[#306] Remove flag to disable policy contract

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-02-19 11:45:18 +03:00
parent 8f89f275bd
commit 56b50f2075
7 changed files with 15 additions and 179 deletions

View file

@ -61,8 +61,6 @@ type (
GetBucketPolicy(ns string, cnrID cid.ID) ([]byte, error) GetBucketPolicy(ns string, cnrID cid.ID) ([]byte, error)
SaveACLChains(ns string, chains []*chain.Chain) error SaveACLChains(ns string, chains []*chain.Chain) error
} }
frostfsIDDisabled struct{}
) )
var _ api.Handler = (*handler)(nil) var _ api.Handler = (*handler)(nil)
@ -76,10 +74,8 @@ func New(log *zap.Logger, obj layer.Client, notificator Notificator, cfg Config,
return nil, errors.New("empty logger") return nil, errors.New("empty logger")
case storage == nil: case storage == nil:
return nil, errors.New("empty policy storage") return nil, errors.New("empty policy storage")
} case ffsid == nil:
return nil, errors.New("empty frostfsid")
if ffsid == nil {
ffsid = frostfsIDDisabled{}
} }
if !cfg.NotificatorEnabled() { if !cfg.NotificatorEnabled() {
@ -98,14 +94,6 @@ func New(log *zap.Logger, obj layer.Client, notificator Notificator, cfg Config,
}, nil }, nil
} }
func (f frostfsIDDisabled) GetUserAddress(_, _ string) (string, error) {
return "", errors.New("frostfsid disabled")
}
func (f frostfsIDDisabled) GetUserKey(account, name string) (string, error) {
return "", errors.New("frostfsid disabled")
}
// pickCopiesNumbers chooses the return values following this logic: // pickCopiesNumbers chooses the return values following this logic:
// 1) array of copies numbers sent in request's header has the highest priority. // 1) array of copies numbers sent in request's header has the highest priority.
// 2) array of copies numbers with corresponding location constraint provided in the config file. // 2) array of copies numbers with corresponding location constraint provided in the config file.

View file

@ -466,13 +466,7 @@ func (a *App) initFrostfsID(ctx context.Context) {
} }
func (a *App) initPolicyStorage(ctx context.Context) { func (a *App) initPolicyStorage(ctx context.Context) {
var ( policyContract, err := contract.New(ctx, contract.Config{
err error
policyContract policy.Contract
)
if a.cfg.GetBool(cfgPolicyEnabled) {
policyContract, err = contract.New(ctx, contract.Config{
RPCAddress: a.cfg.GetString(cfgRPCEndpoint), RPCAddress: a.cfg.GetString(cfgRPCEndpoint),
Contract: a.cfg.GetString(cfgPolicyContract), Contract: a.cfg.GetString(cfgPolicyContract),
ProxyContract: a.cfg.GetString(cfgProxyContract), ProxyContract: a.cfg.GetString(cfgProxyContract),
@ -481,9 +475,6 @@ func (a *App) initPolicyStorage(ctx context.Context) {
if err != nil { if err != nil {
a.log.Fatal(logs.InitPolicyContractFailed, zap.Error(err)) a.log.Fatal(logs.InitPolicyContractFailed, zap.Error(err))
} }
} else {
policyContract = contract.NewInMemoryContract()
}
a.policyStorage = policy.NewStorage(policy.StorageConfig{ a.policyStorage = policy.NewStorage(policy.StorageConfig{
Contract: policyContract, Contract: policyContract,
@ -960,16 +951,9 @@ func getMorphPolicyCacheConfig(v *viper.Viper, l *zap.Logger) *cache.Config {
} }
func (a *App) initHandler() { func (a *App) initHandler() {
var ( var err error
err error
ffsid handler.FrostFSID
)
if a.frostfsid != nil { a.api, err = handler.New(a.log, a.obj, a.nc, a.settings, a.policyStorage, a.frostfsid)
ffsid = a.frostfsid
}
a.api, err = handler.New(a.log, a.obj, a.nc, a.settings, a.policyStorage, ffsid)
if err != nil { if err != nil {
a.log.Fatal(logs.CouldNotInitializeAPIHandler, zap.Error(err)) a.log.Fatal(logs.CouldNotInitializeAPIHandler, zap.Error(err))
} }

View file

@ -217,7 +217,6 @@ const ( // Settings.
cfgFrostfsIDValidationEnabled = "frostfsid.validation.enabled" cfgFrostfsIDValidationEnabled = "frostfsid.validation.enabled"
// Policy. // Policy.
cfgPolicyEnabled = "policy.enabled"
cfgPolicyContract = "policy.contract" cfgPolicyContract = "policy.contract"
// Proxy. // Proxy.
@ -729,7 +728,6 @@ func newSettings() *viper.Viper {
// policy // policy
v.SetDefault(cfgPolicyContract, "policy.frostfs") v.SetDefault(cfgPolicyContract, "policy.frostfs")
v.SetDefault(cfgPolicyEnabled, true)
// proxy // proxy
v.SetDefault(cfgProxyContract, "proxy.frostfs") v.SetDefault(cfgProxyContract, "proxy.frostfs")

View file

@ -205,8 +205,6 @@ S3_GW_FROSTFSID_CONTRACT=frostfsid.frostfs
S3_GW_FROSTFSID_VALIDATION_ENABLED=true S3_GW_FROSTFSID_VALIDATION_ENABLED=true
# Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. # Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
# Enables using policies from Policy contract.
S3_GW_POLICY_ENABLED=true
# Policy contract hash (LE) or name in NNS. # Policy contract hash (LE) or name in NNS.
S3_GW_POLICY_CONTRACT=policy.frostfs S3_GW_POLICY_CONTRACT=policy.frostfs

View file

@ -243,8 +243,6 @@ frostfsid:
# Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. # Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set.
policy: policy:
# Enables using policies from Policy contract.
enabled: true
# Policy contract hash (LE) or name in NNS. # Policy contract hash (LE) or name in NNS.
contract: policy.frostfs contract: policy.frostfs

View file

@ -675,13 +675,11 @@ Policy contract configuration. To enable this functionality the `rpc_endpoint` p
```yaml ```yaml
policy: policy:
enabled: false
contract: policy.frostfs contract: policy.frostfs
``` ```
| Parameter | Type | SIGHUP reload | Default value | Description | | Parameter | Type | SIGHUP reload | Default value | Description |
|------------|----------|---------------|----------------|-------------------------------------------------------------------| |------------|----------|---------------|----------------|-------------------------------------------|
| `enabled` | `bool` | no | true | Enables using policies from Policy contract to check permissions. |
| `contract` | `string` | no | policy.frostfs | Policy contract hash (LE) or name in NNS. | | `contract` | `string` | no | policy.frostfs | Policy contract hash (LE) or name in NNS. |
# `proxy` section # `proxy` section

View file

@ -1,128 +0,0 @@
package contract
import (
"errors"
"strings"
"sync"
policycontract "git.frostfs.info/TrueCloudLab/frostfs-contract/policy"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/policy"
"github.com/nspcc-dev/neo-go/pkg/util"
)
type InMemoryContract struct {
iamChains *syncedMap
containerChains *syncedMap
namespaceChains *syncedMap
}
type syncedMap struct {
mu sync.RWMutex
data map[string][]byte
}
var _ policy.Contract = (*InMemoryContract)(nil)
var ErrChainNotFound = errors.New("chain not found")
// NewInMemoryContract creates new inmemory Policy contract wrapper.
func NewInMemoryContract() *InMemoryContract {
return &InMemoryContract{
iamChains: &syncedMap{data: map[string][]byte{}},
containerChains: &syncedMap{data: map[string][]byte{}},
namespaceChains: &syncedMap{data: map[string][]byte{}},
}
}
func (c *InMemoryContract) AddChain(kind policycontract.Kind, entity string, name []byte, chain []byte) (util.Uint256, uint32, error) {
syncMap := c.getMap(kind)
syncMap.mu.Lock()
syncMap.data[entity+string(name)] = chain
syncMap.mu.Unlock()
return util.Uint256{}, 0, nil
}
func (c *InMemoryContract) GetChain(kind policycontract.Kind, entity string, name []byte) ([]byte, error) {
syncMap := c.getMap(kind)
syncMap.mu.RLock()
defer syncMap.mu.RUnlock()
val, ok := syncMap.data[entity+string(name)]
if !ok {
return nil, ErrChainNotFound
}
return val, nil
}
func (c *InMemoryContract) RemoveChain(kind policycontract.Kind, entity string, name []byte) (util.Uint256, uint32, error) {
syncMap := c.getMap(kind)
syncMap.mu.Lock()
delete(syncMap.data, entity+string(name))
syncMap.mu.Unlock()
return util.Uint256{}, 0, nil
}
func (c *InMemoryContract) ListChains(kind policycontract.Kind, entity string, name []byte) ([][]byte, error) {
syncMap := c.getMap(kind)
syncMap.mu.RLock()
defer syncMap.mu.RUnlock()
var res [][]byte
for key, val := range syncMap.data {
if strings.HasPrefix(key, entity+string(name)) {
res = append(res, val)
}
}
return res, nil
}
func (c *InMemoryContract) Wait(_ util.Uint256, _ uint32, err error) error {
return err
}
func (c *InMemoryContract) StartTx() policy.MultiTransaction {
return &inMemoryTx{operations: make([]func(*InMemoryContract), 0)}
}
func (c *InMemoryContract) SendTx(tx policy.MultiTransaction) error {
for _, operation := range tx.(*inMemoryTx).operations {
operation(c)
}
return nil
}
func (c *InMemoryContract) getMap(kind policycontract.Kind) *syncedMap {
switch kind {
case policycontract.IAM:
return c.iamChains
case policycontract.Container:
return c.containerChains
case policycontract.Namespace:
return c.namespaceChains
default:
return &syncedMap{data: map[string][]byte{}}
}
}
type inMemoryTx struct {
operations []func(contract *InMemoryContract)
}
func (t *inMemoryTx) AddChain(kind policycontract.Kind, entity string, name []byte, chain []byte) {
t.operations = append(t.operations, func(c *InMemoryContract) {
_, _, _ = c.AddChain(kind, entity, name, chain)
})
}
func (t *inMemoryTx) RemoveChain(kind policycontract.Kind, entity string, name []byte) {
t.operations = append(t.operations, func(c *InMemoryContract) {
_, _, _ = c.RemoveChain(kind, entity, name)
})
}
func (t *inMemoryTx) Scripts() ([][]byte, error) {
return nil, nil
}