forked from TrueCloudLab/frostfs-node
[#419] eacl: Replace eACL storage implementation to app-side
Replace `eacl.Storage` interface implementation from eACL lib to neofs-node app package. Remove `eacl.WithMorphClient` option in order to abstract eACL validator from eACL storage implementation. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich
Leonard Lyubich
parent
8c3864e6d6
commit
ed808c3f1b
2 changed files with 42 additions and 48 deletions
|
|
@ -3,14 +3,18 @@ package main
|
|||
import (
|
||||
"context"
|
||||
|
||||
eaclSDK "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/client"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
"github.com/nspcc-dev/neofs-api-go/util/signature"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||
objectGRPC "github.com/nspcc-dev/neofs-api-go/v2/object/grpc"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/event"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/network/cache"
|
||||
objectTransportGRPC "github.com/nspcc-dev/neofs-node/pkg/network/transport/object/grpc"
|
||||
|
|
@ -32,6 +36,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-node/pkg/services/policer"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/services/replicator"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
|
||||
"github.com/pkg/errors"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
|
|
@ -338,7 +343,9 @@ func initObjectService(c *cfg) {
|
|||
),
|
||||
acl.WithLocalStorage(ls),
|
||||
acl.WithEACLValidatorOptions(
|
||||
eacl.WithMorphClient(c.cfgObject.cnrClient),
|
||||
eacl.WithEACLStorage(&morphEACLStorage{
|
||||
w: c.cfgObject.cnrClient,
|
||||
}),
|
||||
eacl.WithLogger(c.log),
|
||||
),
|
||||
acl.WithNetmapState(c.cfgNetmap.state),
|
||||
|
|
@ -346,3 +353,37 @@ func initObjectService(c *cfg) {
|
|||
),
|
||||
)
|
||||
}
|
||||
|
||||
type morphEACLStorage struct {
|
||||
w *wrapper.Wrapper
|
||||
}
|
||||
|
||||
type signedEACLTable eaclSDK.Table
|
||||
|
||||
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
|
||||
return (*eaclSDK.Table)(s).Marshal(buf)
|
||||
}
|
||||
|
||||
func (s *signedEACLTable) SignedDataSize() int {
|
||||
// TODO: add eacl.Table.Size method
|
||||
return (*eaclSDK.Table)(s).ToV2().StableSize()
|
||||
}
|
||||
|
||||
func (s *morphEACLStorage) GetEACL(cid *container.ID) (*eaclSDK.Table, error) {
|
||||
table, sig, err := s.w.GetEACL(cid)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := signature.VerifyDataWithSource(
|
||||
(*signedEACLTable)(table),
|
||||
func() ([]byte, []byte) {
|
||||
return sig.Key(), sig.Sign()
|
||||
},
|
||||
signature.SignWithRFC6979(),
|
||||
); err != nil {
|
||||
return nil, errors.Wrap(err, "incorrect signature")
|
||||
}
|
||||
|
||||
return table, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,48 +1,9 @@
|
|||
package eacl
|
||||
|
||||
import (
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||
"github.com/nspcc-dev/neofs-api-go/util/signature"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type morphStorage struct {
|
||||
w *wrapper.Wrapper
|
||||
}
|
||||
|
||||
type signedEACLTable eacl.Table
|
||||
|
||||
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
|
||||
return (*eacl.Table)(s).Marshal(buf)
|
||||
}
|
||||
|
||||
func (s *signedEACLTable) SignedDataSize() int {
|
||||
// TODO: add eacl.Table.Size method
|
||||
return (*eacl.Table)(s).ToV2().StableSize()
|
||||
}
|
||||
|
||||
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
|
||||
table, sig, err := s.w.GetEACL(cid)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := signature.VerifyDataWithSource(
|
||||
(*signedEACLTable)(table),
|
||||
func() ([]byte, []byte) {
|
||||
return sig.Key(), sig.Sign()
|
||||
},
|
||||
signature.SignWithRFC6979(),
|
||||
); err != nil {
|
||||
return nil, errors.Wrap(err, "incorrect signature")
|
||||
}
|
||||
|
||||
return table, nil
|
||||
}
|
||||
|
||||
func WithLogger(v *logger.Logger) Option {
|
||||
return func(c *cfg) {
|
||||
c.logger = v
|
||||
|
|
@ -54,11 +15,3 @@ func WithEACLStorage(v Storage) Option {
|
|||
c.storage = v
|
||||
}
|
||||
}
|
||||
|
||||
func WithMorphClient(v *wrapper.Wrapper) Option {
|
||||
return func(c *cfg) {
|
||||
c.storage = &morphStorage{
|
||||
w: v,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue