Define `ControlService` for IR similar to the one from storage node. Add
`HealthStatus` RPC which returns health status of the IR application.
Implement getters, setters and methods to sign/verify the messages.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Also use neo-go private key wrapper where possible, as it
already has methods for (un)marshaling.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Config `NodeInfo` should be used for bootstrap. Separete local node info and
netmap one. Return configured `NodeInfo` if structure from netmap is
missing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In testnet and neofs-dev-env we use timers with these
settings and they are looking good. So it makes sense
to make them default.
Storage node now can't configure bootstrap healthcheck
length and can't disable it. Inner ring default values
now adopt these changes too.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
New config package in storage node does not use
application prefix from misc package. Therefore
inner ring node can define prefix in local scope.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Flag `-i` is deprecated in go1.16 and it
has pretty much no effect since go1.10 when
build cache was introduced. Read more about
this at https://golang.org/doc/go1.16
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.
Cover `Validator.VerifyAndUpdate` method with unit tests.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
NeoFS network dictates the limitation of the maximum size of the "finished"
objects. The payload size of an object is recorded in its header. When
writing finished objects, the nodes must check:
* satisfying the constraint;
* matching the value in the header to the number of payload bytes.
Provide value returned by `MaxSizeSource` component to `validatingTarget`.
Check max size value during the stream of the "finished" objects. Check
header value during the streaming and on-close. Check payload size in v2
relay scenario.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.
Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:
* NBF value is gt the current epoch;
* IAT is gt the current epoch;
* EXP is le the current epoch.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Container commands in NeoFS CLI can use signed session token
to create, delete container and change extended ACL table.
This token should be signed the same way we sign bearer tokens.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
containerSessionToken() actually parses any session token.
We can reuse this function to resign session token when it
takes filepath as an argument, instead of public variable.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>