[#419] eacl: Replace eACL storage implementation to app-side

Replace `eacl.Storage` interface implementation from eACL lib to neofs-node
app package. Remove `eacl.WithMorphClient` option in order to abstract eACL
validator from eACL storage implementation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-03-04 11:09:23 +03:00 committed by Leonard Lyubich
parent 8c3864e6d6
commit ed808c3f1b
2 changed files with 42 additions and 48 deletions

View file

@ -3,14 +3,18 @@ package main
import (
"context"
eaclSDK "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/client"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/util/signature"
"github.com/nspcc-dev/neofs-api-go/v2/object"
objectGRPC "github.com/nspcc-dev/neofs-api-go/v2/object/grpc"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
"github.com/nspcc-dev/neofs-node/pkg/morph/event"
"github.com/nspcc-dev/neofs-node/pkg/network/cache"
objectTransportGRPC "github.com/nspcc-dev/neofs-node/pkg/network/transport/object/grpc"
@ -32,6 +36,7 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/services/policer"
"github.com/nspcc-dev/neofs-node/pkg/services/replicator"
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
"github.com/pkg/errors"
"go.uber.org/zap"
)
@ -338,7 +343,9 @@ func initObjectService(c *cfg) {
),
acl.WithLocalStorage(ls),
acl.WithEACLValidatorOptions(
eacl.WithMorphClient(c.cfgObject.cnrClient),
eacl.WithEACLStorage(&morphEACLStorage{
w: c.cfgObject.cnrClient,
}),
eacl.WithLogger(c.log),
),
acl.WithNetmapState(c.cfgNetmap.state),
@ -346,3 +353,37 @@ func initObjectService(c *cfg) {
),
)
}
type morphEACLStorage struct {
w *wrapper.Wrapper
}
type signedEACLTable eaclSDK.Table
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
return (*eaclSDK.Table)(s).Marshal(buf)
}
func (s *signedEACLTable) SignedDataSize() int {
// TODO: add eacl.Table.Size method
return (*eaclSDK.Table)(s).ToV2().StableSize()
}
func (s *morphEACLStorage) GetEACL(cid *container.ID) (*eaclSDK.Table, error) {
table, sig, err := s.w.GetEACL(cid)
if err != nil {
return nil, err
}
if err := signature.VerifyDataWithSource(
(*signedEACLTable)(table),
func() ([]byte, []byte) {
return sig.Key(), sig.Sign()
},
signature.SignWithRFC6979(),
); err != nil {
return nil, errors.Wrap(err, "incorrect signature")
}
return table, nil
}

View file

@ -1,48 +1,9 @@
package eacl
import (
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/util/signature"
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
"github.com/pkg/errors"
)
type morphStorage struct {
w *wrapper.Wrapper
}
type signedEACLTable eacl.Table
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
return (*eacl.Table)(s).Marshal(buf)
}
func (s *signedEACLTable) SignedDataSize() int {
// TODO: add eacl.Table.Size method
return (*eacl.Table)(s).ToV2().StableSize()
}
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
table, sig, err := s.w.GetEACL(cid)
if err != nil {
return nil, err
}
if err := signature.VerifyDataWithSource(
(*signedEACLTable)(table),
func() ([]byte, []byte) {
return sig.Key(), sig.Sign()
},
signature.SignWithRFC6979(),
); err != nil {
return nil, errors.Wrap(err, "incorrect signature")
}
return table, nil
}
func WithLogger(v *logger.Logger) Option {
return func(c *cfg) {
c.logger = v
@ -54,11 +15,3 @@ func WithEACLStorage(v Storage) Option {
c.storage = v
}
}
func WithMorphClient(v *wrapper.Wrapper) Option {
return func(c *cfg) {
c.storage = &morphStorage{
w: v,
}
}
}