[#544] Upgrade NeoFS SDK Go with another approach of container sessions

After recent changes in NeoFS SDK Go library session tokens aren't
embedded into `container.Container` and `eacl.Table` structures.
Instead, the operations of storing given values in NeoFS are
parameterized by elements of the corresponding type.

Add dedicated session parameters to operations of bucket and eACL
setting.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-06-21 18:21:20 +03:00 committed by Alex Vanin
parent 8a1fc8ae3f
commit 028a152e04
10 changed files with 47 additions and 45 deletions

View file

@ -236,11 +236,10 @@ func (h *handler) updateBucketACL(r *http.Request, astChild *ast, bktInfo *data.
return false, fmt.Errorf("could not translate ast to table: %w", err) return false, fmt.Errorf("could not translate ast to table: %w", err)
} }
table.SetSessionToken(sessionToken)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: table, EACL: table,
SessionToken: sessionToken,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {

View file

@ -147,11 +147,11 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not get new eacl table", reqInfo, err) h.logAndSendError(w, "could not get new eacl table", reqInfo, err)
return return
} }
newEaclTable.SetSessionToken(sessionTokenEACL)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: dstBktInfo, BktInfo: dstBktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {

View file

@ -250,7 +250,6 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not get new eacl table", reqInfo, err) h.logAndSendError(w, "could not get new eacl table", reqInfo, err)
return return
} }
newEaclTable.SetSessionToken(sessionTokenEACL)
} }
if tagSet != nil { if tagSet != nil {
@ -264,6 +263,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {
@ -382,11 +382,10 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
} }
if newEaclTable != nil { if newEaclTable != nil {
newEaclTable.SetSessionToken(sessionTokenEACL)
p := &layer.PutBucketACLParams{ p := &layer.PutBucketACLParams{
BktInfo: bktInfo, BktInfo: bktInfo,
EACL: newEaclTable, EACL: newEaclTable,
SessionToken: sessionTokenEACL,
} }
if err = h.obj.PutBucketACL(r.Context(), p); err != nil { if err = h.obj.PutBucketACL(r.Context(), p); err != nil {
@ -609,16 +608,16 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
boxData, err := layer.GetBoxData(r.Context()) boxData, err := layer.GetBoxData(r.Context())
if err == nil { if err == nil {
policies = boxData.Policies policies = boxData.Policies
p.SessionToken = boxData.Gate.SessionTokenForPut() p.SessionContainerCreation = boxData.Gate.SessionTokenForPut()
p.EACL.SetSessionToken(boxData.Gate.SessionTokenForSetEACL()) p.SessionEACL = boxData.Gate.SessionTokenForSetEACL()
} }
if p.SessionToken == nil { if p.SessionContainerCreation == nil {
h.logAndSendError(w, "couldn't find session token for put", reqInfo, errors.GetAPIError(errors.ErrAccessDenied)) h.logAndSendError(w, "couldn't find session token for put", reqInfo, errors.GetAPIError(errors.ErrAccessDenied))
return return
} }
if p.EACL.SessionToken() == nil { if p.SessionEACL == nil {
h.logAndSendError(w, "couldn't find session token for setEACL", reqInfo, errors.GetAPIError(errors.ErrAccessDenied)) h.logAndSendError(w, "couldn't find session token for setEACL", reqInfo, errors.GetAPIError(errors.ErrAccessDenied))
return return
} }

View file

@ -147,7 +147,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
Creator: bktInfo.Owner, Creator: bktInfo.Owner,
Policy: p.Policy, Policy: p.Policy,
Name: p.Name, Name: p.Name,
SessionToken: p.SessionToken, SessionToken: p.SessionContainerCreation,
AdditionalAttributes: attributes, AdditionalAttributes: attributes,
}) })
if err != nil { if err != nil {
@ -156,7 +156,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
bktInfo.CID = *idCnr bktInfo.CID = *idCnr
if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL); err != nil { if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL, p.SessionEACL); err != nil {
return nil, err return nil, err
} }
@ -170,15 +170,10 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
return bktInfo, nil return bktInfo, nil
} }
func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table) error { func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table, sessionToken *session.Container) error {
table.SetCID(idCnr) table.SetCID(idCnr)
boxData, err := GetBoxData(ctx) return n.neoFS.SetContainerEACL(ctx, *table, sessionToken)
if err == nil {
table.SetSessionToken(boxData.Gate.SessionTokenForSetEACL())
}
return n.neoFS.SetContainerEACL(ctx, *table)
} }
func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) { func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) {

View file

@ -138,7 +138,8 @@ type (
Name string Name string
Policy netmap.PlacementPolicy Policy netmap.PlacementPolicy
EACL *eacl.Table EACL *eacl.Table
SessionToken *session.Container SessionContainerCreation *session.Container
SessionEACL *session.Container
LocationConstraint string LocationConstraint string
ObjectLockEnabled bool ObjectLockEnabled bool
} }
@ -146,6 +147,7 @@ type (
PutBucketACLParams struct { PutBucketACLParams struct {
BktInfo *data.BucketInfo BktInfo *data.BucketInfo
EACL *eacl.Table EACL *eacl.Table
SessionToken *session.Container
} }
// DeleteBucketParams stores delete bucket request parameters. // DeleteBucketParams stores delete bucket request parameters.
DeleteBucketParams struct { DeleteBucketParams struct {
@ -368,7 +370,7 @@ func (n *layer) GetBucketACL(ctx context.Context, bktInfo *data.BucketInfo) (*Bu
// PutBucketACL puts bucket acl by name. // PutBucketACL puts bucket acl by name.
func (n *layer) PutBucketACL(ctx context.Context, param *PutBucketACLParams) error { func (n *layer) PutBucketACL(ctx context.Context, param *PutBucketACLParams) error {
return n.setContainerEACLTable(ctx, param.BktInfo.CID, param.EACL) return n.setContainerEACLTable(ctx, param.BktInfo.CID, param.EACL, param.SessionToken)
} }
// ListBuckets returns all user containers. The name of the bucket is a container // ListBuckets returns all user containers. The name of the bucket is a container
@ -630,7 +632,7 @@ func (n *layer) CreateBucket(ctx context.Context, p *CreateBucketParams) (*data.
return nil, err return nil, err
} }
if p.SessionToken != nil && session.IssuedBy(*p.SessionToken, bktInfo.Owner) { if p.SessionContainerCreation != nil && session.IssuedBy(*p.SessionContainerCreation, bktInfo.Owner) {
return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou) return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou)
} }

View file

@ -162,10 +162,11 @@ type NeoFS interface {
// prevented the containers from being listed. // prevented the containers from being listed.
UserContainers(context.Context, user.ID) ([]cid.ID, error) UserContainers(context.Context, user.ID) ([]cid.ID, error)
// SetContainerEACL saves the eACL table of the container in NeoFS. // SetContainerEACL saves the eACL table of the container in NeoFS. The
// extended ACL is modified within session if session token is not nil.
// //
// It returns any error encountered which prevented the eACL from being saved. // It returns any error encountered which prevented the eACL from being saved.
SetContainerEACL(context.Context, eacl.Table) error SetContainerEACL(context.Context, eacl.Table, *session.Container) error
// ContainerEACL reads the container eACL from NeoFS by the container ID. // ContainerEACL reads the container eACL from NeoFS by the container ID.
// //

View file

@ -82,7 +82,6 @@ func (t *TestNeoFS) CreateContainer(_ context.Context, prm PrmContainerCreate) (
} }
cnr := container.New(opts...) cnr := container.New(opts...)
cnr.SetSessionToken(prm.SessionToken)
if prm.Name != "" { if prm.Name != "" {
container.SetNativeName(cnr, prm.Name) container.SetNativeName(cnr, prm.Name)

2
go.mod
View file

@ -10,7 +10,7 @@ require (
github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d
github.com/nspcc-dev/neo-go v0.98.2 github.com/nspcc-dev/neo-go v0.98.2
github.com/nspcc-dev/neofs-api-go/v2 v2.12.2 github.com/nspcc-dev/neofs-api-go/v2 v2.12.2
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599
github.com/prometheus/client_golang v1.11.0 github.com/prometheus/client_golang v1.11.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.7.1 github.com/spf13/viper v1.7.1

4
go.sum
View file

@ -306,8 +306,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721 h1:5Al3dddr0SG3ONhfglTyc2GSnQS0vMmygCD00vLo/jU= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599 h1:EkwWrbzImpqtNJa8IZIsfk/EqbmPwpd0DfdenrJLSbc=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220616082321-e986f4780721/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.4.0.20220621170307-721df386c599/go.mod h1:k58jgszGX3pws2yiOXu9m0i32BzRgi1T6Bpd/L1KrJU=
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=

View file

@ -137,7 +137,6 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat
} }
cnr := container.New(cnrOptions...) cnr := container.New(cnrOptions...)
cnr.SetSessionToken(prm.SessionToken)
if prm.Name != "" { if prm.Name != "" {
container.SetNativeName(cnr, prm.Name) container.SetNativeName(cnr, prm.Name)
@ -147,6 +146,10 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat
prmPut.SetContainer(*cnr) prmPut.SetContainer(*cnr)
prmPut.SetWaitParams(x.await) prmPut.SetWaitParams(x.await)
if prm.SessionToken != nil {
prmPut.WithinSession(*prm.SessionToken)
}
// send request to save the container // send request to save the container
idCnr, err := x.pool.PutContainer(ctx, prmPut) idCnr, err := x.pool.PutContainer(ctx, prmPut)
if err != nil { if err != nil {
@ -170,11 +173,15 @@ func (x *NeoFS) UserContainers(ctx context.Context, id user.ID) ([]cid.ID, error
} }
// SetContainerEACL implements neofs.NeoFS interface method. // SetContainerEACL implements neofs.NeoFS interface method.
func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table) error { func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table, sessionToken *session.Container) error {
var prm pool.PrmContainerSetEACL var prm pool.PrmContainerSetEACL
prm.SetTable(table) prm.SetTable(table)
prm.SetWaitParams(x.await) prm.SetWaitParams(x.await)
if sessionToken != nil {
prm.WithinSession(*sessionToken)
}
err := x.pool.SetEACL(ctx, prm) err := x.pool.SetEACL(ctx, prm)
if err != nil { if err != nil {
return fmt.Errorf("save eACL via connection pool: %w", err) return fmt.Errorf("save eACL via connection pool: %w", err)