forked from TrueCloudLab/frostfs-node
[#32] Use pkg/core interfaces to fetch container and netmap
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
parent
ad36a2cd8f
commit
f6904db84f
3 changed files with 24 additions and 35 deletions
BIN
go.sum
BIN
go.sum
Binary file not shown.
|
|
@ -3,27 +3,18 @@ package acl
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/container"
|
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/object"
|
"github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
// ContainerGetter accesses NeoFS container storage.
|
|
||||||
// fixme: use core.container interface implementation
|
|
||||||
ContainerGetter interface {
|
|
||||||
Get(*refs.ContainerID) (*container.Container, error)
|
|
||||||
}
|
|
||||||
|
|
||||||
Classifier interface {
|
|
||||||
Classify(RequestV2, *refs.ContainerID) acl.Role
|
|
||||||
}
|
|
||||||
|
|
||||||
// BasicChecker checks basic ACL rules.
|
// BasicChecker checks basic ACL rules.
|
||||||
BasicChecker struct {
|
BasicChecker struct {
|
||||||
containers ContainerGetter
|
containers container.Source
|
||||||
sender SenderClassifier
|
sender SenderClassifier
|
||||||
next object.Service
|
next object.Service
|
||||||
}
|
}
|
||||||
|
|
@ -62,7 +53,7 @@ var (
|
||||||
// NewBasicChecker is a constructor for basic ACL checker of object requests.
|
// NewBasicChecker is a constructor for basic ACL checker of object requests.
|
||||||
func NewBasicChecker(
|
func NewBasicChecker(
|
||||||
c SenderClassifier,
|
c SenderClassifier,
|
||||||
cnr ContainerGetter,
|
cnr container.Source,
|
||||||
next object.Service) BasicChecker {
|
next object.Service) BasicChecker {
|
||||||
|
|
||||||
return BasicChecker{
|
return BasicChecker{
|
||||||
|
|
@ -247,8 +238,12 @@ func (b BasicChecker) findRequestInfo(
|
||||||
cid *refs.ContainerID,
|
cid *refs.ContainerID,
|
||||||
op acl.Operation) (info requestInfo, err error) {
|
op acl.Operation) (info requestInfo, err error) {
|
||||||
|
|
||||||
|
// container.Source interface implemented with SDK's definitions,
|
||||||
|
// so we have to convert id there.
|
||||||
|
containerID := containerSDK.NewIDFromV2(cid)
|
||||||
|
|
||||||
// fetch actual container
|
// fetch actual container
|
||||||
cnr, err := b.containers.Get(cid)
|
cnr, err := b.containers.Get(containerID)
|
||||||
if err != nil || cnr.GetOwnerID() == nil {
|
if err != nil || cnr.GetOwnerID() == nil {
|
||||||
return info, ErrUnknownContainer
|
return info, ErrUnknownContainer
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,23 +4,18 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
|
||||||
|
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
|
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
|
||||||
sdk "github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/container"
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||||
|
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
// fixme: use core.netmap interface implementation
|
|
||||||
NetmapFetcher interface {
|
|
||||||
Current() (netmap.Netmap, error)
|
|
||||||
Previous(int) (netmap.Netmap, error)
|
|
||||||
}
|
|
||||||
|
|
||||||
InnerRingFetcher interface {
|
InnerRingFetcher interface {
|
||||||
InnerRingKeys() ([][]byte, error)
|
InnerRingKeys() ([][]byte, error)
|
||||||
}
|
}
|
||||||
|
|
@ -32,12 +27,11 @@ type (
|
||||||
|
|
||||||
SenderClassifier struct {
|
SenderClassifier struct {
|
||||||
innerRing InnerRingFetcher
|
innerRing InnerRingFetcher
|
||||||
netmap NetmapFetcher
|
netmap core.Source
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
// fixme: update classifier constructor
|
func NewSenderClassifier(ir InnerRingFetcher, nm core.Source) SenderClassifier {
|
||||||
func NewSenderClassifier(ir InnerRingFetcher, nm NetmapFetcher) SenderClassifier {
|
|
||||||
return SenderClassifier{
|
return SenderClassifier{
|
||||||
innerRing: ir,
|
innerRing: ir,
|
||||||
netmap: nm,
|
netmap: nm,
|
||||||
|
|
@ -120,16 +114,16 @@ func requestOwner(req RequestV2) (*refs.OwnerID, *ecdsa.PublicKey, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
key := crypto.UnmarshalPublicKey(bodySignature.GetKey())
|
key := crypto.UnmarshalPublicKey(bodySignature.GetKey())
|
||||||
neo3wallet, err := sdk.NEO3WalletFromPublicKey(key)
|
neo3wallet, err := owner.NEO3WalletFromPublicKey(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrap(err, "can't create neo3 wallet")
|
return nil, nil, errors.Wrap(err, "can't create neo3 wallet")
|
||||||
}
|
}
|
||||||
|
|
||||||
// form owner from public key
|
// form user from public key
|
||||||
owner := new(refs.OwnerID)
|
user := new(refs.OwnerID)
|
||||||
owner.SetValue(neo3wallet.Bytes())
|
user.SetValue(neo3wallet.Bytes())
|
||||||
|
|
||||||
return owner, key, nil
|
return user, key, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func originalBodySignature(v *session.RequestVerificationHeader) *refs.Signature {
|
func originalBodySignature(v *session.RequestVerificationHeader) *refs.Signature {
|
||||||
|
|
@ -165,7 +159,7 @@ func (c SenderClassifier) isContainerKey(
|
||||||
cnr *container.Container) (bool, error) {
|
cnr *container.Container) (bool, error) {
|
||||||
|
|
||||||
// first check current netmap
|
// first check current netmap
|
||||||
nm, err := c.netmap.Current()
|
nm, err := core.GetLatestNetworkMap(c.netmap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
@ -179,7 +173,7 @@ func (c SenderClassifier) isContainerKey(
|
||||||
|
|
||||||
// then check previous netmap, this can happen in-between epoch change
|
// then check previous netmap, this can happen in-between epoch change
|
||||||
// when node migrates data from last epoch container
|
// when node migrates data from last epoch container
|
||||||
nm, err = c.netmap.Previous(1)
|
nm, err = core.GetPreviousNetworkMap(c.netmap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
@ -188,7 +182,7 @@ func (c SenderClassifier) isContainerKey(
|
||||||
}
|
}
|
||||||
|
|
||||||
func lookupKeyInContainer(
|
func lookupKeyInContainer(
|
||||||
nm netmap.Netmap,
|
nm *netmap.Netmap,
|
||||||
owner, cid []byte,
|
owner, cid []byte,
|
||||||
cnr *container.Container) (bool, error) {
|
cnr *container.Container) (bool, error) {
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue