/transport/container/grpc/service.go
+++ b/pkg/network/transport/container/grpc/service.go
@ -80,18 +80,3 @@ func (s *Server) List(ctx context.Context, req *containerGRPC.ListRequest) (*con

 	return resp.ToGRPCMessage().(*containerGRPC.ListResponse), nil
 }
-
-// GetExtendedACL converts gRPC GetExtendedACLRequest message and passes it to internal Container service.
-func (s *Server) GetExtendedACL(ctx context.Context, req *containerGRPC.GetExtendedACLRequest) (*containerGRPC.GetExtendedACLResponse, error) {
-	getEACLReq := new(container.GetExtendedACLRequest)
-	if err := getEACLReq.FromGRPCMessage(req); err != nil {
-		return nil, err
-	}
-
-	resp, err := s.srv.GetExtendedACL(ctx, getEACLReq)
-	if err != nil {
-		return nil, err
-	}
-
-	return resp.ToGRPCMessage().(*containerGRPC.GetExtendedACLResponse), nil
-}
--- a/pkg/services/container/ape.go
+++ b/pkg/services/container/ape.go
@ -102,18 +102,6 @@ func (ac *apeChecker) Get(ctx context.Context, req *container.GetRequest) (*cont
 	return ac.next.Get(ctx, req)
 }

-func (ac *apeChecker) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
-	ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.GetExtendedACL")
-	defer span.End()
-
-	if err := ac.validateContainerBoundedOperation(ctx, req.GetBody().GetContainerID(), req.GetMetaHeader(), req.GetVerificationHeader(),
-		nativeschema.MethodGetContainerEACL); err != nil {
-		return nil, err
-	}
-
-	return ac.next.GetExtendedACL(ctx, req)
-}
-
 func (ac *apeChecker) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.List")
 	defer span.End()
--- a/pkg/services/container/ape_test.go
+++ b/pkg/services/container/ape_test.go
@ -49,7 +49,6 @@ func TestAPE(t *testing.T) {
 	t.Run("deny get container by user claim tag", testDenyGetContainerByUserClaimTag)
 	t.Run("deny get container by IP", testDenyGetContainerByIP)
 	t.Run("deny get container by group id", testDenyGetContainerByGroupID)
-	t.Run("deny get container eACL for IR with session token", testDenyGetContainerEACLForIRSessionToken)
 	t.Run("deny put container for others with session token", testDenyPutContainerForOthersSessionToken)
 	t.Run("deny put container, read namespace from frostfsID", testDenyPutContainerReadNamespaceFromFrostfsID)
 	t.Run("deny put container with invlaid namespace", testDenyPutContainerInvalidNamespace)
@ -663,95 +662,6 @@ func testDenyGetContainerByGroupID(t *testing.T) {
 	require.ErrorAs(t, err, &errAccessDenied)
 }

-func testDenyGetContainerEACLForIRSessionToken(t *testing.T) {
-	t.Parallel()
-	srv := &srvStub{
-		calls: map[string]int{},
-	}
-	router := inmemory.NewInMemory()
-	contRdr := &containerStub{
-		c: map[cid.ID]*containercore.Container{},
-	}
-	ir := &irStub{
-		keys: [][]byte{},
-	}
-	nm := &netmapStub{}
-	frostfsIDSubjectReader := &frostfsidStub{
-		subjects: map[util.Uint160]*client.Subject{},
-	}
-	apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)
-
-	contID := cidtest.ID()
-	testContainer := containertest.Container()
-	pp := netmap.PlacementPolicy{}
-	require.NoError(t, pp.DecodeString("REP 1"))
-	testContainer.SetPlacementPolicy(pp)
-	contRdr.c[contID] = &containercore.Container{Value: testContainer}
-
-	nm.currentEpoch = 100
-	nm.netmaps = map[uint64]*netmap.NetMap{}
-	var testNetmap netmap.NetMap
-	testNetmap.SetEpoch(nm.currentEpoch)
-	testNetmap.SetNodes([]netmap.NodeInfo{{}})
-	nm.netmaps[nm.currentEpoch] = &testNetmap
-	nm.netmaps[nm.currentEpoch-1] = &testNetmap
-
-	_, _, err := router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.ContainerTarget(contID.EncodeToString()), &chain.Chain{
-		Rules: []chain.Rule{
-			{
-				Status: chain.AccessDenied,
-				Actions: chain.Actions{
-					Names: []string{
-						nativeschema.MethodGetContainerEACL,
-					},
-				},
-				Resources: chain.Resources{
-					Names: []string{
-						fmt.Sprintf(nativeschema.ResourceFormatRootContainer, contID.EncodeToString()),
-					},
-				},
-				Condition: []chain.Condition{
-					{
-						Kind:  chain.KindRequest,
-						Key:   nativeschema.PropertyKeyActorRole,
-						Value: nativeschema.PropertyValueContainerRoleIR,
-						Op:    chain.CondStringEquals,
-					},
-				},
-			},
-		},
-	})
-	require.NoError(t, err)
-
-	req := &container.GetExtendedACLRequest{}
-	req.SetBody(&container.GetExtendedACLRequestBody{})
-	var refContID refs.ContainerID
-	contID.WriteToV2(&refContID)
-	req.GetBody().SetContainerID(&refContID)
-
-	pk, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	require.NoError(t, signature.SignServiceMessage(&pk.PrivateKey, req))
-
-	sessionPK, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	sToken := sessiontest.ContainerSigned()
-	sToken.ApplyOnlyTo(contID)
-	require.NoError(t, sToken.Sign(sessionPK.PrivateKey))
-	var sTokenV2 session.Token
-	sToken.WriteToV2(&sTokenV2)
-	metaHeader := new(session.RequestMetaHeader)
-	metaHeader.SetSessionToken(&sTokenV2)
-	req.SetMetaHeader(metaHeader)
-
-	ir.keys = append(ir.keys, sessionPK.PublicKey().Bytes())
-
-	resp, err := apeSrv.GetExtendedACL(context.Background(), req)
-	require.Nil(t, resp)
-	var errAccessDenied *apistatus.ObjectAccessDenied
-	require.ErrorAs(t, err, &errAccessDenied)
-}
-
 func testDenyPutContainerForOthersSessionToken(t *testing.T) {
 	t.Parallel()
 	srv := &srvStub{
@ -1164,11 +1074,6 @@ func (s *srvStub) Get(context.Context, *container.GetRequest) (*container.GetRes
 	return &container.GetResponse{}, nil
 }

-func (s *srvStub) GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
-	s.calls["GetExtendedACL"]++
-	return &container.GetExtendedACLResponse{}, nil
-}
-
 func (s *srvStub) List(context.Context, *container.ListRequest) (*container.ListResponse, error) {
 	s.calls["List"]++
 	return &container.ListResponse{}, nil
--- a/pkg/services/container/audit.go
+++ b/pkg/services/container/audit.go
@ -52,17 +52,6 @@ func (a *auditService) Get(ctx context.Context, req *container.GetRequest) (*con
 	return res, err
 }

-// GetExtendedACL implements Server.
-func (a *auditService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
-	res, err := a.next.GetExtendedACL(ctx, req)
-	if !a.enabled.Load() {
-		return res, err
-	}
-	audit.LogRequest(a.log, container_grpc.ContainerService_GetExtendedACL_FullMethodName, req,
-		audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil)
-	return res, err
-}
-
 // List implements Server.
 func (a *auditService) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
 	res, err := a.next.List(ctx, req)
--- a/pkg/services/container/executor.go
+++ b/pkg/services/container/executor.go
@ -14,7 +14,6 @@ type ServiceExecutor interface {
 	Delete(context.Context, *session.Token, *container.DeleteRequestBody) (*container.DeleteResponseBody, error)
 	Get(context.Context, *container.GetRequestBody) (*container.GetResponseBody, error)
 	List(context.Context, *container.ListRequestBody) (*container.ListResponseBody, error)
-	GetExtendedACL(context.Context, *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error)
 }

 type executorSvc struct {
@ -94,16 +93,3 @@ func (s *executorSvc) List(ctx context.Context, req *container.ListRequest) (*co
 	s.respSvc.SetMeta(resp)
 	return resp, nil
 }
-
-func (s *executorSvc) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
-	respBody, err := s.exec.GetExtendedACL(ctx, req.GetBody())
-	if err != nil {
-		return nil, fmt.Errorf("could not execute GetEACL request: %w", err)
-	}
-
-	resp := new(container.GetExtendedACLResponse)
-	resp.SetBody(respBody)
-
-	s.respSvc.SetMeta(resp)
-	return resp, nil
-}
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@ -201,40 +201,3 @@ func (s *morphExecutor) List(_ context.Context, body *container.ListRequestBody)

 	return res, nil
 }
-
-func (s *morphExecutor) GetExtendedACL(_ context.Context, body *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error) {
-	idV2 := body.GetContainerID()
-	if idV2 == nil {
-		return nil, errors.New("missing container ID")
-	}
-
-	var id cid.ID
-
-	err := id.ReadFromV2(*idV2)
-	if err != nil {
-		return nil, fmt.Errorf("invalid container ID: %w", err)
-	}
-
-	eaclInfo, err := s.rdr.GetEACL(id)
-	if err != nil {
-		return nil, err
-	}
-
-	var sigV2 refs.Signature
-	eaclInfo.Signature.WriteToV2(&sigV2)
-
-	var tokV2 *sessionV2.Token
-
-	if eaclInfo.Session != nil {
-		tokV2 = new(sessionV2.Token)
-
-		eaclInfo.Session.WriteToV2(tokV2)
-	}
-
-	res := new(container.GetExtendedACLResponseBody)
-	res.SetEACL(eaclInfo.Value.ToV2())
-	res.SetSignature(&sigV2)
-	res.SetSessionToken(tokV2)
-
-	return res, nil
-}
--- a/pkg/services/container/server.go
+++ b/pkg/services/container/server.go
@ -12,5 +12,4 @@ type Server interface {
 	Get(context.Context, *container.GetRequest) (*container.GetResponse, error)
 	Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error)
 	List(context.Context, *container.ListRequest) (*container.ListResponse, error)
-	GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error)
 }
--- a/pkg/services/container/sign.go
+++ b/pkg/services/container/sign.go
@ -56,12 +56,3 @@ func (s *signService) List(ctx context.Context, req *container.ListRequest) (*co
 	resp, err := util.EnsureNonNilResponse(s.svc.List(ctx, req))
 	return resp, s.sigSvc.SignResponse(resp, err)
 }
-
-func (s *signService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
-	if err := s.sigSvc.VerifyRequest(req); err != nil {
-		resp := new(container.GetExtendedACLResponse)
-		return resp, s.sigSvc.SignResponse(resp, err)
-	}
-	resp, err := util.EnsureNonNilResponse(s.svc.GetExtendedACL(ctx, req))
-	return resp, s.sigSvc.SignResponse(resp, err)
-}