Commit graph

26 commits

Author SHA1 Message Date
20de74a505 Rename package name
Due to source code relocation from GitHub.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-03-07 16:38:26 +03:00
Pavel Karpy
923f84722a Move to frostfs-node
Signed-off-by: Pavel Karpy <p.karpy@yadro.com>
2022-12-28 15:04:29 +03:00
Leonard Lyubich
c165d1a9b5 [#1556] Upgrade NeoFS SDK Go with changed container API
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-07-05 11:26:06 +03:00
Leonard Lyubich
305dd7598f [#1533] acl: Upgrade NeoFS SDK Go with refactored basic ACL
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-25 13:57:21 +03:00
Leonard Lyubich
b67974a8d3 [#xxx] Upgrade NeoFS SDK Go with changed container sessions
After recent changes in NeoFS SDK Go library session tokens aren't
embedded into `container.Container` and `eacl.Table` structures.

Group value, session token and signature in a structure for container
and eACL.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-22 16:38:57 +03:00
Leonard Lyubich
0937513c14 [#1485] ir/container: Accept eACL only if extension is allowed
In order to extend container ACL `F` bit must be set in basic ACL.

Make `Container` contract processor to deny eACL tables bound to
non-extendable containers.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-07 16:34:15 +03:00
Leonard Lyubich
1c30414a6c [#1454] Upgrade NeoFS SDK Go module with new IDs
Core changes:
 * avoid package-colliding variable naming
 * avoid using pointers to IDs where unnecessary
 * avoid using `idSDK` import alias pattern
 * use `EncodeToString` for protocol string calculation and `String` for
  printing

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-06-01 17:41:45 +03:00
Leonard Lyubich
4c8ec20e32 [#1423] session: Upgrade SDK package
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-05-27 15:45:33 +03:00
Leonard Lyubich
f15e6e888f [#1377] oid, cid: Upgrade SDK package
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-05-16 15:33:22 +03:00
Elizaveta Chichindaeva
cc7a723d77 [#1320] English Check
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
2022-05-11 10:40:02 +03:00
Evgenii Stratonikov
c34cfa1f35 [#625] client/container: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Leonard Lyubich
20b3ff84b3 [#1110] ir/container: Fix check of SetEACL operation
In previous implementation IR incorrectly verified `SetEACL` event of
`Container` contract. The incorrect behavior could be reproduced in two
ways:
  1. Create container using session, and perform `SetEACL` operation
  with a key that is different from the session one.
  2. Create container using session, and perform `SetEACL` w/o a
  session, but sign it using session key from the `Put` operation.

The problem was in the `checkSetEACL` validation method of IR container
processor. It always used session token used for container creation
during session ownership check.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-01-27 16:37:24 +03:00
Pavel Karpy
dbf3a2f2fb [#971] *: Add optional parameters to container morph client calls
Adapt all container wrapper calls to new
structures.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Evgenii Stratonikov
95893927aa *: replace neofs-api-go with neofs-sdk-go
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-11-12 17:29:09 +03:00
Pavel Karpy
539da27ccb [#807] morph/event/container: Add setEACL notary support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Leonard Lyubich
23c5277014 [#525] ir/container: Check session verb and container ID
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers

Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
b73c0c67a2 [#525] ir/container: Fix checks without session token
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
ead4513feb [#525] ir/container: Verify operations with session token
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:

 - token owner should be the owner of the related container;
 - the intent must be signed with a session key;
 - the power of attorney must be signed by the owner of the container.

Omitted checks (TBD):

 - session token should have container session context;
 - the verb of the context should correspond to the operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 17:07:20 +03:00
Leonard Lyubich
4ef369732a [#525] ir/container: Write session token on eACL table approval
Approved eACL table should be stored in sidechain along with related session
token.

Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
959610080a [#525] morph/container: Accept container session token in PutEACL
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.

Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
62281b91f4 [#505] morph/container: Rename PutEACLBinary to PutEACl in wrapper
There is no need to concretize the type of arguments in the method name.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
83c27f6e8a [#505] morph/container: Change get container API
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.

Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
5287c194e5 [#505] ir/container: Replace key ownership check into a separate method
Method of key ownership verification is going to be reused by the handlers
of the other events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
372cba1fca [#505] ir/container: Check key ownership during set eACL handling
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
b0271aa478 [#505] ir/container: Verify signature of binary eACL tables
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
87d83174d9 [#505] ir/container: Implement simplified handling of SetEACL event
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00