Alex Vanin
f0537b35c1
[ #190 ] Add isOwnerFromKey helper function in ACL
...
This function takes public key and returns true if
owner id was produced by this key.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-19 19:07:16 +03:00
Alex Vanin
cf85fa9fab
[ #180 ] Return isInnerRing flag in request classifier
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-19 15:17:18 +03:00
Alex Vanin
6f841e319d
[ #180 ] Make separate basic ACL check for inner ring requests
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-19 15:17:18 +03:00
Alex Vanin
e8fe07edd0
[ #184 ] Use SDK client cache in object.Rangehash
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-18 18:18:07 +03:00
Alex Vanin
f85e88c4f8
[ #184 ] Use SDK client cache in object.Range
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-18 18:18:07 +03:00
Alex Vanin
d485a5967d
[ #184 ] Use SDK client cache in object.Search
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-18 18:18:07 +03:00
Alex Vanin
7ba95dd5fc
[ #184 ] Use SDK client cache in object.Put
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-18 18:18:07 +03:00
Alex Vanin
e9a6365333
[ #184 ] Use SDK client cache in object.Head
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-18 18:18:07 +03:00
Leonard Lyubich
1caf15463e
[ #174 ] Update to neofs-api-go v1.20.0
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-17 11:56:00 +03:00
Leonard Lyubich
3de8febe57
[ #174 ] Update to latest neofs-api-go changes
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-17 11:56:00 +03:00
Alex Vanin
32219bb294
[ #160 ] Remove query match function
...
This function duplicates query processing that
is done in meta-storage now.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-16 10:02:12 +03:00
Leonard Lyubich
3c42f5b452
[ #161 ] object/head: Inherit common parameters in HeadRelation
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-09 17:19:34 +03:00
Leonard Lyubich
d38633e047
[ #161 ] object/delete: Add address from request body to tombstone content
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-09 15:53:58 +03:00
Leonard Lyubich
5ad013c10b
[ #149 ] object/search: Return fixed error if relation not found
...
Define ErrRelationNotFound error in searchsvc package. Return
ErrRelationNotFound from RelationSearcher.SearchRelation method if search
result is empty.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-06 14:01:01 +03:00
Alex Vanin
65be09d3db
[ #155 ] Update neofs-api-go with refactored pkg/netmap
...
Refactored pkg/netmap package provides JSON converters for
NodeInfo and PlacementPolicy structures, that has been used
by client applications.
It also updates Node structure itself so it is a part of
grpc <-> v2 <-> pkg conversion chain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-11-06 09:55:05 +03:00
Leonard Lyubich
c0aa892161
[ #136 ] localstorage: Make local storage to use new metabase
...
Replace meta Bucket with meta.DB instance in local storage implementation.
Adopt all dependent components to new local storage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-11-03 18:42:32 +03:00
Leonard Lyubich
b48a4ede02
[ #125 ] services/eacl: Use latest object header keys
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-29 19:25:54 +03:00
Leonard Lyubich
8d931b81a6
[ #125 ] object/search: Use latest search filter keys
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-29 19:25:54 +03:00
Leonard Lyubich
f34ad9e730
[ #125 ] services/eacl: Fix undefined method usage
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-29 19:25:54 +03:00
Leonard Lyubich
53efa18e14
[ #109 ] object/put: Implement remote object sender
...
Define RemoteSender structure with PutObject method that puts object to a
remote node locally.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-23 15:23:22 +03:00
Leonard Lyubich
968033deed
[ #40 ] object/put: Assign zero return of MaxObjectSize invalid
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-23 14:03:25 +03:00
Leonard Lyubich
0341773318
[ #83 ] services: Implement response sub-service for each service
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-23 10:54:48 +03:00
Leonard Lyubich
71a06f9e01
[ #83 ] services/util: Define type of response message interface
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-23 10:54:48 +03:00
Alex Vanin
7464254680
[ #106 ] Put simplest bearer token check first
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 18:02:11 +03:00
Alex Vanin
23ec33e821
[ #106 ] Check bearer token lifetime
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 18:02:11 +03:00
Alex Vanin
bb455af05f
[ #106 ] Ignore bearer token if basic ACL restrict it
...
There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 18:02:11 +03:00
Alex Vanin
89cd2ad463
[ #106 ] Process bearer token in ACL service
...
If bearer token is presented in the request then check
if it is a valid one and then use it to process extended
ACL checks.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 18:02:11 +03:00
Alex Vanin
094248690b
[ #115 ] Make ACL classifier errors transparent for client
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 11:55:28 +03:00
Alex Vanin
ca552f53c6
[ #115 ] Check session token validity
...
Malicious user can stole public session key and use
it by sending request from it's own scope. To prevent
this each session token is signed and signature private
key must be corresponded with owner id in token. Therefore
malicious node cannot impersonate request without private
key to sign token.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-22 11:55:28 +03:00
Leonard Lyubich
16a5107ef1
[ #60 ] object/put: Provide network State interface to formatter
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-22 11:54:08 +03:00
Leonard Lyubich
4a56f82571
[ #60 ] object/transformer: Group parameters of NewFormatTarget func
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-22 11:54:08 +03:00
Leonard Lyubich
2541ed4b8f
[ #88 ] object/eacl: Use String() methods to calculate ID values
...
Replace hex encoding of IDs with String() call (base58) in eACL processing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-21 18:53:04 +03:00
Leonard Lyubich
5318abcf38
[ #88 ] object/search: Use String() methods to calculate ID values
...
Replace hex encoding of IDs with String() call (base58) in search query
processing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-21 18:53:04 +03:00
Leonard Lyubich
5017ff0e4a
[ #108 ] object/head: Export remote header retrieval utility
...
Export remote head functionality in headsvc package. Refactor head service
to use RemoteHeader.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-21 14:42:51 +03:00
Leonard Lyubich
5ad0df7794
[ #108 ] object/head: Return 404 error if header was not found
...
Define ErrNotFound error in headsvc package. Return ErrNotFound from Head
method if the header was not found in the container.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-21 14:42:51 +03:00
Alex Vanin
ae0dd9e051
[ #106 ] Pass bearer token through generated requests
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-20 18:05:29 +03:00
Alex Vanin
719075ca97
[ #99 ] Fix no-root search matcher
...
Wrong boolean operation order made matcher return false
on `non-root` search query with non-regular objects. Instead
it should return true for `non-root` query and false for `root`
query.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-16 13:45:35 +03:00
Alex Vanin
1332a6d3a8
[ #92 ] Provide session token to all produced requests
...
If object service produces new request, the should contain
session token. This is the only way for node to grant access
for a private container.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-15 10:20:10 +03:00
Alex Vanin
0e7e0bd2d6
[ #84 ] Remove mocks and debug code from neofs-node services
...
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-09 09:15:18 +03:00
Alex Vanin
cd34145969
[ #73 ] Use request owner public key in eACL check
...
Classifier fetches public key of the request owner
and owner itself. Extended ACL check should rely on
this public key, because it might be extracted from
session token.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-05 18:02:37 +03:00
Alex Vanin
7a2654719e
[ #71 ] Return only regular objects in root object search
...
Root search applies for user objects, so it should not
return tombstones and storage groups.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-05 14:03:55 +03:00
Alex Vanin
11262bed4a
[ #71 ] Broadcast tombstone to container
...
With one tombstone for split objects we can't simply
place it in container. We should inform all nodes that
store split objects of removed original object.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-10-05 14:03:55 +03:00
Leonard Lyubich
9cdf7d3896
[ #69 ] object/acl: Check eACL rules in ACL service
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
1d676fcfb2
[ #69 ] object/acl: Add eACL components to service
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
a7782cf1f9
[ #69 ] object/acl: Extended requestInfo structure
...
Add container identifier field. Add send public key field.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
6c3c872ee4
[ #69 ] object/acl: Define access denied error
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
0f52444ae9
[ #69 ] object/acl: Change basic ACL type in requestInfo
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
30e6912c7b
[ #69 ] object/acl: Construct service from options
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
e5898c9ca8
[ #69 ] object/acl: Rename BasicChecker to Service
...
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 14:02:14 +03:00
Leonard Lyubich
798fca9354
[ #70 ] core/object: Process a delete group at tombstone
...
Send object group to delete queue processor after tombstone content
validation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2020-10-05 09:36:29 +03:00