Commit graph

1055 commits

Author SHA1 Message Date
Leonard Lyubich
bf92e895c0 [#567] network/clients: Implement method to close the cached clients
Update API Go library with introduce `Client.Conn` method. Implement
`ClientCache.CloseAll` method which reads and closes connections of all
cached clients.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 13:11:37 +03:00
Leonard Lyubich
9359f28161 [#525] ir/container: Compare owner IDs via Equal method
In recent change of API Go library `owner.ID.Equal` signature was
implemented.

Replace the comparison of string representations with `Equal` method call
and remove related TODOs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
937171911a [#525] ir/container: Simplify the approach to verify token signature
In recent change of API Go library `Token.Verify` signature was implemented.

Replace previous version-casting approach with new method call in token
signature check stage.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
23c5277014 [#525] ir/container: Check session verb and container ID
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers

Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
b73c0c67a2 [#525] ir/container: Fix checks without session token
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
ead4513feb [#525] ir/container: Verify operations with session token
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:

 - token owner should be the owner of the related container;
 - the intent must be signed with a session key;
 - the power of attorney must be signed by the owner of the container.

Omitted checks (TBD):

 - session token should have container session context;
 - the verb of the context should correspond to the operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 17:07:20 +03:00
Pavel Karpy
f89c8bf239 [#549] clientCache: Add TLS to client
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Pavel Karpy
f267fbc56a [#549] network/Address: Add TLS
There is no TLS protocol support in
`go-multiaddr` library, but there is
public function that can register any
protocol that can be implemented outside
the library. Also `TLSEnabled` function
for parsing TLS protocol from
`network.Address` was added.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Pavel Karpy
33bef46f31 [#549] network/cache: Change Get signature
Make network cache's `Get` method accept
`network.Address` argument instead of
string.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Leonard Lyubich
5a3a27ba9f [#525] ir/container: Remove no longer needed FIXME
In latest design of `Container` contract key binding is removed.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
fb4e328171 [#525] morph/container: Remove binding key argument from Put call
`bindKey` parameter of `Put` method of `Container` contract was removed in
latest version.

Do not pass bind key of type `[]byte` to `Put` invocation. Remove no longer
needed field from `PutArgs`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
e1fbc28851 [#525] ir/container: Remove resolved FIXME about notary call
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a1bfcdc74a [#525] v2/container: Write session token from header to removal witness
If container is removed via session, then session token should be included
in removal witness.

Write session token from request meta header to `container.RemovalWitness`
structure which is passed to `wrapper.Delete` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
40c796bd7e [#525] ir/container: Write session token on delete approval
Approved removed container ID should be stored in sidechain along with
related session token.

Forward session token from `Delete` event to `Wrapper.Delete` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
631d7b0e07 [#525] morph/container: Accept container session token in Delete
`Delete` method of latest `Container` contract accepts binary session token
as an argument.

Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
166e5440ab [#525] event/container: Parse session token from Delete notification
The 3rd item of `Delete` container notification event is a byte array of
serialized session token.  Parse session token in `ParseDelete` function.
Provide `Delete.SessionToken` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
c12ea210da Fix typo in error details of ParseSetEACL function
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
9659bdc14d [#525] event/container: Fix docs of SessionToken methods
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a1e1350db0 [#525] core/container: Extend removal witness with session token
NeoFS containers can be removed within a trusted session. There is a need to
take this into account during removal inspection.

Define `SessionToken` / `SetSessionToken` methods on `RemovalWitness` struct
in order to embed `session.Token` to it.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
9a0964efa4 [#525] morph/container: Accept RemovalWitness in Delete function
Make `wrapper.Delete` function to accept `container.RemovalWitness` struct
instead of its separated elements. `Signature` type is replaced by binary
signature since public key is unused.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
d691a20d52 [#525] core/container: Define removal witness
Define `RemovalWitness` structure which groups the information required to
prove and verify the removal of a container. This type is going to be used
in container Delete-related methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
edfdc4274a [#525] morph/container: Pass session token to Delete call
Pass session token (byte array) argument to `Delete` method call of
`Container` contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
cfa209d74e [#525] morph/container: Attach parsed session token to table in GetEACL
Unmarshal session token from `EACLValues` and write it to resulting
`eacl.Table` structure in `Wrapper.GetEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
7ca6f601ef [#525] morph/container: Parse session token, key and signature in EACL
`EACL` method of `Container` contract returns binary session token, key and
signature along with eACL table.

Provide `Signature`, `PublicKey` and `SessionToken` getters from
`EACLValues` structure. Parse and set all values in `Client.EACL` methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
4ef369732a [#525] ir/container: Write session token on eACL table approval
Approved eACL table should be stored in sidechain along with related session
token.

Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db7312274c [#525] event/container: Parse session token from SetEACL notification
The 4th item of `SetEACL` container notification event is a byte array of
serialized session token.

Parse session token in `ParseSetEACL` function. Provide
`SetEACL.SessionToken` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
b09f212990 [#525] v2/container: Write session token from header to eACL table
If eACL table is set via session, then session token should be written to
it.

Write session token from request meta header to `eacl.Table` structure which
is passed to `wrapper.PutEACL` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
5c2b8de87d [#525] v2/container: Make context with token reusable
Rename `PutContext` to `ContextWithToken` and implement its constructor as a
separate function in order to reuse it in other RPCs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
959610080a [#525] morph/container: Accept container session token in PutEACL
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.

Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
c4a3adc8b0 [#525] morph/container: Attach all parsed items to container in Get
Unmarshal session token from `GetValues` and write it to resulting
`Container` structure in `Wrapper.Get` method. Write key-signature pair from
`GetValues` to resulting `Container` structure in `Wrapper.Get` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
b9b369dd5b [#525] morph/container: Parse session token, key and signature in Get
`Get` method of `Container` contract returns binary session token, key and
signature along with container.

Provide `Signature`, `PublicKey` and `SessionToken` getters from `GetValues`
structure. Parse and set all values in `Client.Get` methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
461fcfcf19 [#525] ir/container: Write session token on container approval
Approved container should be stored in sidechain along with related session
token.

Forward session token from `Put` event to `Wrapper.Put` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
0f91b78df1 [#525] event/container: Parse binary session token from Put notification
The 4th item of `Put` container notification event is a byte array of
serialized session token.

Parse session token in `ParsePut` function. Provide `Put.SessionToken`
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
98cc685a9b [#525] v2/container: Write session token from header to container
If container is created via session, then session token should be written to
it.

Write session token from request meta header to `Container` structure which
is passed to `wrapper.Put` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db67a117f0 [#525] morph/container: Accept container session token in Put
`Put` method of latest `Container` contract accepts binary session token as
an argument.

Provide `PutArgs.SetSessionToken` method. Accept session token as a `[]byte`
in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session token
from container in `wrapper.Put` function and pass it to the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
1deb3f3d01 [#525] morph/container: Do not accept signature in PutEACL function
In previous implementation wrapper over the Container contract's client
accepted the signature of the eACL table in addition to itself. After recent
changes in API Go lib table carries its signature. Thus, it is redundant
to pass the eACL table signature separately.

Make `wrapper.PutEACL` method to accept `eacl.Table` only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
32828d2b90 [#525] morph/container: Do not accept signature in Put function
In previous implementation wrapper over the Container contract's client
accepted the signature of the container in addition to itself. After recent
changes in API Go lib container carries its signature. Thus, it is redundant
to pass the container signature separately.

Make `wrapper.Put` method to accept `Container` only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
df197dc38b [#525] morph/container: Do not return signature from GetEACL method
In previous implementation wrapper over the Container contract's client
returned the signature of the eACL table in addition to itself. After recent
changes in API Go lib table carries its signature. Thus, it is redundant to
return the table signature separately.

Make `Wrapper.GetEACL` method to return only `eacl.Table` with error.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
615813d6de [#525] v2/container: Return session token in GetExtendedACL
In recent API changes `GetExtendedACLResponseBody` carries session token.
In recent API Go lib changes `eacl.Table` structure carries related session
token.

Write session token of eACL table from sidechain to GetExtendedACL response
body in node's `ContainerService` server.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a7f71bf167 [#525] v2/container: Return session token and signature in Get
In recent API changes `GetResponseBody` carries session token and signature.
In recent API Go lib changes `Container` structure carries its session
token and signature.

Write session token and signature of container from sidechain to Get
response body in node's `ContainerService` server.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Alex Vanin
975ab0dff7 [#561] acl: Add tests for request meta header traverser
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Alex Vanin
a025e6250e [#561] acl: Fetch session token from original request meta header
As it explained in previous commit, session token also should
be presented in original meta header but can be omitted in higher
layers.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Alex Vanin
d368afffe5 [#561] acl: Fetch bearer token from original request meta header
Request meta headers are organized in a layers, where
upper layers re-sign down layers. Bearer token should be
a part of original meta header and it can be omitted in
upper layers. Therefore we need to traverse over linked list
of meta header to the original meta header to get bearer token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Leonard Lyubich
8448207854 [#505] morph/container: Change parsing of eACL contract method's result
`eACL` method of `Container` contract returns structure with 4 fields (the
4th is a recently added binary session token).

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
70f800eb76 [#505] event/container: Change number of items in SetEACL event
Change expected event items to 4 in order to support new binary session
token item. Parsing of the session token will be implemented later.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
62281b91f4 [#505] morph/container: Rename PutEACLBinary to PutEACl in wrapper
There is no need to concretize the type of arguments in the method name.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
0282994f3e [#505] morph/container: Fix setting of SetEACL arguments in wrapper
Extended ACL table and its signature were mixed up.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
6d9cc0dc60 [#505] morph/container: Add SetEACL method arguments
Pass session token (byte array) argument to `SetEACL` method call of
`Container` contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
cf40e19985 [#505] morph/container: Change parsing of Get contract method's result
`Get` method of `Container` contract returns structure with 4 fields
(container is the 1st one).

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
017fb6abed [#505] ir/container: Use client wrapper with enabled notary calls
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
8d201f920e [#496] morph/wrappers: Deprecate all notary-dedicated methods
All client wrappers should use underlying static client with enabled notary
work mode in order to produce invocations of notary contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
9f122f279a [#496] morph/container: Construct client wrapper in notary mode
Some of the client wrapper's methods should produce notary contract's
invocations. In previous implementation all wrappers provided separate
methods to do it. Since notary and non-notary invocation scenarios have very
different goals, it makes sense to separate the scenarios of using the
client wrapper  at the stage of its creation.

Define `Option` constructor for container client wrapper. Add `TryNotary`
option which enables tries of the notary invocations on underlying static
client. Mark all notary-dedicated methods as deprecated.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
b794aeab63 [#496] morph/client: Construct StaticClient in two work modes
There are two scenarios of invocation of contract methods:
  1. do not invoke notary contract;
  2. try to invoke notary contract if it is enabled in Client.

Taking this into account, `StaticClient` can work in one of the two described
modes. Based on this, it makes sense at the stage of creating `StaticClient`
to fix the call mode, and the further abstract from it.

Define `StaticClientOption` setters of `StaticClient` optional parameters.
Add `TryNotary` constructor of option which enables notary tries. Call
`NotaryInvoke` on underlying `Client` if the option is provided, otherwise
call `Invoke`. Mark `NotaryInvoke` method of `StaticClient` as deprecated.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
97bd85f9e1 [#505] morph/container: Add Put method arguments
Pass session token (byte array) and bind key flag (boolean) arguments to
`Put` method call of `Container` contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
fad477df2a [#505] morph/client: Support boolean invocation argument
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
f2778361c8 [#505] event/container: Change number of items in Put event
Change expected event items to 4 in order to support new binary session
token item. Parsing of the session token will be implemented later.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
ac2d347884 [#505] ir/container: Check key-to-owner mapping in key ownership check
Owner identifier can be calculated from public key. If it matches, no
additional verification of key ownership is required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
369c12b702 [#505] morph/container: Verify signature of deleting container ID
Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
83c27f6e8a [#505] morph/container: Change get container API
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.

Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
6310535b3c [#505] ir/container: Check key ownership in Put container handler
Check if new container was signed by its owner, and otherwise prohibit
operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
5287c194e5 [#505] ir/container: Replace key ownership check into a separate method
Method of key ownership verification is going to be reused by the handlers
of the other events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
6239d5c0c7 [#505] ir/container: Verify signature in check of Put container event
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
ff715c8037 [#505] ir/container: Change the way to approve container delete event
Call `Delete` method on the wrapper over the Container contract's client
directly from `Processor.approveDeleteContainer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
e3b4c9eda0 [#505] morph/container: Change delete container API
Make `Delete` method of the wrapper over Container contract's client to accept
two binary parameters: container ID and signature. Create `Delete` function
similar to the previous `Delete` variation, but accepting `Signature`
structure instead of binary signature. Use this function in Container
service server in the place where `Delete` method was used.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
24ad60e1c8 [#505] ir/container: Change the way to approve container put event
Call `Put` method on the wrapper over the Container contract's client
directly from `Processor.approvePutContainer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
3a5849fadb [#505] morph/container: Do not return ID from Wrapper.Put method
`Put` method of the wrapper over the Container contract's client does not
modify passed binary container, so it makes no sense to calculate the
identifier.

`Put` method returns the error only from now. Function `Put` calculates
identifier itself since it is still required by function signature.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
565ad51b42 [#505] morph/container: Change put container API
Make `Put` method of the wrapper over Container contract's client to accept
three binary parameters: container, key and signature. Create `Put` function
similar to the previous `Put` variation, but accepting `Signature`
structure instead of binary key and signature. Use this function in
Container service server in the place where `Put` method was used.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
9259ae640e [#505] ir/container: Slightly refactor Put and Delete handlers
Split up `processContainerPut` and `processContainerDelete` methods of
container `Processor` into two sub-methods: checking the event and its
assertion.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
a3ac294902 [#505] morph/container: Do not parse public key in Put event parser
Morph event structures defined in `pkg/morph/event`  should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side.

Change data type of `Put.PublicKey` return to byte slice. `ParsePut` doesn't
unmarshal public key from now.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
a306eb9ce7 [#505] ir: Process set eACL notifications from Container contract
Add `setEACL` notification event parser (handler) to the return of the
`ListenerParsers` (`ListenerHandlers`) method. Read address of NeoFS ID
contract from `contracts.neofsid` config. Implement `NewNeoFSIDClient`
constructor in `invoke` package and use it in IR application.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
4949f4b064 [#505] ir/container: Refactor ListenerParsers and ListenerHandlers
Pre-allocate slices for a known number of elements. Use single `ParserInfo`
/ `HandlerInfo` variable in order to set Container contracts's address once
and change only values that differ between events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
372cba1fca [#505] ir/container: Check key ownership during set eACL handling
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
b0271aa478 [#505] ir/container: Verify signature of binary eACL tables
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
87d83174d9 [#505] ir/container: Implement simplified handling of SetEACL event
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
8c632f6966 [#505] morph/events: Define eACL table change notification
Define `SetEACL` structure of eACL table change notification from Container
contract. Implement function which parses `SetEACL` event structure from
stack item list.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
395fd187ac [#505] morph/container: Add key argument to client wrapper's SetEACL
In recent changes argument list of set eACL call of Container contract
client was extended with binary public key. In the future there will be a
need to pass the table in binary format.

Replace `PutEACL` method with `PutEACLBinary` one which accepts three binary
parameters: eACL table, key and signature. Create `PutEACL` function similar
to the removed method, but accepting `Signature` structure instead of just
a signature. Use this function in Container service server in the place
where `PutEACL` was used.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
02079a4f89 [#505] morph/container: Add public key argument to set eACL operation
Add `SetEACLArgs.SetPublicKey` method which sets binary public key argument
of the "set eACL" contract call. Attach key to the `Invoke` call.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Evgenii Stratonikov
b21a6ccede [#496] Remove unused type aliases and errors
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
2b2b2c2c45 [#496] Use single contract wrapper constructor
There is no need in a separate `New()` or `WrapClient()`

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
b52751e992 [#496] innerring/invoke: move wrapper structs to separate packages
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
ca0e3211be [#496] innerring/invoke: remove function wrappers
Use morph.Client directly.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
b5cda8cd41 [#496] morph/client: fallback to simple invoke in NotaryInvoke
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
2e31cd34e6 [#502] innerring: synchronize validators on mainnet alphabet update
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 11:10:01 +03:00
Angira Kekteeva
7eab752923 [#116] *: Replace pkg policy by neofs-sdk policy
Processing transfer of policy pkg to neofs-sdk repository.

Replace local dependency in neofs-cli.

Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
2021-05-24 09:49:15 +03:00
Evgenii Stratonikov
213bbcbf2b [#541] blobstor/fstree: fix a bug in Iterate()
Be able to recover address from the path. Also add tests.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-20 19:24:42 +03:00
Leonard Lyubich
1b51dcf8a4 [#546] engine/inhume: Fix incorrect Inhume behavior for root objects
If object to be inhumed is root we need to continue first traverse over the
shards. In case when several children are stored in different shards,
inhuming object in a single shard leads to appearance of inhumed object in
subsequent selections. Also, any object can be already inhumed, and this
case is equivalent to successful inhume.

Do not fail on `object.ErrAlreadyRemoved` error. Continue first iterating
over shards if we detected root object (`SplitInfoError`).

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-20 17:39:38 +03:00
Leonard Lyubich
c5dae76c7d [#546] engine/inhume: Write unit tests
Write unit tests of `StorageEngine.Inhume` which assert that inhumed objects
don't appear in `Select` result.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-20 17:39:38 +03:00
Leonard Lyubich
d1d846cf4d [#546] engine/inhume: Fix incorrect reaction on successful traverse
In previous implementation storage engine false-negatively reacted to a
successful Inhume operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-20 17:39:38 +03:00
Leonard Lyubich
b587b23e79 [#543] object/search: Fix potential NPE on request forwarder
Request forwarding callback should be called only if set since it is an
optional parameter.

Call `forwarder` function only if it is non-nil.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-20 11:33:24 +03:00
Leonard Lyubich
b2002ffc6d [#543] object/get: Fix potential NPE on request forwarder
Request forwarding callback should be called only if set since it is an
optional parameter. In GetRangeHash forwarder is never set.

Call `forwarder` function only if it is non-nil. Remove no longer needed
`hashOnly` option.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-20 11:33:24 +03:00
Alex Vanin
89b147ebe7 [#521] Recompile protobuf files after transition from pkg/errors
Autogenerated files were accidentally modified. This commit returns
them back to the original.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-19 19:09:35 +03:00
Alex Vanin
b5256ccf4c [#521] Fix issues with transition from pkg/errors pkg
Wrap functions at `pkg/errors` return nil if error argument
was nil. fmt.Errorf always returns error so we need to add
missing error checks to the code.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-19 19:09:35 +03:00
Evgenii Stratonikov
71b87155ef [#521] *: use stdlib errors package
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-19 16:42:54 +03:00
Leonard Lyubich
eb26f92678 [#505] neofsid: Implement wrapper over contract client
Implement wrapper over NeoFS ID contact's client which allows to which
allows you to conveniently interact with the contract. Implement
`AccountKeys` method for getting a list of keys by account ID.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-19 13:55:10 +03:00
Leonard Lyubich
68b469a79d [#505] neofsid: Implement contract client
Implement NeoFS ID contact's client which is responsible for collecting call
arguments and parsing stack items. Initially only key listing method is
supported.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-19 13:55:10 +03:00
Leonard Lyubich
72e2bc8fb6 [#532] object/hash: Fix NPE during request forwarding
In current implementation `Object.GetRangeHash` RPC handler forwards range
requests for payload data. Missing request forwarder of the original request
caused NPE during execution.

Do not call request forwarder if payload range hash is requested.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-18 18:05:18 +03:00
Evgenii Stratonikov
9ea8d11ec3 [#523] go.mod: update go-multiraddr library
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-18 15:50:47 +03:00
Alex Vanin
8d8d9eccbd [#522] network: Fix issue with empty endpoint in multiaddr
Before fix `:8080` host address was parsed as `/dns4/tcp/8080`
multiaddress. However such multiaddress is not correct. In this
case `dns4` section should be omitted, but it breaks `manet.DialArgs`.

To solve this issue we explicitly set 0.0.0.0 address.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-18 12:07:00 +03:00
Alex Vanin
16f13bc0a5 [#522] Use HostAddrString as RPC endpoint instead of IPAddrString
To enable TLS support we can't operate with IP addresses directly.
Certificates are issued with host names so it is required to
pass them into RPC client. DNS resolving should be done by transport
layer and not be a part of node. Therefore `IPAddrString` usage is
removed from code.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-18 12:07:00 +03:00
Alex Vanin
2456873473 [#522] network: Add host address stringer
network.Address is a wrapper around multiaddress. Multiaddress
can be resolved to ip netaddr with `IPAddrString` function:
  /dns4/localhost/tcp/8080 => 127.0.0.1:8080
With `HostAddrString` multi address will be transformed to
host address:
  /dns4/localhost/tcp8080 => localhost:8080

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-18 12:07:00 +03:00