diff --git a/cmd/frostfs-node/config.go b/cmd/frostfs-node/config.go index e6c30376f..e36081ba6 100644 --- a/cmd/frostfs-node/config.go +++ b/cmd/frostfs-node/config.go @@ -70,7 +70,7 @@ import ( objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version" - "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory" + policy_client "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" neogoutil "github.com/nspcc-dev/neo-go/pkg/util" "github.com/panjf2000/ants/v2" @@ -623,6 +623,8 @@ type cfgLocalStorage struct { } type cfgAccessPolicyEngine struct { + policyContractHash neogoutil.Uint160 + accessPolicyEngine *accessPolicyEngine } @@ -1077,7 +1079,9 @@ func initAccessPolicyEngine(_ context.Context, c *cfg) { ) } - morphRuleStorage := inmemory.NewInmemoryMorphRuleChainStorage() + morphRuleStorage := policy_client.NewContractStorage( + c.cfgMorph.client.GetActor(), + c.cfgObject.cfgAccessPolicyEngine.policyContractHash) ape := newAccessPolicyEngine(morphRuleStorage, localOverrideDB) c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine = ape diff --git a/cmd/frostfs-node/main.go b/cmd/frostfs-node/main.go index d4dfb7e60..2fe3a0a25 100644 --- a/cmd/frostfs-node/main.go +++ b/cmd/frostfs-node/main.go @@ -98,14 +98,15 @@ func initApp(ctx context.Context, c *cfg) { fatalOnErr(c.cfgObject.cfgLocalStorage.localStorage.Init(ctx)) }) + initAndLog(c, "gRPC", initGRPC) + initAndLog(c, "netmap", func(c *cfg) { initNetmapService(ctx, c) }) + initAccessPolicyEngine(ctx, c) initAndLog(c, "access policy engine", func(c *cfg) { fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Open(ctx)) fatalOnErr(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.LocalOverrideDatabaseCore().Init()) }) - initAndLog(c, "gRPC", initGRPC) - initAndLog(c, "netmap", func(c *cfg) { initNetmapService(ctx, c) }) initAndLog(c, "accounting", func(c *cfg) { initAccountingService(ctx, c) }) initAndLog(c, "container", func(c *cfg) { initContainerService(ctx, c) }) initAndLog(c, "session", initSessionService) diff --git a/cmd/frostfs-node/morph.go b/cmd/frostfs-node/morph.go index f7100d0bf..d26142370 100644 --- a/cmd/frostfs-node/morph.go +++ b/cmd/frostfs-node/morph.go @@ -289,6 +289,7 @@ func lookupScriptHashesInNNS(c *cfg) { {&c.cfgAccounting.scriptHash, client.NNSBalanceContractName}, {&c.cfgContainer.scriptHash, client.NNSContainerContractName}, {&c.cfgMorph.proxyScriptHash, client.NNSProxyContractName}, + {&c.cfgObject.cfgAccessPolicyEngine.policyContractHash, client.NNSPolicyContractName}, } ) diff --git a/go.mod b/go.mod index 3e79f7ff7..6463c3b2b 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e git.frostfs.info/TrueCloudLab/hrw v1.2.1 - git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231211080303-8c673ee4f4af + git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231214122253-62ea96b82ce3 git.frostfs.info/TrueCloudLab/tzhash v1.8.0 github.com/cheggaaa/pb v1.0.29 github.com/chzyer/readline v1.5.1 diff --git a/go.sum b/go.sum index 15ae22422..c18e291f2 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,8 @@ git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e/go.mod h1:t1akKcUH7iBrFHX8rSXScYMP17k2kYQXMbZooiL5Juw= git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc= git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM= -git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231211080303-8c673ee4f4af h1:QSgejckGChrry5waJqf2votsOY0J7Sfh8tPqos0rCXA= -git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231211080303-8c673ee4f4af/go.mod h1:iJMX6qk9aIHIu3WVSd4puF5CHsNk5eOi++MaJJfNbXM= +git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231214122253-62ea96b82ce3 h1:xnS/YalLqCRplvpF3E9/PRGevj4cDe7qFNZT0mkjZcs= +git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231214122253-62ea96b82ce3/go.mod h1:v43imcuSmDwSNrePe4UTQh8jaE8FmsiKN3FcaEzmRzc= git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA= git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc= git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA= diff --git a/pkg/morph/client/client.go b/pkg/morph/client/client.go index 93a4176f9..e52adfa8e 100644 --- a/pkg/morph/client/client.go +++ b/pkg/morph/client/client.go @@ -539,3 +539,10 @@ func (c *Client) setActor(act *actor.Actor) { c.gasToken = nep17.New(act, gas.Hash) c.rolemgmt = rolemgmt.New(act) } + +func (c *Client) GetActor() *actor.Actor { + c.switchLock.RLock() + defer c.switchLock.RUnlock() + + return c.rpcActor +} diff --git a/pkg/morph/client/nns.go b/pkg/morph/client/nns.go index 758b220a2..218f7ad8e 100644 --- a/pkg/morph/client/nns.go +++ b/pkg/morph/client/nns.go @@ -33,6 +33,8 @@ const ( NNSProxyContractName = "proxy.frostfs" // NNSGroupKeyName is a name for the FrostFS group key record in NNS. NNSGroupKeyName = "group.frostfs" + // NNSPolicyContractName is a name of the policy contract in NNS. + NNSPolicyContractName = "policy.frostfs" ) var (