forked from TrueCloudLab/frostfs-node
[#xxx] Upgrade NeoFS SDK Go with changed container sessions
After recent changes in NeoFS SDK Go library session tokens aren't embedded into `container.Container` and `eacl.Table` structures. Group value, session token and signature in a structure for container and eACL. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
633b4e7d2d
commit
b67974a8d3
26 changed files with 152 additions and 168 deletions
|
@ -98,7 +98,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
||||||
|
|
||||||
issuer := tok.Issuer()
|
issuer := tok.Issuer()
|
||||||
cnr.SetOwnerID(&issuer)
|
cnr.SetOwnerID(&issuer)
|
||||||
cnr.SetSessionToken(tok)
|
|
||||||
} else {
|
} else {
|
||||||
var idOwner user.ID
|
var idOwner user.ID
|
||||||
user.IDFromKey(&idOwner, key.PublicKey)
|
user.IDFromKey(&idOwner, key.PublicKey)
|
||||||
|
@ -113,7 +112,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
||||||
cnr.SetBasicACL(basicACL)
|
cnr.SetBasicACL(basicACL)
|
||||||
cnr.SetAttributes(attributes)
|
cnr.SetAttributes(attributes)
|
||||||
cnr.SetNonceUUID(nonce)
|
cnr.SetNonceUUID(nonce)
|
||||||
cnr.SetSessionToken(tok)
|
|
||||||
|
|
||||||
cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
|
cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
|
||||||
|
|
||||||
|
@ -121,6 +119,10 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
||||||
putPrm.SetClient(cli)
|
putPrm.SetClient(cli)
|
||||||
putPrm.SetContainer(*cnr)
|
putPrm.SetContainer(*cnr)
|
||||||
|
|
||||||
|
if tok != nil {
|
||||||
|
putPrm.WithinSession(*tok)
|
||||||
|
}
|
||||||
|
|
||||||
res, err := internalclient.PutContainer(putPrm)
|
res, err := internalclient.PutContainer(putPrm)
|
||||||
common.ExitOnErr(cmd, "rpc error: %w", err)
|
common.ExitOnErr(cmd, "rpc error: %w", err)
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@ package container
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
|
||||||
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
||||||
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
|
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
|
||||||
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
|
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
|
||||||
|
@ -29,22 +28,10 @@ var getExtendedACLCmd = &cobra.Command{
|
||||||
|
|
||||||
eaclTable := res.EACL()
|
eaclTable := res.EACL()
|
||||||
|
|
||||||
sig := eaclTable.Signature()
|
|
||||||
|
|
||||||
// TODO(@cthulhu-rider): #1387 avoid type conversion
|
|
||||||
var sigV2 refs.Signature
|
|
||||||
sig.WriteToV2(&sigV2)
|
|
||||||
|
|
||||||
if containerPathTo == "" {
|
if containerPathTo == "" {
|
||||||
cmd.Println("eACL: ")
|
cmd.Println("eACL: ")
|
||||||
common.PrettyPrintJSON(cmd, eaclTable, "eACL")
|
common.PrettyPrintJSON(cmd, eaclTable, "eACL")
|
||||||
|
|
||||||
var sigV2 refs.Signature
|
|
||||||
sig.WriteToV2(&sigV2)
|
|
||||||
|
|
||||||
cmd.Println("Signature:")
|
|
||||||
common.PrettyPrintJSON(cmd, &sigV2, "signature")
|
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -60,9 +47,6 @@ var getExtendedACLCmd = &cobra.Command{
|
||||||
|
|
||||||
cmd.Println("dumping data to file:", containerPathTo)
|
cmd.Println("dumping data to file:", containerPathTo)
|
||||||
|
|
||||||
cmd.Println("Signature:")
|
|
||||||
common.PrettyPrintJSON(cmd, &sigV2, "signature")
|
|
||||||
|
|
||||||
err = os.WriteFile(containerPathTo, data, 0644)
|
err = os.WriteFile(containerPathTo, data, 0644)
|
||||||
common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
|
common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
|
||||||
},
|
},
|
||||||
|
|
|
@ -32,7 +32,6 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
||||||
}
|
}
|
||||||
|
|
||||||
eaclTable.SetCID(id)
|
eaclTable.SetCID(id)
|
||||||
eaclTable.SetSessionToken(tok)
|
|
||||||
|
|
||||||
pk := key.GetOrGenerate(cmd)
|
pk := key.GetOrGenerate(cmd)
|
||||||
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
|
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
|
||||||
|
@ -41,6 +40,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
||||||
setEACLPrm.SetClient(cli)
|
setEACLPrm.SetClient(cli)
|
||||||
setEACLPrm.SetTable(*eaclTable)
|
setEACLPrm.SetTable(*eaclTable)
|
||||||
|
|
||||||
|
if tok != nil {
|
||||||
|
setEACLPrm.WithinSession(*tok)
|
||||||
|
}
|
||||||
|
|
||||||
_, err := internalclient.SetEACL(setEACLPrm)
|
_, err := internalclient.SetEACL(setEACLPrm)
|
||||||
common.ExitOnErr(cmd, "rpc error: %w", err)
|
common.ExitOnErr(cmd, "rpc error: %w", err)
|
||||||
|
|
||||||
|
|
|
@ -10,9 +10,7 @@ import (
|
||||||
cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
|
cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||||
putsvc "github.com/nspcc-dev/neofs-node/pkg/services/object/put"
|
putsvc "github.com/nspcc-dev/neofs-node/pkg/services/object/put"
|
||||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
||||||
netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap"
|
netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||||
)
|
)
|
||||||
|
@ -147,13 +145,13 @@ func newCachedContainerStorage(v container.Source) *ttlContainerStorage {
|
||||||
|
|
||||||
// Get returns container value from the cache. If value is missing in the cache
|
// Get returns container value from the cache. If value is missing in the cache
|
||||||
// or expired, then it returns value from side chain and updates the cache.
|
// or expired, then it returns value from side chain and updates the cache.
|
||||||
func (s *ttlContainerStorage) Get(cnr cid.ID) (*containerSDK.Container, error) {
|
func (s *ttlContainerStorage) Get(cnr cid.ID) (*container.Container, error) {
|
||||||
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return val.(*containerSDK.Container), nil
|
return val.(*container.Container), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type ttlEACLStorage ttlNetCache
|
type ttlEACLStorage ttlNetCache
|
||||||
|
@ -180,13 +178,13 @@ func newCachedEACLStorage(v eacl.Source) *ttlEACLStorage {
|
||||||
|
|
||||||
// GetEACL returns eACL value from the cache. If value is missing in the cache
|
// GetEACL returns eACL value from the cache. If value is missing in the cache
|
||||||
// or expired, then it returns value from side chain and updates cache.
|
// or expired, then it returns value from side chain and updates cache.
|
||||||
func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) {
|
func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*container.EACL, error) {
|
||||||
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return val.(*eaclSDK.Table), nil
|
return val.(*container.EACL), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// InvalidateEACL removes cached eACL value.
|
// InvalidateEACL removes cached eACL value.
|
||||||
|
|
|
@ -30,7 +30,6 @@ import (
|
||||||
apiClient "github.com/nspcc-dev/neofs-sdk-go/client"
|
apiClient "github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
@ -355,7 +354,7 @@ func (l *loadPlacementBuilder) buildPlacement(epoch uint64, idCnr cid.ID) ([][]n
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
policy := cnr.PlacementPolicy()
|
policy := cnr.Value.PlacementPolicy()
|
||||||
if policy == nil {
|
if policy == nil {
|
||||||
return nil, nil, errors.New("missing placement policy in container")
|
return nil, nil, errors.New("missing placement policy in container")
|
||||||
}
|
}
|
||||||
|
@ -566,11 +565,11 @@ type morphContainerReader struct {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *morphContainerReader) Get(id cid.ID) (*containerSDK.Container, error) {
|
func (x *morphContainerReader) Get(id cid.ID) (*containerCore.Container, error) {
|
||||||
return x.get.Get(id)
|
return x.get.Get(id)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *morphContainerReader) GetEACL(id cid.ID) (*eaclSDK.Table, error) {
|
func (x *morphContainerReader) GetEACL(id cid.ID) (*containerCore.EACL, error) {
|
||||||
return x.eacl.GetEACL(id)
|
return x.eacl.GetEACL(id)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -586,13 +585,13 @@ type morphContainerWriter struct {
|
||||||
lists *ttlContainerLister
|
lists *ttlContainerLister
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m morphContainerWriter) Put(cnr *containerSDK.Container) (*cid.ID, error) {
|
func (m morphContainerWriter) Put(cnr containerCore.Container) (*cid.ID, error) {
|
||||||
containerID, err := cntClient.Put(m.neoClient, cnr)
|
containerID, err := cntClient.Put(m.neoClient, cnr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
idOwner := cnr.OwnerID()
|
idOwner := cnr.Value.OwnerID()
|
||||||
if idOwner == nil {
|
if idOwner == nil {
|
||||||
return nil, errors.New("missing container owner")
|
return nil, errors.New("missing container owner")
|
||||||
}
|
}
|
||||||
|
@ -608,14 +607,14 @@ func (m morphContainerWriter) Delete(witness containerCore.RemovalWitness) error
|
||||||
return cntClient.Delete(m.neoClient, witness)
|
return cntClient.Delete(m.neoClient, witness)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m morphContainerWriter) PutEACL(table *eaclSDK.Table) error {
|
func (m morphContainerWriter) PutEACL(eaclInfo containerCore.EACL) error {
|
||||||
err := cntClient.PutEACL(m.neoClient, table)
|
err := cntClient.PutEACL(m.neoClient, eaclInfo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if m.cacheEnabled {
|
if m.cacheEnabled {
|
||||||
id, _ := table.CID()
|
id, _ := eaclInfo.Value.CID()
|
||||||
m.eacls.InvalidateEACL(id)
|
m.eacls.InvalidateEACL(id)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
policerconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/policer"
|
policerconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/policer"
|
||||||
replicatorconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/replicator"
|
replicatorconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/replicator"
|
||||||
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
|
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
|
||||||
|
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||||
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
|
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||||
|
@ -402,29 +403,23 @@ type morphEACLFetcher struct {
|
||||||
w *cntClient.Client
|
w *cntClient.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) {
|
func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*containercore.EACL, error) {
|
||||||
table, err := s.w.GetEACL(cnr)
|
eaclInfo, err := s.w.GetEACL(cnr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
sig := table.Signature()
|
binTable, err := eaclInfo.Value.Marshal()
|
||||||
if sig == nil {
|
|
||||||
// TODO(@cthulhu-rider): #1387 use "const" error
|
|
||||||
return nil, errors.New("missing signature")
|
|
||||||
}
|
|
||||||
|
|
||||||
binTable, err := table.Marshal()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("marshal eACL table: %w", err)
|
return nil, fmt.Errorf("marshal eACL table: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !sig.Verify(binTable) {
|
if !eaclInfo.Signature.Verify(binTable) {
|
||||||
// TODO(@cthulhu-rider): #1387 use "const" error
|
// TODO(@cthulhu-rider): #1387 use "const" error
|
||||||
return nil, errors.New("invalid signature of the eACL table")
|
return nil, errors.New("invalid signature of the eACL table")
|
||||||
}
|
}
|
||||||
|
|
||||||
return table, nil
|
return eaclInfo, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type reputationClientConstructor struct {
|
type reputationClientConstructor struct {
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -19,7 +19,7 @@ require (
|
||||||
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220601120906-3bec6657f5c5 // indirect
|
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220601120906-3bec6657f5c5 // indirect
|
||||||
github.com/nspcc-dev/neofs-api-go/v2 v2.12.3-0.20220620114558-454b5c0ed7e9
|
github.com/nspcc-dev/neofs-api-go/v2 v2.12.3-0.20220620114558-454b5c0ed7e9
|
||||||
github.com/nspcc-dev/neofs-contract v0.15.1
|
github.com/nspcc-dev/neofs-contract v0.15.1
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599
|
||||||
github.com/nspcc-dev/tzhash v1.5.2
|
github.com/nspcc-dev/tzhash v1.5.2
|
||||||
github.com/panjf2000/ants/v2 v2.4.0
|
github.com/panjf2000/ants/v2 v2.4.0
|
||||||
github.com/paulmach/orb v0.2.2
|
github.com/paulmach/orb v0.2.2
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -410,8 +410,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
|
||||||
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
|
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
|
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
|
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 h1:5Al3dddr0SG3ONhfglTyc2GSnQS0vMmygCD00vLo/jU=
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599 h1:EkwWrbzImpqtNJa8IZIsfk/EqbmPwpd0DfdenrJLSbc=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU=
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU=
|
||||||
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
|
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||||
|
|
|
@ -6,8 +6,23 @@ import (
|
||||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Container groups information about the NeoFS container stored in the NeoFS network.
|
||||||
|
type Container struct {
|
||||||
|
// Container structure.
|
||||||
|
Value *container.Container
|
||||||
|
|
||||||
|
// Signature of the Value.
|
||||||
|
Signature neofscrypto.Signature
|
||||||
|
|
||||||
|
// Session within which Value was created. Nil means session absence.
|
||||||
|
Session *session.Container
|
||||||
|
}
|
||||||
|
|
||||||
// Source is an interface that wraps
|
// Source is an interface that wraps
|
||||||
// basic container receiving method.
|
// basic container receiving method.
|
||||||
type Source interface {
|
type Source interface {
|
||||||
|
@ -19,7 +34,7 @@ type Source interface {
|
||||||
//
|
//
|
||||||
// Implementations must not retain the container pointer and modify
|
// Implementations must not retain the container pointer and modify
|
||||||
// the container through it.
|
// the container through it.
|
||||||
Get(cid.ID) (*container.Container, error)
|
Get(cid.ID) (*Container, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsErrNotFound checks if the error returned by Source.Get corresponds
|
// IsErrNotFound checks if the error returned by Source.Get corresponds
|
||||||
|
@ -31,3 +46,16 @@ func IsErrNotFound(err error) bool {
|
||||||
// ErrEACLNotFound is returned by eACL storage implementations when
|
// ErrEACLNotFound is returned by eACL storage implementations when
|
||||||
// the requested eACL table is not in the storage.
|
// the requested eACL table is not in the storage.
|
||||||
var ErrEACLNotFound = errors.New("extended ACL table is not set for this container")
|
var ErrEACLNotFound = errors.New("extended ACL table is not set for this container")
|
||||||
|
|
||||||
|
// EACL groups information about the NeoFS container's extended ACL stored in
|
||||||
|
// the NeoFS network.
|
||||||
|
type EACL struct {
|
||||||
|
// Extended ACL structure.
|
||||||
|
Value *eacl.Table
|
||||||
|
|
||||||
|
// Signature of the Value.
|
||||||
|
Signature neofscrypto.Signature
|
||||||
|
|
||||||
|
// Session within which Value was set. Nil means session absence.
|
||||||
|
Session *session.Container
|
||||||
|
}
|
||||||
|
|
|
@ -60,7 +60,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
policy := cnr.PlacementPolicy()
|
policy := cnr.Value.PlacementPolicy()
|
||||||
if policy == nil {
|
if policy == nil {
|
||||||
log.Error("missing placement policy in container, ignore",
|
log.Error("missing placement policy in container, ignore",
|
||||||
zap.Stringer("cid", containers[i]),
|
zap.Stringer("cid", containers[i]),
|
||||||
|
@ -108,7 +108,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
|
||||||
WithAuditContext(auditCtx).
|
WithAuditContext(auditCtx).
|
||||||
WithContainerID(containers[i]).
|
WithContainerID(containers[i]).
|
||||||
WithStorageGroupList(storageGroups).
|
WithStorageGroupList(storageGroups).
|
||||||
WithContainerStructure(cnr).
|
WithContainerStructure(cnr.Value).
|
||||||
WithContainerNodes(nodes).
|
WithContainerNodes(nodes).
|
||||||
WithNetworkMap(nm)
|
WithNetworkMap(nm)
|
||||||
|
|
||||||
|
|
|
@ -169,7 +169,7 @@ func (cp *Processor) checkDeleteContainer(e *containerEvent.Delete) error {
|
||||||
return fmt.Errorf("could not receive the container: %w", err)
|
return fmt.Errorf("could not receive the container: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
ownerContainer := cnr.OwnerID()
|
ownerContainer := cnr.Value.OwnerID()
|
||||||
if ownerContainer == nil {
|
if ownerContainer == nil {
|
||||||
return errors.New("missing container owner")
|
return errors.New("missing container owner")
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,7 +52,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ACL extensions can be disabled by basic ACL, check it
|
// ACL extensions can be disabled by basic ACL, check it
|
||||||
basicACL := cnr.BasicACL()
|
basicACL := cnr.Value.BasicACL()
|
||||||
const finalBitMask = 1 << 28
|
const finalBitMask = 1 << 28
|
||||||
|
|
||||||
// Temp solution: NeoFS SDK is going to provide convenient interface to do this soon.
|
// Temp solution: NeoFS SDK is going to provide convenient interface to do this soon.
|
||||||
|
@ -61,7 +61,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
|
||||||
return errors.New("ACL extension disabled by container basic ACL")
|
return errors.New("ACL extension disabled by container basic ACL")
|
||||||
}
|
}
|
||||||
|
|
||||||
ownerContainer := cnr.OwnerID()
|
ownerContainer := cnr.Value.OwnerID()
|
||||||
if ownerContainer == nil {
|
if ownerContainer == nil {
|
||||||
return errors.New("missing container owner")
|
return errors.New("missing container owner")
|
||||||
}
|
}
|
||||||
|
|
|
@ -123,7 +123,7 @@ func (s settlementDeps) ContainerInfo(cid cid.ID) (common.ContainerInfo, error)
|
||||||
return nil, fmt.Errorf("could not get container from storage: %w", err)
|
return nil, fmt.Errorf("could not get container from storage: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return (*containerWrapper)(cnr), nil
|
return (*containerWrapper)(cnr.Value), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.NodeInfo, *netmapAPI.NetMap, error) {
|
func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.NodeInfo, *netmapAPI.NetMap, error) {
|
||||||
|
@ -147,7 +147,7 @@ func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.Node
|
||||||
return nil, nil, fmt.Errorf("could not get container from sidechain: %w", err)
|
return nil, nil, fmt.Errorf("could not get container from sidechain: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
policy := cnr.PlacementPolicy()
|
policy := cnr.Value.PlacementPolicy()
|
||||||
if policy == nil {
|
if policy == nil {
|
||||||
return nil, nil, errors.New("missing placement policy in container")
|
return nil, nil, errors.New("missing placement policy in container")
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,14 +8,13 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GetEACL reads the extended ACL table from NeoFS system
|
// GetEACL reads the extended ACL table from NeoFS system
|
||||||
// through Container contract call.
|
// through Container contract call.
|
||||||
func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) {
|
func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
|
||||||
binCnr := make([]byte, sha256.Size)
|
binCnr := make([]byte, sha256.Size)
|
||||||
cnr.Encode(binCnr)
|
cnr.Encode(binCnr)
|
||||||
|
|
||||||
|
@ -66,34 +65,29 @@ func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) {
|
||||||
return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
|
return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
table := eacl.NewTable()
|
var res container.EACL
|
||||||
if err = table.Unmarshal(rawEACL); err != nil {
|
|
||||||
// use other major version if there any
|
res.Value = eacl.NewTable()
|
||||||
|
if err = res.Value.Unmarshal(rawEACL); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(binToken) > 0 {
|
if len(binToken) > 0 {
|
||||||
var tok session.Container
|
res.Session = new(session.Container)
|
||||||
|
|
||||||
err = tok.Unmarshal(binToken)
|
err = res.Session.Unmarshal(binToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
table.SetSessionToken(&tok)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature
|
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||||
|
|
||||||
var sigV2 refs.Signature
|
var sigV2 refs.Signature
|
||||||
sigV2.SetKey(pub)
|
sigV2.SetKey(pub)
|
||||||
sigV2.SetSign(sig)
|
sigV2.SetSign(sig)
|
||||||
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
|
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
|
||||||
|
|
||||||
var tableSignature neofscrypto.Signature
|
res.Signature.ReadFromV2(sigV2)
|
||||||
tableSignature.ReadFromV2(sigV2)
|
|
||||||
|
|
||||||
table.SetSignature(&tableSignature)
|
return &res, nil
|
||||||
|
|
||||||
return table, nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,8 +4,8 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
|
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
|
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
|
||||||
|
@ -14,12 +14,12 @@ import (
|
||||||
// Returns error if table is nil.
|
// Returns error if table is nil.
|
||||||
//
|
//
|
||||||
// If TryNotary is provided, calls notary contract.
|
// If TryNotary is provided, calls notary contract.
|
||||||
func PutEACL(c *Client, table *eacl.Table) error {
|
func PutEACL(c *Client, eaclInfo containercore.EACL) error {
|
||||||
if table == nil {
|
if eaclInfo.Value == nil {
|
||||||
return errNilArgument
|
return errNilArgument
|
||||||
}
|
}
|
||||||
|
|
||||||
data, err := table.Marshal()
|
data, err := eaclInfo.Value.Marshal()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("can't marshal eacl table: %w", err)
|
return fmt.Errorf("can't marshal eacl table: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -27,18 +27,16 @@ func PutEACL(c *Client, table *eacl.Table) error {
|
||||||
var prm PutEACLPrm
|
var prm PutEACLPrm
|
||||||
prm.SetTable(data)
|
prm.SetTable(data)
|
||||||
|
|
||||||
if tok := table.SessionToken(); tok != nil {
|
if eaclInfo.Session != nil {
|
||||||
prm.SetToken(tok.Marshal())
|
prm.SetToken(eaclInfo.Session.Marshal())
|
||||||
}
|
}
|
||||||
|
|
||||||
if sig := table.Signature(); sig != nil {
|
|
||||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||||
var sigV2 refs.Signature
|
var sigV2 refs.Signature
|
||||||
sig.WriteToV2(&sigV2)
|
eaclInfo.Signature.WriteToV2(&sigV2)
|
||||||
|
|
||||||
prm.SetKey(sigV2.GetKey())
|
prm.SetKey(sigV2.GetKey())
|
||||||
prm.SetSignature(sigV2.GetSign())
|
prm.SetSignature(sigV2.GetSign())
|
||||||
}
|
|
||||||
|
|
||||||
return c.PutEACL(prm)
|
return c.PutEACL(prm)
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
containerContract "github.com/nspcc-dev/neofs-contract/container"
|
containerContract "github.com/nspcc-dev/neofs-contract/container"
|
||||||
|
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
core "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
core "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
|
@ -18,7 +19,7 @@ import (
|
||||||
|
|
||||||
type containerSource Client
|
type containerSource Client
|
||||||
|
|
||||||
func (x *containerSource) Get(cnr cid.ID) (*container.Container, error) {
|
func (x *containerSource) Get(cnr cid.ID) (*containercore.Container, error) {
|
||||||
return Get((*Client)(x), cnr)
|
return Get((*Client)(x), cnr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,7 +30,7 @@ func AsContainerSource(w *Client) core.Source {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get marshals container ID, and passes it to Wrapper's Get method.
|
// Get marshals container ID, and passes it to Wrapper's Get method.
|
||||||
func Get(c *Client, cnr cid.ID) (*container.Container, error) {
|
func Get(c *Client, cnr cid.ID) (*containercore.Container, error) {
|
||||||
binCnr := make([]byte, sha256.Size)
|
binCnr := make([]byte, sha256.Size)
|
||||||
cnr.Encode(binCnr)
|
cnr.Encode(binCnr)
|
||||||
|
|
||||||
|
@ -41,7 +42,7 @@ func Get(c *Client, cnr cid.ID) (*container.Container, error) {
|
||||||
//
|
//
|
||||||
// If an empty slice is returned for the requested identifier,
|
// If an empty slice is returned for the requested identifier,
|
||||||
// storage.ErrNotFound error is returned.
|
// storage.ErrNotFound error is returned.
|
||||||
func (c *Client) Get(cid []byte) (*container.Container, error) {
|
func (c *Client) Get(cid []byte) (*containercore.Container, error) {
|
||||||
prm := client.TestInvokePrm{}
|
prm := client.TestInvokePrm{}
|
||||||
prm.SetMethod(getMethod)
|
prm.SetMethod(getMethod)
|
||||||
prm.SetArgs(cid)
|
prm.SetArgs(cid)
|
||||||
|
@ -87,25 +88,24 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
|
||||||
return nil, fmt.Errorf("could not get byte array of session token (%s): %w", getMethod, err)
|
return nil, fmt.Errorf("could not get byte array of session token (%s): %w", getMethod, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
cnr := container.New()
|
var cnr containercore.Container
|
||||||
if err := cnr.Unmarshal(cnrBytes); err != nil {
|
|
||||||
|
cnr.Value = container.New()
|
||||||
|
if err := cnr.Value.Unmarshal(cnrBytes); err != nil {
|
||||||
// use other major version if there any
|
// use other major version if there any
|
||||||
return nil, fmt.Errorf("can't unmarshal container: %w", err)
|
return nil, fmt.Errorf("can't unmarshal container: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(tokBytes) > 0 {
|
if len(tokBytes) > 0 {
|
||||||
var tok session.Container
|
cnr.Session = new(session.Container)
|
||||||
|
|
||||||
err = tok.Unmarshal(tokBytes)
|
err = cnr.Session.Unmarshal(tokBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
cnr.SetSessionToken(&tok)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature
|
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||||
|
|
||||||
var sigV2 refs.Signature
|
var sigV2 refs.Signature
|
||||||
sigV2.SetKey(pub)
|
sigV2.SetKey(pub)
|
||||||
sigV2.SetSign(sigBytes)
|
sigV2.SetSign(sigBytes)
|
||||||
|
@ -114,7 +114,5 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
|
||||||
var sig neofscrypto.Signature
|
var sig neofscrypto.Signature
|
||||||
sig.ReadFromV2(sigV2)
|
sig.ReadFromV2(sigV2)
|
||||||
|
|
||||||
cnr.SetSignature(&sig)
|
return &cnr, nil
|
||||||
|
|
||||||
return cnr, nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
|
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
@ -14,35 +15,33 @@ import (
|
||||||
// along with sig.Key() and sig.Sign().
|
// along with sig.Key() and sig.Sign().
|
||||||
//
|
//
|
||||||
// Returns error if container is nil.
|
// Returns error if container is nil.
|
||||||
func Put(c *Client, cnr *container.Container) (*cid.ID, error) {
|
func Put(c *Client, cnr containercore.Container) (*cid.ID, error) {
|
||||||
if cnr == nil {
|
if cnr.Value == nil {
|
||||||
return nil, errNilArgument
|
return nil, errNilArgument
|
||||||
}
|
}
|
||||||
|
|
||||||
data, err := cnr.Marshal()
|
data, err := cnr.Value.Marshal()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("can't marshal container: %w", err)
|
return nil, fmt.Errorf("can't marshal container: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
name, zone := container.GetNativeNameWithZone(cnr)
|
name, zone := container.GetNativeNameWithZone(cnr.Value)
|
||||||
|
|
||||||
var prm PutPrm
|
var prm PutPrm
|
||||||
prm.SetContainer(data)
|
prm.SetContainer(data)
|
||||||
prm.SetName(name)
|
prm.SetName(name)
|
||||||
prm.SetZone(zone)
|
prm.SetZone(zone)
|
||||||
|
|
||||||
if tok := cnr.SessionToken(); tok != nil {
|
if cnr.Session != nil {
|
||||||
prm.SetToken(tok.Marshal())
|
prm.SetToken(cnr.Session.Marshal())
|
||||||
}
|
}
|
||||||
|
|
||||||
if sig := cnr.Signature(); sig != nil {
|
|
||||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||||
var sigV2 refs.Signature
|
var sigV2 refs.Signature
|
||||||
sig.WriteToV2(&sigV2)
|
cnr.Signature.WriteToV2(&sigV2)
|
||||||
|
|
||||||
prm.SetKey(sigV2.GetKey())
|
prm.SetKey(sigV2.GetKey())
|
||||||
prm.SetSignature(sigV2.GetSign())
|
prm.SetSignature(sigV2.GetSign())
|
||||||
}
|
|
||||||
|
|
||||||
err = c.Put(prm)
|
err = c.Put(prm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -13,7 +13,6 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||||
|
@ -38,11 +37,11 @@ type Reader interface {
|
||||||
// Writer is an interface of container storage updater.
|
// Writer is an interface of container storage updater.
|
||||||
type Writer interface {
|
type Writer interface {
|
||||||
// Put stores specified container in the side chain.
|
// Put stores specified container in the side chain.
|
||||||
Put(*containerSDK.Container) (*cid.ID, error)
|
Put(containercore.Container) (*cid.ID, error)
|
||||||
// Delete removes specified container from the side chain.
|
// Delete removes specified container from the side chain.
|
||||||
Delete(containercore.RemovalWitness) error
|
Delete(containercore.RemovalWitness) error
|
||||||
// PutEACL updates extended ACL table of specified container in the side chain.
|
// PutEACL updates extended ACL table of specified container in the side chain.
|
||||||
PutEACL(*eaclSDK.Table) error
|
PutEACL(containercore.EACL) error
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewExecutor(rdr Reader, wrt Writer) containerSvc.ServiceExecutor {
|
func NewExecutor(rdr Reader, wrt Writer) containerSvc.ServiceExecutor {
|
||||||
|
@ -59,22 +58,19 @@ func (s *morphExecutor) Put(_ context.Context, tokV2 *sessionV2.Token, body *con
|
||||||
return nil, errors.New("missing signature")
|
return nil, errors.New("missing signature")
|
||||||
}
|
}
|
||||||
|
|
||||||
cnr := containerSDK.NewContainerFromV2(body.GetContainer())
|
cnr := containercore.Container{
|
||||||
|
Value: containerSDK.NewContainerFromV2(body.GetContainer()),
|
||||||
|
}
|
||||||
|
|
||||||
var sig neofscrypto.Signature
|
cnr.Signature.ReadFromV2(*sigV2)
|
||||||
sig.ReadFromV2(*sigV2)
|
|
||||||
|
|
||||||
cnr.SetSignature(&sig)
|
|
||||||
|
|
||||||
if tokV2 != nil {
|
if tokV2 != nil {
|
||||||
var tok session.Container
|
cnr.Session = new(session.Container)
|
||||||
|
|
||||||
err := tok.ReadFromV2(*tokV2)
|
err := cnr.Session.ReadFromV2(*tokV2)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("invalid session token: %w", err)
|
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
cnr.SetSessionToken(&tok)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
idCnr, err := s.wrt.Put(cnr)
|
idCnr, err := s.wrt.Put(cnr)
|
||||||
|
@ -151,21 +147,19 @@ func (s *morphExecutor) Get(ctx context.Context, body *container.GetRequestBody)
|
||||||
|
|
||||||
var sigV2 *refs.Signature
|
var sigV2 *refs.Signature
|
||||||
|
|
||||||
if sig := cnr.Signature(); sig != nil {
|
|
||||||
sigV2 = new(refs.Signature)
|
sigV2 = new(refs.Signature)
|
||||||
sig.WriteToV2(sigV2)
|
cnr.Signature.WriteToV2(sigV2)
|
||||||
}
|
|
||||||
|
|
||||||
var tokV2 *sessionV2.Token
|
var tokV2 *sessionV2.Token
|
||||||
|
|
||||||
if tok := cnr.SessionToken(); tok != nil {
|
if cnr.Session != nil {
|
||||||
tokV2 = new(sessionV2.Token)
|
tokV2 = new(sessionV2.Token)
|
||||||
|
|
||||||
tok.WriteToV2(tokV2)
|
cnr.Session.WriteToV2(tokV2)
|
||||||
}
|
}
|
||||||
|
|
||||||
res := new(container.GetResponseBody)
|
res := new(container.GetResponseBody)
|
||||||
res.SetContainer(cnr.ToV2())
|
res.SetContainer(cnr.Value.ToV2())
|
||||||
res.SetSignature(sigV2)
|
res.SetSignature(sigV2)
|
||||||
res.SetSessionToken(tokV2)
|
res.SetSessionToken(tokV2)
|
||||||
|
|
||||||
|
@ -208,25 +202,22 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok
|
||||||
return nil, errors.New("missing signature")
|
return nil, errors.New("missing signature")
|
||||||
}
|
}
|
||||||
|
|
||||||
table := eaclSDK.NewTableFromV2(body.GetEACL())
|
eaclInfo := containercore.EACL{
|
||||||
|
Value: eaclSDK.NewTableFromV2(body.GetEACL()),
|
||||||
|
}
|
||||||
|
|
||||||
var sig neofscrypto.Signature
|
eaclInfo.Signature.ReadFromV2(*sigV2)
|
||||||
sig.ReadFromV2(*sigV2)
|
|
||||||
|
|
||||||
table.SetSignature(&sig)
|
|
||||||
|
|
||||||
if tokV2 != nil {
|
if tokV2 != nil {
|
||||||
var tok session.Container
|
eaclInfo.Session = new(session.Container)
|
||||||
|
|
||||||
err := tok.ReadFromV2(*tokV2)
|
err := eaclInfo.Session.ReadFromV2(*tokV2)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("invalid session token: %w", err)
|
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
table.SetSessionToken(&tok)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err := s.wrt.PutEACL(table)
|
err := s.wrt.PutEACL(eaclInfo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -247,29 +238,25 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
|
||||||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
return nil, fmt.Errorf("invalid container ID: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
table, err := s.rdr.GetEACL(id)
|
eaclInfo, err := s.rdr.GetEACL(id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var sigV2 *refs.Signature
|
var sigV2 refs.Signature
|
||||||
|
eaclInfo.Signature.WriteToV2(&sigV2)
|
||||||
if sig := table.Signature(); sig != nil {
|
|
||||||
sigV2 = new(refs.Signature)
|
|
||||||
sig.WriteToV2(sigV2)
|
|
||||||
}
|
|
||||||
|
|
||||||
var tokV2 *sessionV2.Token
|
var tokV2 *sessionV2.Token
|
||||||
|
|
||||||
if tok := table.SessionToken(); tok != nil {
|
if eaclInfo.Session != nil {
|
||||||
tokV2 = new(sessionV2.Token)
|
tokV2 = new(sessionV2.Token)
|
||||||
|
|
||||||
tok.WriteToV2(tokV2)
|
eaclInfo.Session.WriteToV2(tokV2)
|
||||||
}
|
}
|
||||||
|
|
||||||
res := new(container.GetExtendedACLResponseBody)
|
res := new(container.GetExtendedACLResponseBody)
|
||||||
res.SetEACL(table.ToV2())
|
res.SetEACL(eaclInfo.Value.ToV2())
|
||||||
res.SetSignature(sigV2)
|
res.SetSignature(&sigV2)
|
||||||
res.SetSessionToken(tokV2)
|
res.SetSessionToken(tokV2)
|
||||||
|
|
||||||
return res, nil
|
return res, nil
|
||||||
|
|
|
@ -10,10 +10,8 @@ import (
|
||||||
containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
containerSvc "github.com/nspcc-dev/neofs-node/pkg/services/container"
|
containerSvc "github.com/nspcc-dev/neofs-node/pkg/services/container"
|
||||||
containerSvcMorph "github.com/nspcc-dev/neofs-node/pkg/services/container/morph"
|
containerSvcMorph "github.com/nspcc-dev/neofs-node/pkg/services/container/morph"
|
||||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
||||||
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
@ -22,7 +20,7 @@ type mock struct {
|
||||||
containerSvcMorph.Reader
|
containerSvcMorph.Reader
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m mock) Put(_ *containerSDK.Container) (*cid.ID, error) {
|
func (m mock) Put(_ containerCore.Container) (*cid.ID, error) {
|
||||||
return new(cid.ID), nil
|
return new(cid.ID), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +28,7 @@ func (m mock) Delete(_ containerCore.RemovalWitness) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m mock) PutEACL(_ *eacl.Table) error {
|
func (m mock) PutEACL(_ containerCore.EACL) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -148,7 +148,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
||||||
|
|
||||||
bearerTok := reqInfo.Bearer()
|
bearerTok := reqInfo.Bearer()
|
||||||
if bearerTok == nil {
|
if bearerTok == nil {
|
||||||
pTable, err := c.eaclSrc.GetEACL(cnr)
|
eaclInfo, err := c.eaclSrc.GetEACL(cnr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, container.ErrEACLNotFound) {
|
if errors.Is(err, container.ErrEACLNotFound) {
|
||||||
return nil
|
return nil
|
||||||
|
@ -156,7 +156,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
table = *pTable
|
table = *eaclInfo.Value
|
||||||
} else {
|
} else {
|
||||||
table = bearerTok.EACLTable()
|
table = bearerTok.EACLTable()
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ package acl
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||||
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
|
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
@ -14,7 +15,7 @@ import (
|
||||||
|
|
||||||
type emptyEACLSource struct{}
|
type emptyEACLSource struct{}
|
||||||
|
|
||||||
func (e emptyEACLSource) GetEACL(_ cid.ID) (*eaclSDK.Table, error) {
|
func (e emptyEACLSource) GetEACL(_ cid.ID) (*container.EACL, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
package eacl
|
package eacl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Source is the interface that wraps
|
// Source is the interface that wraps
|
||||||
|
@ -15,5 +15,5 @@ type Source interface {
|
||||||
//
|
//
|
||||||
// Must return pkg/core/container.ErrEACLNotFound if requested
|
// Must return pkg/core/container.ErrEACLNotFound if requested
|
||||||
// eACL table is not in source.
|
// eACL table is not in source.
|
||||||
GetEACL(cid.ID) (*eacl.Table, error)
|
GetEACL(cid.ID) (*containercore.EACL, error)
|
||||||
}
|
}
|
||||||
|
|
|
@ -506,7 +506,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
||||||
cnr, err := b.containers.Get(idCnr) // fetch actual container
|
cnr, err := b.containers.Get(idCnr) // fetch actual container
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return info, err
|
return info, err
|
||||||
} else if cnr.OwnerID() == nil {
|
} else if cnr.Value.OwnerID() == nil {
|
||||||
return info, errors.New("missing owner in container descriptor")
|
return info, errors.New("missing owner in container descriptor")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -526,7 +526,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
||||||
}
|
}
|
||||||
|
|
||||||
// find request role and key
|
// find request role and key
|
||||||
res, err := b.c.classify(req, idCnr, cnr)
|
res, err := b.c.classify(req, idCnr, cnr.Value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return info, err
|
return info, err
|
||||||
}
|
}
|
||||||
|
@ -535,11 +535,11 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
||||||
return info, ErrUnknownRole
|
return info, ErrUnknownRole
|
||||||
}
|
}
|
||||||
|
|
||||||
info.basicACL = cnr.BasicACL()
|
info.basicACL = cnr.Value.BasicACL()
|
||||||
info.requestRole = res.role
|
info.requestRole = res.role
|
||||||
info.isInnerRing = res.isIR
|
info.isInnerRing = res.isIR
|
||||||
info.operation = op
|
info.operation = op
|
||||||
info.cnrOwner = *cnr.OwnerID()
|
info.cnrOwner = *cnr.Value.OwnerID()
|
||||||
info.idCnr = idCnr
|
info.idCnr = idCnr
|
||||||
|
|
||||||
// it is assumed that at the moment the key will be valid,
|
// it is assumed that at the moment the key will be valid,
|
||||||
|
|
|
@ -156,7 +156,7 @@ func (p *Streamer) preparePrm(prm *PutInitPrm) error {
|
||||||
// add common options
|
// add common options
|
||||||
prm.traverseOpts = append(prm.traverseOpts,
|
prm.traverseOpts = append(prm.traverseOpts,
|
||||||
// set processing container
|
// set processing container
|
||||||
placement.ForContainer(cnr),
|
placement.ForContainer(cnr.Value),
|
||||||
)
|
)
|
||||||
|
|
||||||
if id, ok := prm.hdr.ID(); ok {
|
if id, ok := prm.hdr.ID(); ok {
|
||||||
|
|
|
@ -147,7 +147,7 @@ func (g *TraverserGenerator) GenerateTraverser(idCnr cid.ID, idObj *oid.ID, epoc
|
||||||
|
|
||||||
traverseOpts = append(traverseOpts,
|
traverseOpts = append(traverseOpts,
|
||||||
// set processing container
|
// set processing container
|
||||||
placement.ForContainer(cnr),
|
placement.ForContainer(cnr.Value),
|
||||||
|
|
||||||
// set placement builder
|
// set placement builder
|
||||||
placement.UseBuilder(builder),
|
placement.UseBuilder(builder),
|
||||||
|
|
|
@ -44,7 +44,7 @@ func (p *Policer) processObject(ctx context.Context, addr oid.Address) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
policy := cnr.PlacementPolicy()
|
policy := cnr.Value.PlacementPolicy()
|
||||||
if policy == nil {
|
if policy == nil {
|
||||||
p.log.Error("missing placement policy in container",
|
p.log.Error("missing placement policy in container",
|
||||||
zap.Stringer("cid", idCnr),
|
zap.Stringer("cid", idCnr),
|
||||||
|
|
Loading…
Reference in a new issue