[#276] container: Remove session token and signature from Container/eACL

Session token and signature isn't presented in `Container` and
`EACLTable` messages of NeoFS API V2 protocol. These entities are needed
for access control and doesn't carry payload of these messages.

Remove `SetSessionToken` / `SessionToken` methods of
`container.Container` and `eacl.Table` types. Provide methods to specify
these components in corresponding `Client` operations.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-21 17:50:39 +03:00 committed by fyrchik
parent e986f47807
commit 721df386c5
6 changed files with 74 additions and 131 deletions

View file

@ -24,6 +24,9 @@ type PrmContainerPut struct {
cnrSet bool cnrSet bool
cnr container.Container cnr container.Container
sessionSet bool
session session.Container
} }
// SetContainer sets structured information about new NeoFS container. // SetContainer sets structured information about new NeoFS container.
@ -33,6 +36,19 @@ func (x *PrmContainerPut) SetContainer(cnr container.Container) {
x.cnrSet = true x.cnrSet = true
} }
// WithinSession specifies session within which container should be saved.
//
// Creator of the session acquires the authorship of the request. This affects
// the execution of an operation (e.g. access control).
//
// Session is optional, if set the following requirements apply:
// - session operation MUST be session.VerbContainerPut (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved
func (x *PrmContainerPut) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// ResContainerPut groups resulting values of ContainerPut operation. // ResContainerPut groups resulting values of ContainerPut operation.
type ResContainerPut struct { type ResContainerPut struct {
statusRes statusRes
@ -104,9 +120,9 @@ func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResCon
var meta v2session.RequestMetaHeader var meta v2session.RequestMetaHeader
prm.prmCommonMeta.writeToMetaHeader(&meta) prm.prmCommonMeta.writeToMetaHeader(&meta)
if tok := prm.cnr.SessionToken(); tok != nil { if prm.sessionSet {
var tokv2 v2session.Token var tokv2 v2session.Token
tok.WriteToV2(&tokv2) prm.session.WriteToV2(&tokv2)
meta.SetSessionToken(&tokv2) meta.SetSessionToken(&tokv2)
} }
@ -241,26 +257,6 @@ func (c *Client) ContainerGet(ctx context.Context, prm PrmContainerGet) (*ResCon
cnr := container.NewContainerFromV2(body.GetContainer()) cnr := container.NewContainerFromV2(body.GetContainer())
tokv2 := body.GetSessionToken()
if tokv2 != nil {
var tok session.Container
// FIXME: (neofs-sdk-go#221) need to handle the error
err := tok.ReadFromV2(*tokv2)
if err == nil {
cnr.SetSessionToken(&tok)
}
}
var sig *neofscrypto.Signature
if sigv2 := body.GetSignature(); sigv2 != nil {
sig = new(neofscrypto.Signature)
sig.ReadFromV2(*sigv2)
}
cnr.SetSignature(sig)
res.setContainer(cnr) res.setContainer(cnr)
} }
@ -589,26 +585,6 @@ func (c *Client) ContainerEACL(ctx context.Context, prm PrmContainerEACL) (*ResC
table := eacl.NewTableFromV2(body.GetEACL()) table := eacl.NewTableFromV2(body.GetEACL())
tokv2 := body.GetSessionToken()
if tokv2 != nil {
var tok session.Container
// FIXME: (neofs-sdk-go#221) need to handle the error
err := tok.ReadFromV2(*tokv2)
if err == nil {
table.SetSessionToken(&tok)
}
}
var sig *neofscrypto.Signature
if sigv2 := body.GetSignature(); sigv2 != nil {
sig = new(neofscrypto.Signature)
sig.ReadFromV2(*sigv2)
}
table.SetSignature(sig)
res.setTable(table) res.setTable(table)
} }
@ -626,6 +602,9 @@ type PrmContainerSetEACL struct {
tableSet bool tableSet bool
table eacl.Table table eacl.Table
sessionSet bool
session session.Container
} }
// SetTable sets eACL table structure to be set for the container. // SetTable sets eACL table structure to be set for the container.
@ -635,6 +614,22 @@ func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
x.tableSet = true x.tableSet = true
} }
// WithinSession specifies session within which extended ACL of the container
// should be saved.
//
// Creator of the session acquires the authorship of the request. This affects
// the execution of an operation (e.g. access control).
//
// Session is optional, if set the following requirements apply:
// - if particular container is specified (ApplyOnlyTo), it MUST equal the container
// for which extended ACL is going to be set
// - session operation MUST be session.VerbContainerSetEACL (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// ResContainerSetEACL groups resulting values of ContainerSetEACL operation. // ResContainerSetEACL groups resulting values of ContainerSetEACL operation.
type ResContainerSetEACL struct { type ResContainerSetEACL struct {
statusRes statusRes
@ -690,9 +685,9 @@ func (c *Client) ContainerSetEACL(ctx context.Context, prm PrmContainerSetEACL)
var meta v2session.RequestMetaHeader var meta v2session.RequestMetaHeader
prm.prmCommonMeta.writeToMetaHeader(&meta) prm.prmCommonMeta.writeToMetaHeader(&meta)
if tok := prm.table.SessionToken(); tok != nil { if prm.sessionSet {
var tokv2 v2session.Token var tokv2 v2session.Token
tok.WriteToV2(&tokv2) prm.session.WriteToV2(&tokv2)
meta.SetSessionToken(&tokv2) meta.SetSessionToken(&tokv2)
} }

View file

@ -9,19 +9,13 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-sdk-go/acl" "github.com/nspcc-dev/neofs-sdk-go/acl"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
"github.com/nspcc-dev/neofs-sdk-go/version" "github.com/nspcc-dev/neofs-sdk-go/version"
) )
type Container struct { type Container struct {
v2 container.Container v2 container.Container
token *session.Container
sig *neofscrypto.Signature
} }
// New creates, initializes and returns blank Container instance. // New creates, initializes and returns blank Container instance.
@ -185,28 +179,6 @@ func (c *Container) SetPlacementPolicy(v *netmap.PlacementPolicy) {
c.v2.SetPlacementPolicy(m) c.v2.SetPlacementPolicy(m)
} }
// SessionToken returns token of the session within
// which container was created.
func (c Container) SessionToken() *session.Container {
return c.token
}
// SetSessionToken sets token of the session within
// which container was created.
func (c *Container) SetSessionToken(t *session.Container) {
c.token = t
}
// Signature returns signature of the marshaled container.
func (c Container) Signature() *neofscrypto.Signature {
return c.sig
}
// SetSignature sets signature of the marshaled container.
func (c *Container) SetSignature(sig *neofscrypto.Signature) {
c.sig = sig
}
// Marshal marshals Container into a protobuf binary form. // Marshal marshals Container into a protobuf binary form.
func (c *Container) Marshal() ([]byte, error) { func (c *Container) Marshal() ([]byte, error) {
return c.v2.StableMarshal(nil), nil return c.v2.StableMarshal(nil), nil

View file

@ -9,7 +9,6 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
containertest "github.com/nspcc-dev/neofs-sdk-go/container/test" containertest "github.com/nspcc-dev/neofs-sdk-go/container/test"
netmaptest "github.com/nspcc-dev/neofs-sdk-go/netmap/test" netmaptest "github.com/nspcc-dev/neofs-sdk-go/netmap/test"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
usertest "github.com/nspcc-dev/neofs-sdk-go/user/test" usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
"github.com/nspcc-dev/neofs-sdk-go/version" "github.com/nspcc-dev/neofs-sdk-go/version"
versiontest "github.com/nspcc-dev/neofs-sdk-go/version/test" versiontest "github.com/nspcc-dev/neofs-sdk-go/version/test"
@ -75,16 +74,6 @@ func TestContainerEncoding(t *testing.T) {
}) })
} }
func TestContainer_SessionToken(t *testing.T) {
tok := sessiontest.Container()
cnr := container.New()
cnr.SetSessionToken(tok)
require.Equal(t, tok, cnr.SessionToken())
}
func TestContainer_ToV2(t *testing.T) { func TestContainer_ToV2(t *testing.T) {
t.Run("nil", func(t *testing.T) { t.Run("nil", func(t *testing.T) {
var x *container.Container var x *container.Container
@ -96,8 +85,6 @@ func TestContainer_ToV2(t *testing.T) {
cnt := container.New() cnt := container.New()
// check initial values // check initial values
require.Nil(t, cnt.SessionToken())
require.Nil(t, cnt.Signature())
require.Nil(t, cnt.Attributes()) require.Nil(t, cnt.Attributes())
require.Nil(t, cnt.PlacementPolicy()) require.Nil(t, cnt.PlacementPolicy())
require.Nil(t, cnt.OwnerID()) require.Nil(t, cnt.OwnerID())

View file

@ -7,8 +7,6 @@ import (
v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl" v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/version" "github.com/nspcc-dev/neofs-sdk-go/version"
) )
@ -18,8 +16,6 @@ import (
type Table struct { type Table struct {
version version.Version version version.Version
cid *cid.ID cid *cid.ID
token *session.Container
sig *neofscrypto.Signature
records []Record records []Record
} }
@ -60,28 +56,6 @@ func (t *Table) AddRecord(r *Record) {
} }
} }
// SessionToken returns token of the session
// within which Table was set.
func (t Table) SessionToken() *session.Container {
return t.token
}
// SetSessionToken sets token of the session
// within which Table was set.
func (t *Table) SetSessionToken(tok *session.Container) {
t.token = tok
}
// Signature returns Table signature.
func (t Table) Signature() *neofscrypto.Signature {
return t.sig
}
// SetSignature sets Table signature.
func (t *Table) SetSignature(sig *neofscrypto.Signature) {
t.sig = sig
}
// ToV2 converts Table to v2 acl.EACLTable message. // ToV2 converts Table to v2 acl.EACLTable message.
// //
// Nil Table converts to nil. // Nil Table converts to nil.

View file

@ -8,7 +8,6 @@ import (
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test" eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
"github.com/nspcc-dev/neofs-sdk-go/version" "github.com/nspcc-dev/neofs-sdk-go/version"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -92,15 +91,6 @@ func TestTableEncoding(t *testing.T) {
}) })
} }
func TestTable_SessionToken(t *testing.T) {
tok := sessiontest.Container()
table := eacl.NewTable()
table.SetSessionToken(tok)
require.Equal(t, tok, table.SessionToken())
}
func TestTable_ToV2(t *testing.T) { func TestTable_ToV2(t *testing.T) {
t.Run("nil", func(t *testing.T) { t.Run("nil", func(t *testing.T) {
var x *eacl.Table var x *eacl.Table
@ -116,8 +106,6 @@ func TestTable_ToV2(t *testing.T) {
require.Nil(t, table.Records()) require.Nil(t, table.Records())
_, set := table.CID() _, set := table.CID()
require.False(t, set) require.False(t, set)
require.Nil(t, table.SessionToken())
require.Nil(t, table.Signature())
// convert to v2 message // convert to v2 message
tableV2 := table.ToV2() tableV2 := table.ToV2()

View file

@ -114,10 +114,7 @@ func (c *clientWrapper) balanceGet(ctx context.Context, prm PrmBalanceGet) (*acc
} }
func (c *clientWrapper) containerPut(ctx context.Context, prm PrmContainerPut) (*cid.ID, error) { func (c *clientWrapper) containerPut(ctx context.Context, prm PrmContainerPut) (*cid.ID, error) {
var cliPrm sdkClient.PrmContainerPut res, err := c.client.ContainerPut(ctx, prm.prmClient)
cliPrm.SetContainer(prm.cnr)
res, err := c.client.ContainerPut(ctx, cliPrm)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -184,6 +181,10 @@ func (c *clientWrapper) containerSetEACL(ctx context.Context, prm PrmContainerSe
var cliPrm sdkClient.PrmContainerSetEACL var cliPrm sdkClient.PrmContainerSetEACL
cliPrm.SetTable(prm.table) cliPrm.SetTable(prm.table)
if prm.sessionSet {
cliPrm.WithinSession(prm.session)
}
if _, err := c.client.ContainerSetEACL(ctx, cliPrm); err != nil { if _, err := c.client.ContainerSetEACL(ctx, cliPrm); err != nil {
return err return err
} }
@ -720,15 +721,26 @@ func (x *PrmObjectSearch) SetFilters(filters object.SearchFilters) {
// PrmContainerPut groups parameters of PutContainer operation. // PrmContainerPut groups parameters of PutContainer operation.
type PrmContainerPut struct { type PrmContainerPut struct {
cnr container.Container prmClient sdkClient.PrmContainerPut
waitParams WaitParams waitParams WaitParams
waitParamsSet bool waitParamsSet bool
} }
// SetContainer specifies structured information about new NeoFS container. // SetContainer container structure to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.SetContainer.
func (x *PrmContainerPut) SetContainer(cnr container.Container) { func (x *PrmContainerPut) SetContainer(cnr container.Container) {
x.cnr = cnr x.prmClient.SetContainer(cnr)
}
// WithinSession specifies session to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerPut.WithinSession.
func (x *PrmContainerPut) WithinSession(s session.Container) {
x.prmClient.WithinSession(s)
} }
// SetWaitParams specifies timeout params to complete operation. // SetWaitParams specifies timeout params to complete operation.
@ -805,15 +817,30 @@ func (x *PrmContainerEACL) SetContainerID(cnrID cid.ID) {
type PrmContainerSetEACL struct { type PrmContainerSetEACL struct {
table eacl.Table table eacl.Table
sessionSet bool
session session.Container
waitParams WaitParams waitParams WaitParams
waitParamsSet bool waitParamsSet bool
} }
// SetTable specifies eACL table structure to be set for the container. // SetTable sets structure of container's extended ACL to be used as a
// parameter of the base client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.SetTable.
func (x *PrmContainerSetEACL) SetTable(table eacl.Table) { func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
x.table = table x.table = table
} }
// WithinSession specifies session to be used as a parameter of the base
// client's operation.
//
// See github.com/nspcc-dev/neofs-sdk-go/client.PrmContainerSetEACL.WithinSession.
func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
x.session = s
x.sessionSet = true
}
// SetWaitParams specifies timeout params to complete operation. // SetWaitParams specifies timeout params to complete operation.
// If not provided the default one will be used. // If not provided the default one will be used.
// Panics if any of the wait params isn't positive. // Panics if any of the wait params isn't positive.