forked from TrueCloudLab/frostfs-node
[#xxx] Upgrade NeoFS SDK Go with changed container sessions
After recent changes in NeoFS SDK Go library session tokens aren't embedded into `container.Container` and `eacl.Table` structures. Group value, session token and signature in a structure for container and eACL. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
633b4e7d2d
commit
b67974a8d3
26 changed files with 150 additions and 166 deletions
|
@ -98,7 +98,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
|||
|
||||
issuer := tok.Issuer()
|
||||
cnr.SetOwnerID(&issuer)
|
||||
cnr.SetSessionToken(tok)
|
||||
} else {
|
||||
var idOwner user.ID
|
||||
user.IDFromKey(&idOwner, key.PublicKey)
|
||||
|
@ -113,7 +112,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
|||
cnr.SetBasicACL(basicACL)
|
||||
cnr.SetAttributes(attributes)
|
||||
cnr.SetNonceUUID(nonce)
|
||||
cnr.SetSessionToken(tok)
|
||||
|
||||
cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
|
||||
|
||||
|
@ -121,6 +119,10 @@ It will be stored in sidechain when inner ring will accepts it.`,
|
|||
putPrm.SetClient(cli)
|
||||
putPrm.SetContainer(*cnr)
|
||||
|
||||
if tok != nil {
|
||||
putPrm.WithinSession(*tok)
|
||||
}
|
||||
|
||||
res, err := internalclient.PutContainer(putPrm)
|
||||
common.ExitOnErr(cmd, "rpc error: %w", err)
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@ package container
|
|||
import (
|
||||
"os"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
||||
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
|
||||
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
|
||||
|
@ -29,22 +28,10 @@ var getExtendedACLCmd = &cobra.Command{
|
|||
|
||||
eaclTable := res.EACL()
|
||||
|
||||
sig := eaclTable.Signature()
|
||||
|
||||
// TODO(@cthulhu-rider): #1387 avoid type conversion
|
||||
var sigV2 refs.Signature
|
||||
sig.WriteToV2(&sigV2)
|
||||
|
||||
if containerPathTo == "" {
|
||||
cmd.Println("eACL: ")
|
||||
common.PrettyPrintJSON(cmd, eaclTable, "eACL")
|
||||
|
||||
var sigV2 refs.Signature
|
||||
sig.WriteToV2(&sigV2)
|
||||
|
||||
cmd.Println("Signature:")
|
||||
common.PrettyPrintJSON(cmd, &sigV2, "signature")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -60,9 +47,6 @@ var getExtendedACLCmd = &cobra.Command{
|
|||
|
||||
cmd.Println("dumping data to file:", containerPathTo)
|
||||
|
||||
cmd.Println("Signature:")
|
||||
common.PrettyPrintJSON(cmd, &sigV2, "signature")
|
||||
|
||||
err = os.WriteFile(containerPathTo, data, 0644)
|
||||
common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
|
||||
},
|
||||
|
|
|
@ -32,7 +32,6 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
|||
}
|
||||
|
||||
eaclTable.SetCID(id)
|
||||
eaclTable.SetSessionToken(tok)
|
||||
|
||||
pk := key.GetOrGenerate(cmd)
|
||||
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
|
||||
|
@ -41,6 +40,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
|||
setEACLPrm.SetClient(cli)
|
||||
setEACLPrm.SetTable(*eaclTable)
|
||||
|
||||
if tok != nil {
|
||||
setEACLPrm.WithinSession(*tok)
|
||||
}
|
||||
|
||||
_, err := internalclient.SetEACL(setEACLPrm)
|
||||
common.ExitOnErr(cmd, "rpc error: %w", err)
|
||||
|
||||
|
|
|
@ -10,9 +10,7 @@ import (
|
|||
cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||
putsvc "github.com/nspcc-dev/neofs-node/pkg/services/object/put"
|
||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
netmapSDK "github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
)
|
||||
|
@ -147,13 +145,13 @@ func newCachedContainerStorage(v container.Source) *ttlContainerStorage {
|
|||
|
||||
// Get returns container value from the cache. If value is missing in the cache
|
||||
// or expired, then it returns value from side chain and updates the cache.
|
||||
func (s *ttlContainerStorage) Get(cnr cid.ID) (*containerSDK.Container, error) {
|
||||
func (s *ttlContainerStorage) Get(cnr cid.ID) (*container.Container, error) {
|
||||
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return val.(*containerSDK.Container), nil
|
||||
return val.(*container.Container), nil
|
||||
}
|
||||
|
||||
type ttlEACLStorage ttlNetCache
|
||||
|
@ -180,13 +178,13 @@ func newCachedEACLStorage(v eacl.Source) *ttlEACLStorage {
|
|||
|
||||
// GetEACL returns eACL value from the cache. If value is missing in the cache
|
||||
// or expired, then it returns value from side chain and updates cache.
|
||||
func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) {
|
||||
func (s *ttlEACLStorage) GetEACL(cnr cid.ID) (*container.EACL, error) {
|
||||
val, err := (*ttlNetCache)(s).get(cnr.EncodeToString())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return val.(*eaclSDK.Table), nil
|
||||
return val.(*container.EACL), nil
|
||||
}
|
||||
|
||||
// InvalidateEACL removes cached eACL value.
|
||||
|
|
|
@ -30,7 +30,6 @@ import (
|
|||
apiClient "github.com/nspcc-dev/neofs-sdk-go/client"
|
||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/netmap"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
"go.uber.org/zap"
|
||||
|
@ -355,7 +354,7 @@ func (l *loadPlacementBuilder) buildPlacement(epoch uint64, idCnr cid.ID) ([][]n
|
|||
return nil, nil, err
|
||||
}
|
||||
|
||||
policy := cnr.PlacementPolicy()
|
||||
policy := cnr.Value.PlacementPolicy()
|
||||
if policy == nil {
|
||||
return nil, nil, errors.New("missing placement policy in container")
|
||||
}
|
||||
|
@ -566,11 +565,11 @@ type morphContainerReader struct {
|
|||
}
|
||||
}
|
||||
|
||||
func (x *morphContainerReader) Get(id cid.ID) (*containerSDK.Container, error) {
|
||||
func (x *morphContainerReader) Get(id cid.ID) (*containerCore.Container, error) {
|
||||
return x.get.Get(id)
|
||||
}
|
||||
|
||||
func (x *morphContainerReader) GetEACL(id cid.ID) (*eaclSDK.Table, error) {
|
||||
func (x *morphContainerReader) GetEACL(id cid.ID) (*containerCore.EACL, error) {
|
||||
return x.eacl.GetEACL(id)
|
||||
}
|
||||
|
||||
|
@ -586,13 +585,13 @@ type morphContainerWriter struct {
|
|||
lists *ttlContainerLister
|
||||
}
|
||||
|
||||
func (m morphContainerWriter) Put(cnr *containerSDK.Container) (*cid.ID, error) {
|
||||
func (m morphContainerWriter) Put(cnr containerCore.Container) (*cid.ID, error) {
|
||||
containerID, err := cntClient.Put(m.neoClient, cnr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
idOwner := cnr.OwnerID()
|
||||
idOwner := cnr.Value.OwnerID()
|
||||
if idOwner == nil {
|
||||
return nil, errors.New("missing container owner")
|
||||
}
|
||||
|
@ -608,14 +607,14 @@ func (m morphContainerWriter) Delete(witness containerCore.RemovalWitness) error
|
|||
return cntClient.Delete(m.neoClient, witness)
|
||||
}
|
||||
|
||||
func (m morphContainerWriter) PutEACL(table *eaclSDK.Table) error {
|
||||
err := cntClient.PutEACL(m.neoClient, table)
|
||||
func (m morphContainerWriter) PutEACL(eaclInfo containerCore.EACL) error {
|
||||
err := cntClient.PutEACL(m.neoClient, eaclInfo)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if m.cacheEnabled {
|
||||
id, _ := table.CID()
|
||||
id, _ := eaclInfo.Value.CID()
|
||||
m.eacls.InvalidateEACL(id)
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
policerconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/policer"
|
||||
replicatorconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/replicator"
|
||||
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
|
||||
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||
|
@ -402,29 +403,23 @@ type morphEACLFetcher struct {
|
|||
w *cntClient.Client
|
||||
}
|
||||
|
||||
func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*eaclSDK.Table, error) {
|
||||
table, err := s.w.GetEACL(cnr)
|
||||
func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*containercore.EACL, error) {
|
||||
eaclInfo, err := s.w.GetEACL(cnr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
sig := table.Signature()
|
||||
if sig == nil {
|
||||
// TODO(@cthulhu-rider): #1387 use "const" error
|
||||
return nil, errors.New("missing signature")
|
||||
}
|
||||
|
||||
binTable, err := table.Marshal()
|
||||
binTable, err := eaclInfo.Value.Marshal()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("marshal eACL table: %w", err)
|
||||
}
|
||||
|
||||
if !sig.Verify(binTable) {
|
||||
if !eaclInfo.Signature.Verify(binTable) {
|
||||
// TODO(@cthulhu-rider): #1387 use "const" error
|
||||
return nil, errors.New("invalid signature of the eACL table")
|
||||
}
|
||||
|
||||
return table, nil
|
||||
return eaclInfo, nil
|
||||
}
|
||||
|
||||
type reputationClientConstructor struct {
|
||||
|
|
2
go.mod
2
go.mod
|
@ -19,7 +19,7 @@ require (
|
|||
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220601120906-3bec6657f5c5 // indirect
|
||||
github.com/nspcc-dev/neofs-api-go/v2 v2.12.3-0.20220620114558-454b5c0ed7e9
|
||||
github.com/nspcc-dev/neofs-contract v0.15.1
|
||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721
|
||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599
|
||||
github.com/nspcc-dev/tzhash v1.5.2
|
||||
github.com/panjf2000/ants/v2 v2.4.0
|
||||
github.com/paulmach/orb v0.2.2
|
||||
|
|
BIN
go.sum
BIN
go.sum
Binary file not shown.
|
@ -6,8 +6,23 @@ import (
|
|||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
)
|
||||
|
||||
// Container groups information about the NeoFS container stored in the NeoFS network.
|
||||
type Container struct {
|
||||
// Container structure.
|
||||
Value *container.Container
|
||||
|
||||
// Signature of the Value.
|
||||
Signature neofscrypto.Signature
|
||||
|
||||
// Session within which Value was created. Nil means session absence.
|
||||
Session *session.Container
|
||||
}
|
||||
|
||||
// Source is an interface that wraps
|
||||
// basic container receiving method.
|
||||
type Source interface {
|
||||
|
@ -19,7 +34,7 @@ type Source interface {
|
|||
//
|
||||
// Implementations must not retain the container pointer and modify
|
||||
// the container through it.
|
||||
Get(cid.ID) (*container.Container, error)
|
||||
Get(cid.ID) (*Container, error)
|
||||
}
|
||||
|
||||
// IsErrNotFound checks if the error returned by Source.Get corresponds
|
||||
|
@ -31,3 +46,16 @@ func IsErrNotFound(err error) bool {
|
|||
// ErrEACLNotFound is returned by eACL storage implementations when
|
||||
// the requested eACL table is not in the storage.
|
||||
var ErrEACLNotFound = errors.New("extended ACL table is not set for this container")
|
||||
|
||||
// EACL groups information about the NeoFS container's extended ACL stored in
|
||||
// the NeoFS network.
|
||||
type EACL struct {
|
||||
// Extended ACL structure.
|
||||
Value *eacl.Table
|
||||
|
||||
// Signature of the Value.
|
||||
Signature neofscrypto.Signature
|
||||
|
||||
// Session within which Value was set. Nil means session absence.
|
||||
Session *session.Container
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
|
|||
continue
|
||||
}
|
||||
|
||||
policy := cnr.PlacementPolicy()
|
||||
policy := cnr.Value.PlacementPolicy()
|
||||
if policy == nil {
|
||||
log.Error("missing placement policy in container, ignore",
|
||||
zap.Stringer("cid", containers[i]),
|
||||
|
@ -108,7 +108,7 @@ func (ap *Processor) processStartAudit(epoch uint64) {
|
|||
WithAuditContext(auditCtx).
|
||||
WithContainerID(containers[i]).
|
||||
WithStorageGroupList(storageGroups).
|
||||
WithContainerStructure(cnr).
|
||||
WithContainerStructure(cnr.Value).
|
||||
WithContainerNodes(nodes).
|
||||
WithNetworkMap(nm)
|
||||
|
||||
|
|
|
@ -169,7 +169,7 @@ func (cp *Processor) checkDeleteContainer(e *containerEvent.Delete) error {
|
|||
return fmt.Errorf("could not receive the container: %w", err)
|
||||
}
|
||||
|
||||
ownerContainer := cnr.OwnerID()
|
||||
ownerContainer := cnr.Value.OwnerID()
|
||||
if ownerContainer == nil {
|
||||
return errors.New("missing container owner")
|
||||
}
|
||||
|
|
|
@ -52,7 +52,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
|
|||
}
|
||||
|
||||
// ACL extensions can be disabled by basic ACL, check it
|
||||
basicACL := cnr.BasicACL()
|
||||
basicACL := cnr.Value.BasicACL()
|
||||
const finalBitMask = 1 << 28
|
||||
|
||||
// Temp solution: NeoFS SDK is going to provide convenient interface to do this soon.
|
||||
|
@ -61,7 +61,7 @@ func (cp *Processor) checkSetEACL(e container.SetEACL) error {
|
|||
return errors.New("ACL extension disabled by container basic ACL")
|
||||
}
|
||||
|
||||
ownerContainer := cnr.OwnerID()
|
||||
ownerContainer := cnr.Value.OwnerID()
|
||||
if ownerContainer == nil {
|
||||
return errors.New("missing container owner")
|
||||
}
|
||||
|
|
|
@ -123,7 +123,7 @@ func (s settlementDeps) ContainerInfo(cid cid.ID) (common.ContainerInfo, error)
|
|||
return nil, fmt.Errorf("could not get container from storage: %w", err)
|
||||
}
|
||||
|
||||
return (*containerWrapper)(cnr), nil
|
||||
return (*containerWrapper)(cnr.Value), nil
|
||||
}
|
||||
|
||||
func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.NodeInfo, *netmapAPI.NetMap, error) {
|
||||
|
@ -147,7 +147,7 @@ func (s settlementDeps) buildContainer(e uint64, cid cid.ID) ([][]netmapAPI.Node
|
|||
return nil, nil, fmt.Errorf("could not get container from sidechain: %w", err)
|
||||
}
|
||||
|
||||
policy := cnr.PlacementPolicy()
|
||||
policy := cnr.Value.PlacementPolicy()
|
||||
if policy == nil {
|
||||
return nil, nil, errors.New("missing placement policy in container")
|
||||
}
|
||||
|
|
|
@ -8,14 +8,13 @@ import (
|
|||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
)
|
||||
|
||||
// GetEACL reads the extended ACL table from NeoFS system
|
||||
// through Container contract call.
|
||||
func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) {
|
||||
func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
|
||||
binCnr := make([]byte, sha256.Size)
|
||||
cnr.Encode(binCnr)
|
||||
|
||||
|
@ -66,34 +65,29 @@ func (c *Client) GetEACL(cnr cid.ID) (*eacl.Table, error) {
|
|||
return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
|
||||
}
|
||||
|
||||
table := eacl.NewTable()
|
||||
if err = table.Unmarshal(rawEACL); err != nil {
|
||||
// use other major version if there any
|
||||
var res container.EACL
|
||||
|
||||
res.Value = eacl.NewTable()
|
||||
if err = res.Value.Unmarshal(rawEACL); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(binToken) > 0 {
|
||||
var tok session.Container
|
||||
res.Session = new(session.Container)
|
||||
|
||||
err = tok.Unmarshal(binToken)
|
||||
err = res.Session.Unmarshal(binToken)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
||||
}
|
||||
|
||||
table.SetSessionToken(&tok)
|
||||
}
|
||||
|
||||
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature
|
||||
|
||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||
var sigV2 refs.Signature
|
||||
sigV2.SetKey(pub)
|
||||
sigV2.SetSign(sig)
|
||||
sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
|
||||
|
||||
var tableSignature neofscrypto.Signature
|
||||
tableSignature.ReadFromV2(sigV2)
|
||||
res.Signature.ReadFromV2(sigV2)
|
||||
|
||||
table.SetSignature(&tableSignature)
|
||||
|
||||
return table, nil
|
||||
return &res, nil
|
||||
}
|
||||
|
|
|
@ -4,8 +4,8 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
)
|
||||
|
||||
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
|
||||
|
@ -14,12 +14,12 @@ import (
|
|||
// Returns error if table is nil.
|
||||
//
|
||||
// If TryNotary is provided, calls notary contract.
|
||||
func PutEACL(c *Client, table *eacl.Table) error {
|
||||
if table == nil {
|
||||
func PutEACL(c *Client, eaclInfo containercore.EACL) error {
|
||||
if eaclInfo.Value == nil {
|
||||
return errNilArgument
|
||||
}
|
||||
|
||||
data, err := table.Marshal()
|
||||
data, err := eaclInfo.Value.Marshal()
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't marshal eacl table: %w", err)
|
||||
}
|
||||
|
@ -27,18 +27,16 @@ func PutEACL(c *Client, table *eacl.Table) error {
|
|||
var prm PutEACLPrm
|
||||
prm.SetTable(data)
|
||||
|
||||
if tok := table.SessionToken(); tok != nil {
|
||||
prm.SetToken(tok.Marshal())
|
||||
if eaclInfo.Session != nil {
|
||||
prm.SetToken(eaclInfo.Session.Marshal())
|
||||
}
|
||||
|
||||
if sig := table.Signature(); sig != nil {
|
||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||
var sigV2 refs.Signature
|
||||
sig.WriteToV2(&sigV2)
|
||||
eaclInfo.Signature.WriteToV2(&sigV2)
|
||||
|
||||
prm.SetKey(sigV2.GetKey())
|
||||
prm.SetSignature(sigV2.GetSign())
|
||||
}
|
||||
|
||||
return c.PutEACL(prm)
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
containerContract "github.com/nspcc-dev/neofs-contract/container"
|
||||
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
core "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||
|
@ -18,7 +19,7 @@ import (
|
|||
|
||||
type containerSource Client
|
||||
|
||||
func (x *containerSource) Get(cnr cid.ID) (*container.Container, error) {
|
||||
func (x *containerSource) Get(cnr cid.ID) (*containercore.Container, error) {
|
||||
return Get((*Client)(x), cnr)
|
||||
}
|
||||
|
||||
|
@ -29,7 +30,7 @@ func AsContainerSource(w *Client) core.Source {
|
|||
}
|
||||
|
||||
// Get marshals container ID, and passes it to Wrapper's Get method.
|
||||
func Get(c *Client, cnr cid.ID) (*container.Container, error) {
|
||||
func Get(c *Client, cnr cid.ID) (*containercore.Container, error) {
|
||||
binCnr := make([]byte, sha256.Size)
|
||||
cnr.Encode(binCnr)
|
||||
|
||||
|
@ -41,7 +42,7 @@ func Get(c *Client, cnr cid.ID) (*container.Container, error) {
|
|||
//
|
||||
// If an empty slice is returned for the requested identifier,
|
||||
// storage.ErrNotFound error is returned.
|
||||
func (c *Client) Get(cid []byte) (*container.Container, error) {
|
||||
func (c *Client) Get(cid []byte) (*containercore.Container, error) {
|
||||
prm := client.TestInvokePrm{}
|
||||
prm.SetMethod(getMethod)
|
||||
prm.SetArgs(cid)
|
||||
|
@ -87,25 +88,24 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
|
|||
return nil, fmt.Errorf("could not get byte array of session token (%s): %w", getMethod, err)
|
||||
}
|
||||
|
||||
cnr := container.New()
|
||||
if err := cnr.Unmarshal(cnrBytes); err != nil {
|
||||
var cnr containercore.Container
|
||||
|
||||
cnr.Value = container.New()
|
||||
if err := cnr.Value.Unmarshal(cnrBytes); err != nil {
|
||||
// use other major version if there any
|
||||
return nil, fmt.Errorf("can't unmarshal container: %w", err)
|
||||
}
|
||||
|
||||
if len(tokBytes) > 0 {
|
||||
var tok session.Container
|
||||
cnr.Session = new(session.Container)
|
||||
|
||||
err = tok.Unmarshal(tokBytes)
|
||||
err = cnr.Session.Unmarshal(tokBytes)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
||||
}
|
||||
|
||||
cnr.SetSessionToken(&tok)
|
||||
}
|
||||
|
||||
// FIXME(@cthulhu-rider): #1387 temp solution, later table structure won't have a signature
|
||||
|
||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||
var sigV2 refs.Signature
|
||||
sigV2.SetKey(pub)
|
||||
sigV2.SetSign(sigBytes)
|
||||
|
@ -114,7 +114,5 @@ func (c *Client) Get(cid []byte) (*container.Container, error) {
|
|||
var sig neofscrypto.Signature
|
||||
sig.ReadFromV2(sigV2)
|
||||
|
||||
cnr.SetSignature(&sig)
|
||||
|
||||
return cnr, nil
|
||||
return &cnr, nil
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
@ -14,35 +15,33 @@ import (
|
|||
// along with sig.Key() and sig.Sign().
|
||||
//
|
||||
// Returns error if container is nil.
|
||||
func Put(c *Client, cnr *container.Container) (*cid.ID, error) {
|
||||
if cnr == nil {
|
||||
func Put(c *Client, cnr containercore.Container) (*cid.ID, error) {
|
||||
if cnr.Value == nil {
|
||||
return nil, errNilArgument
|
||||
}
|
||||
|
||||
data, err := cnr.Marshal()
|
||||
data, err := cnr.Value.Marshal()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("can't marshal container: %w", err)
|
||||
}
|
||||
|
||||
name, zone := container.GetNativeNameWithZone(cnr)
|
||||
name, zone := container.GetNativeNameWithZone(cnr.Value)
|
||||
|
||||
var prm PutPrm
|
||||
prm.SetContainer(data)
|
||||
prm.SetName(name)
|
||||
prm.SetZone(zone)
|
||||
|
||||
if tok := cnr.SessionToken(); tok != nil {
|
||||
prm.SetToken(tok.Marshal())
|
||||
if cnr.Session != nil {
|
||||
prm.SetToken(cnr.Session.Marshal())
|
||||
}
|
||||
|
||||
if sig := cnr.Signature(); sig != nil {
|
||||
// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
|
||||
var sigV2 refs.Signature
|
||||
sig.WriteToV2(&sigV2)
|
||||
cnr.Signature.WriteToV2(&sigV2)
|
||||
|
||||
prm.SetKey(sigV2.GetKey())
|
||||
prm.SetSignature(sigV2.GetSign())
|
||||
}
|
||||
|
||||
err = c.Put(prm)
|
||||
if err != nil {
|
||||
|
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
|
||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
|
@ -38,11 +37,11 @@ type Reader interface {
|
|||
// Writer is an interface of container storage updater.
|
||||
type Writer interface {
|
||||
// Put stores specified container in the side chain.
|
||||
Put(*containerSDK.Container) (*cid.ID, error)
|
||||
Put(containercore.Container) (*cid.ID, error)
|
||||
// Delete removes specified container from the side chain.
|
||||
Delete(containercore.RemovalWitness) error
|
||||
// PutEACL updates extended ACL table of specified container in the side chain.
|
||||
PutEACL(*eaclSDK.Table) error
|
||||
PutEACL(containercore.EACL) error
|
||||
}
|
||||
|
||||
func NewExecutor(rdr Reader, wrt Writer) containerSvc.ServiceExecutor {
|
||||
|
@ -59,22 +58,19 @@ func (s *morphExecutor) Put(_ context.Context, tokV2 *sessionV2.Token, body *con
|
|||
return nil, errors.New("missing signature")
|
||||
}
|
||||
|
||||
cnr := containerSDK.NewContainerFromV2(body.GetContainer())
|
||||
cnr := containercore.Container{
|
||||
Value: containerSDK.NewContainerFromV2(body.GetContainer()),
|
||||
}
|
||||
|
||||
var sig neofscrypto.Signature
|
||||
sig.ReadFromV2(*sigV2)
|
||||
|
||||
cnr.SetSignature(&sig)
|
||||
cnr.Signature.ReadFromV2(*sigV2)
|
||||
|
||||
if tokV2 != nil {
|
||||
var tok session.Container
|
||||
cnr.Session = new(session.Container)
|
||||
|
||||
err := tok.ReadFromV2(*tokV2)
|
||||
err := cnr.Session.ReadFromV2(*tokV2)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||
}
|
||||
|
||||
cnr.SetSessionToken(&tok)
|
||||
}
|
||||
|
||||
idCnr, err := s.wrt.Put(cnr)
|
||||
|
@ -151,21 +147,19 @@ func (s *morphExecutor) Get(ctx context.Context, body *container.GetRequestBody)
|
|||
|
||||
var sigV2 *refs.Signature
|
||||
|
||||
if sig := cnr.Signature(); sig != nil {
|
||||
sigV2 = new(refs.Signature)
|
||||
sig.WriteToV2(sigV2)
|
||||
}
|
||||
cnr.Signature.WriteToV2(sigV2)
|
||||
|
||||
var tokV2 *sessionV2.Token
|
||||
|
||||
if tok := cnr.SessionToken(); tok != nil {
|
||||
if cnr.Session != nil {
|
||||
tokV2 = new(sessionV2.Token)
|
||||
|
||||
tok.WriteToV2(tokV2)
|
||||
cnr.Session.WriteToV2(tokV2)
|
||||
}
|
||||
|
||||
res := new(container.GetResponseBody)
|
||||
res.SetContainer(cnr.ToV2())
|
||||
res.SetContainer(cnr.Value.ToV2())
|
||||
res.SetSignature(sigV2)
|
||||
res.SetSessionToken(tokV2)
|
||||
|
||||
|
@ -208,25 +202,22 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok
|
|||
return nil, errors.New("missing signature")
|
||||
}
|
||||
|
||||
table := eaclSDK.NewTableFromV2(body.GetEACL())
|
||||
eaclInfo := containercore.EACL{
|
||||
Value: eaclSDK.NewTableFromV2(body.GetEACL()),
|
||||
}
|
||||
|
||||
var sig neofscrypto.Signature
|
||||
sig.ReadFromV2(*sigV2)
|
||||
|
||||
table.SetSignature(&sig)
|
||||
eaclInfo.Signature.ReadFromV2(*sigV2)
|
||||
|
||||
if tokV2 != nil {
|
||||
var tok session.Container
|
||||
eaclInfo.Session = new(session.Container)
|
||||
|
||||
err := tok.ReadFromV2(*tokV2)
|
||||
err := eaclInfo.Session.ReadFromV2(*tokV2)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||
}
|
||||
|
||||
table.SetSessionToken(&tok)
|
||||
}
|
||||
|
||||
err := s.wrt.PutEACL(table)
|
||||
err := s.wrt.PutEACL(eaclInfo)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -247,29 +238,25 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
|
|||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
||||
}
|
||||
|
||||
table, err := s.rdr.GetEACL(id)
|
||||
eaclInfo, err := s.rdr.GetEACL(id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var sigV2 *refs.Signature
|
||||
|
||||
if sig := table.Signature(); sig != nil {
|
||||
sigV2 = new(refs.Signature)
|
||||
sig.WriteToV2(sigV2)
|
||||
}
|
||||
var sigV2 refs.Signature
|
||||
eaclInfo.Signature.WriteToV2(&sigV2)
|
||||
|
||||
var tokV2 *sessionV2.Token
|
||||
|
||||
if tok := table.SessionToken(); tok != nil {
|
||||
if eaclInfo.Session != nil {
|
||||
tokV2 = new(sessionV2.Token)
|
||||
|
||||
tok.WriteToV2(tokV2)
|
||||
eaclInfo.Session.WriteToV2(tokV2)
|
||||
}
|
||||
|
||||
res := new(container.GetExtendedACLResponseBody)
|
||||
res.SetEACL(table.ToV2())
|
||||
res.SetSignature(sigV2)
|
||||
res.SetEACL(eaclInfo.Value.ToV2())
|
||||
res.SetSignature(&sigV2)
|
||||
res.SetSessionToken(tokV2)
|
||||
|
||||
return res, nil
|
||||
|
|
|
@ -10,10 +10,8 @@ import (
|
|||
containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
containerSvc "github.com/nspcc-dev/neofs-node/pkg/services/container"
|
||||
containerSvcMorph "github.com/nspcc-dev/neofs-node/pkg/services/container/morph"
|
||||
containerSDK "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
@ -22,7 +20,7 @@ type mock struct {
|
|||
containerSvcMorph.Reader
|
||||
}
|
||||
|
||||
func (m mock) Put(_ *containerSDK.Container) (*cid.ID, error) {
|
||||
func (m mock) Put(_ containerCore.Container) (*cid.ID, error) {
|
||||
return new(cid.ID), nil
|
||||
}
|
||||
|
||||
|
@ -30,7 +28,7 @@ func (m mock) Delete(_ containerCore.RemovalWitness) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (m mock) PutEACL(_ *eacl.Table) error {
|
||||
func (m mock) PutEACL(_ containerCore.EACL) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -148,7 +148,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
|||
|
||||
bearerTok := reqInfo.Bearer()
|
||||
if bearerTok == nil {
|
||||
pTable, err := c.eaclSrc.GetEACL(cnr)
|
||||
eaclInfo, err := c.eaclSrc.GetEACL(cnr)
|
||||
if err != nil {
|
||||
if errors.Is(err, container.ErrEACLNotFound) {
|
||||
return nil
|
||||
|
@ -156,7 +156,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
|||
return err
|
||||
}
|
||||
|
||||
table = *pTable
|
||||
table = *eaclInfo.Value
|
||||
} else {
|
||||
table = bearerTok.EACLTable()
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package acl
|
|||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
|
@ -14,7 +15,7 @@ import (
|
|||
|
||||
type emptyEACLSource struct{}
|
||||
|
||||
func (e emptyEACLSource) GetEACL(_ cid.ID) (*eaclSDK.Table, error) {
|
||||
func (e emptyEACLSource) GetEACL(_ cid.ID) (*container.EACL, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
package eacl
|
||||
|
||||
import (
|
||||
containercore "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||
)
|
||||
|
||||
// Source is the interface that wraps
|
||||
|
@ -15,5 +15,5 @@ type Source interface {
|
|||
//
|
||||
// Must return pkg/core/container.ErrEACLNotFound if requested
|
||||
// eACL table is not in source.
|
||||
GetEACL(cid.ID) (*eacl.Table, error)
|
||||
GetEACL(cid.ID) (*containercore.EACL, error)
|
||||
}
|
||||
|
|
|
@ -506,7 +506,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
|||
cnr, err := b.containers.Get(idCnr) // fetch actual container
|
||||
if err != nil {
|
||||
return info, err
|
||||
} else if cnr.OwnerID() == nil {
|
||||
} else if cnr.Value.OwnerID() == nil {
|
||||
return info, errors.New("missing owner in container descriptor")
|
||||
}
|
||||
|
||||
|
@ -526,7 +526,7 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
|||
}
|
||||
|
||||
// find request role and key
|
||||
res, err := b.c.classify(req, idCnr, cnr)
|
||||
res, err := b.c.classify(req, idCnr, cnr.Value)
|
||||
if err != nil {
|
||||
return info, err
|
||||
}
|
||||
|
@ -535,11 +535,11 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op eaclSDK.Ope
|
|||
return info, ErrUnknownRole
|
||||
}
|
||||
|
||||
info.basicACL = cnr.BasicACL()
|
||||
info.basicACL = cnr.Value.BasicACL()
|
||||
info.requestRole = res.role
|
||||
info.isInnerRing = res.isIR
|
||||
info.operation = op
|
||||
info.cnrOwner = *cnr.OwnerID()
|
||||
info.cnrOwner = *cnr.Value.OwnerID()
|
||||
info.idCnr = idCnr
|
||||
|
||||
// it is assumed that at the moment the key will be valid,
|
||||
|
|
|
@ -156,7 +156,7 @@ func (p *Streamer) preparePrm(prm *PutInitPrm) error {
|
|||
// add common options
|
||||
prm.traverseOpts = append(prm.traverseOpts,
|
||||
// set processing container
|
||||
placement.ForContainer(cnr),
|
||||
placement.ForContainer(cnr.Value),
|
||||
)
|
||||
|
||||
if id, ok := prm.hdr.ID(); ok {
|
||||
|
|
|
@ -147,7 +147,7 @@ func (g *TraverserGenerator) GenerateTraverser(idCnr cid.ID, idObj *oid.ID, epoc
|
|||
|
||||
traverseOpts = append(traverseOpts,
|
||||
// set processing container
|
||||
placement.ForContainer(cnr),
|
||||
placement.ForContainer(cnr.Value),
|
||||
|
||||
// set placement builder
|
||||
placement.UseBuilder(builder),
|
||||
|
|
|
@ -44,7 +44,7 @@ func (p *Policer) processObject(ctx context.Context, addr oid.Address) {
|
|||
return
|
||||
}
|
||||
|
||||
policy := cnr.PlacementPolicy()
|
||||
policy := cnr.Value.PlacementPolicy()
|
||||
if policy == nil {
|
||||
p.log.Error("missing placement policy in container",
|
||||
zap.Stringer("cid", idCnr),
|
||||
|
|
Loading…
Reference in a new issue