[#XX] Support updating and removing policies

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2023-11-02 15:23:18 +03:00
parent 27e837f551
commit f8c6b89204
11 changed files with 1875 additions and 115 deletions

View file

@ -151,13 +151,16 @@ clean:
# Generate code from .proto files
protoc:
# Install specific version for protobuf lib
@GOBIN=$(abspath $(BINDIR)) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/protogen
@for f in `find . -type f -name '*.proto' -not -path './vendor/*'`; do \
echo "⇒ Processing $$f "; \
protoc \
--go_out=paths=source_relative:. \
--plugin=protoc-gen-go-frostfs=$(BIN)/protogen \
--go-grpc_opt=require_unimplemented_servers=false \
--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
--plugin=protoc-gen-go-frostfs=$(BINDIR)/protogen \
--go-frostfs_out=. --go-frostfs_opt=paths=source_relative \
--go-grpc_opt=require_unimplemented_servers=false \
--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
done
rm -rf vendor

View file

@ -2,7 +2,6 @@ package middleware
import (
"crypto/elliptic"
"encoding/hex"
stderrors "errors"
"fmt"
"net/http"
@ -152,7 +151,12 @@ func PolicyCheck(storage engine.CachedChainStorage, log *zap.Logger) Func {
return func(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
req := getPolicyRequest(r)
req, err := getPolicyRequest(r)
if err != nil {
reqLogOrDefault(ctx, log).Error(logs.PolicyValidationFailed, zap.Error(err))
WriteErrorResponse(w, GetReqInfo(ctx), err)
return
}
st, _ := storage.IsAllowed(engine.Ingress, "root", req)
if st != engine.Allow && st != engine.NoRuleFound {
@ -168,25 +172,29 @@ func PolicyCheck(storage engine.CachedChainStorage, log *zap.Logger) Func {
}
// todo consider update bucket, object and api in request info
func getPolicyRequest(r *http.Request) *policyRequest {
var requestOwnerKey []byte
func getPolicyRequest(r *http.Request) (*policyRequest, error) {
var owner string
ctx := r.Context()
bd, err := GetBoxData(ctx)
if err == nil && bd.Gate.BearerToken != nil {
requestOwnerKey = bd.Gate.BearerToken.SigningKeyBytes()
pk, err := keys.NewPublicKeyFromBytes(bd.Gate.BearerToken.SigningKeyBytes(), elliptic.P256())
if err != nil {
return nil, fmt.Errorf("parse pubclic key from btoken: %w", err)
}
owner = pk.Address()
}
op, res := determineOperationAndResource(r)
return &policyRequest{
properties: map[string]string{
engineiam.RequestOwnerProperty: hex.EncodeToString(requestOwnerKey),
engineiam.RequestOwnerProperty: "AIDA" + owner,
},
operation: "s3:" + op,
resource: &policyResource{
name: "arn:aws:s3:::" + res,
},
}
}, nil
}
type ReqType int

View file

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.30.0
// protoc-gen-go v1.26.0
// protoc v3.21.9
// source: creds/accessbox/accessbox.proto

2
go.mod
View file

@ -7,7 +7,7 @@ require (
git.frostfs.info/TrueCloudLab/frostfs-contract v0.18.1-0.20231004065251-4194633db7bb
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230821090303-202412230a05
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231023124434-31a308ea61fb
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231102115548-63ecf63a089b
github.com/aws/aws-sdk-go v1.44.6
github.com/bluele/gcache v0.0.2
github.com/go-chi/chi/v5 v5.0.8

6
go.sum
View file

@ -397,8 +397,10 @@ git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230821090303-202412230a05
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230821090303-202412230a05/go.mod h1:t1akKcUH7iBrFHX8rSXScYMP17k2kYQXMbZooiL5Juw=
git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231023124434-31a308ea61fb h1:yMAz3bHUoy0lpzVd8qqJaVjb1ytjUjG8ePgaLOUUt3Q=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231023124434-31a308ea61fb/go.mod h1:qf3B9hSz6gCMfcfvqkhTu5ak+Gx2R+wo4Hc87LnKxPg=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231102092444-c3bbe0263f37 h1:7K5RQTFoI8pBiCuOULgEOyQR0XU0bDHGv4UzCo3yBmQ=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231102092444-c3bbe0263f37/go.mod h1:qf3B9hSz6gCMfcfvqkhTu5ak+Gx2R+wo4Hc87LnKxPg=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231102115548-63ecf63a089b h1:gN2o/LsolQr8mgT1GJfCKoiNlC6jimaCLyvrAkCR3hg=
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231102115548-63ecf63a089b/go.mod h1:qf3B9hSz6gCMfcfvqkhTu5ak+Gx2R+wo4Hc87LnKxPg=
git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA=
git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc=
git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA=

View file

@ -32,22 +32,19 @@ func New(ctx context.Context, addr string, key *keys.PrivateKey) (*Client, error
svc := control.NewControlServiceClient(conn)
// todo consider add invoking healthcheck
// c.Healthcheck(ctx)
return &Client{
cli := &Client{
svc: svc,
key: key,
}, nil
}
return cli, cli.Healthcheck(ctx)
}
func (c *Client) Healthcheck(ctx context.Context) error {
req := &control.HealthCheckRequest{}
sig, err := controlSvc.SignMessage(&c.key.PrivateKey, req.Body)
if err != nil {
if err := controlSvc.SignMessage(&c.key.PrivateKey, req); err != nil {
return err
}
req.Signature = sig
res, err := c.svc.HealthCheck(ctx, req)
if err != nil {
@ -61,7 +58,7 @@ func (c *Client) Healthcheck(ctx context.Context) error {
return nil
}
func (c *Client) AddPolicyIAM(ctx context.Context, policy string) error {
func (c *Client) AddPolicyIAM(ctx context.Context, namespace string, chainID policyengine.ChainID, policy string) error {
var p engineiam.Policy
if err := json.Unmarshal([]byte(policy), &p); err != nil {
return err
@ -71,21 +68,55 @@ func (c *Client) AddPolicyIAM(ctx context.Context, policy string) error {
if err != nil {
return err
}
chain.ID = chainID
return c.AddPolicy(ctx, chain)
return c.AddPolicy(ctx, namespace, chain)
}
func (c *Client) AddPolicy(ctx context.Context, chain *policyengine.Chain) error {
func (c *Client) AddPolicy(ctx context.Context, namespace string, chain *policyengine.Chain) error {
req := &control.AddPolicyRequest{
Body: chain.Bytes(),
Body: &control.AddPolicyRequest_Body{
Namespace: namespace,
Chain: chain.Bytes(),
},
}
sig, err := controlSvc.SignMessage(&c.key.PrivateKey, req.Body)
if err != nil {
if err := controlSvc.SignMessage(&c.key.PrivateKey, req); err != nil {
return err
}
req.Signature = sig
_, err = c.svc.AddPolicy(ctx, req)
_, err := c.svc.AddPolicy(ctx, req)
return err
}
func (c *Client) PutPolicy(ctx context.Context, namespace string, chain *policyengine.Chain) error {
req := &control.PutPolicyRequest{
Body: &control.PutPolicyRequest_Body{
Namespace: namespace,
Chain: chain.Bytes(),
},
}
if err := controlSvc.SignMessage(&c.key.PrivateKey, req); err != nil {
return err
}
_, err := c.svc.PutPolicy(ctx, req)
return err
}
func (c *Client) RemovePolicy(ctx context.Context, namespace string, chainID policyengine.ChainID) error {
req := &control.RemovePolicyRequest{
Body: &control.RemovePolicyRequest_Body{
Namespace: namespace,
ChainID: string(chainID),
},
}
if err := controlSvc.SignMessage(&c.key.PrivateKey, req); err != nil {
return err
}
_, err := c.svc.RemovePolicy(ctx, req)
return err
}

View file

@ -116,29 +116,74 @@ func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest)
//
// If request is unsigned or signed by disallowed key, permission error returns.
func (s *Server) AddPolicy(_ context.Context, req *control.AddPolicyRequest) (*control.AddPolicyResponse, error) {
s.log.Info("add policy", zap.String("key", hex.EncodeToString(req.Signature.Key)))
s.log.Info("add policy", zap.String("namespace", req.GetBody().GetNamespace()), zap.String("key", hex.EncodeToString(req.Signature.Key)))
// verify request
if err := s.isValidRequest(req); err != nil {
return nil, status.Error(codes.PermissionDenied, err.Error())
}
req.GetBody()
var chain engine.Chain
if err := chain.DecodeBytes(req.Body); err != nil {
if err := chain.DecodeBytes(req.GetBody().Chain); err != nil {
return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("failed to parse body: %s", err.Error()))
}
s.chainStorage.AddNameSpaceChain(engine.Ingress, "root", &chain)
if chain.ID == "" {
return nil, status.Error(codes.InvalidArgument, "missing chain id")
}
s.chainStorage.AddOverride(engine.Ingress, &chain)
return &control.AddPolicyResponse{}, nil
}
// PutPolicy adds new policy.
//
// If request is unsigned or signed by disallowed key, permission error returns.
func (s *Server) PutPolicy(_ context.Context, req *control.PutPolicyRequest) (*control.PutPolicyResponse, error) {
s.log.Info("update policy", zap.String("namespace", req.GetBody().GetNamespace()), zap.String("key", hex.EncodeToString(req.Signature.Key)))
// verify request
if err := s.isValidRequest(req); err != nil {
return nil, status.Error(codes.PermissionDenied, err.Error())
}
var chain engine.Chain
if err := chain.DecodeBytes(req.GetBody().Chain); err != nil {
return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("failed to parse body: %s", err.Error()))
}
if chain.ID == "" {
return nil, status.Error(codes.InvalidArgument, "missing chain id")
}
s.chainStorage.RemoveOverride(engine.Ingress, chain.ID)
s.chainStorage.AddOverride(engine.Ingress, &chain)
return &control.PutPolicyResponse{}, nil
}
// RemovePolicy adds new policy.
//
// If request is unsigned or signed by disallowed key, permission error returns.
func (s *Server) RemovePolicy(_ context.Context, req *control.RemovePolicyRequest) (*control.RemovePolicyResponse, error) {
s.log.Info("remove policy", zap.String("chainId", req.GetBody().GetChainID()), zap.String("key", hex.EncodeToString(req.Signature.Key)))
// verify request
if err := s.isValidRequest(req); err != nil {
return nil, status.Error(codes.PermissionDenied, err.Error())
}
removed := s.chainStorage.RemoveOverride(engine.Ingress, engine.ChainID(req.GetBody().GetChainID()))
return &control.RemovePolicyResponse{Body: &control.RemovePolicyResponse_Body{Removed: removed}}, nil
}
// SignedMessage is an interface of Control service message.
type SignedMessage interface {
ReadSignedData([]byte) ([]byte, error)
GetSignature() *control.Signature
GetBody() []byte
SetSignature(*control.Signature)
}
var errDisallowedKey = errors.New("key is not in the allowed list")
@ -168,6 +213,10 @@ func (s *Server) isValidRequest(req SignedMessage) error {
}
// verify signature
binBody, err := req.ReadSignedData(nil)
if err != nil {
return fmt.Errorf("marshal request body: %w", err)
}
// TODO(@cthulhu-rider): #468 use Signature message from FrostFS API to avoid conversion
var sigV2 refs.Signature
@ -180,7 +229,7 @@ func (s *Server) isValidRequest(req SignedMessage) error {
return fmt.Errorf("can't read signature: %w", err)
}
if !sig.Verify(req.GetBody()) {
if !sig.Verify(binBody) {
return errInvalidSignature
}
@ -188,12 +237,17 @@ func (s *Server) isValidRequest(req SignedMessage) error {
}
// SignMessage signs Control service message with private key.
func SignMessage(key *ecdsa.PrivateKey, body []byte) (*control.Signature, error) {
func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
binBody, err := msg.ReadSignedData(nil)
if err != nil {
return fmt.Errorf("marshal request body: %w", err)
}
var sig frostfscrypto.Signature
err := sig.Calculate(frostfsecdsa.Signer(*key), body)
err = sig.Calculate(frostfsecdsa.Signer(*key), binBody)
if err != nil {
return nil, fmt.Errorf("calculate signature: %w", err)
return fmt.Errorf("calculate signature: %w", err)
}
// TODO(@cthulhu-rider): #468 use Signature message from FrostFS API to avoid conversion
@ -204,5 +258,7 @@ func SignMessage(key *ecdsa.PrivateKey, body []byte) (*control.Signature, error)
sigControl.Key = sigV2.GetKey()
sigControl.Sign = sigV2.GetSign()
return &sigControl, nil
msg.SetSignature(&sigControl)
return nil
}

File diff suppressed because it is too large Load diff

View file

@ -10,6 +10,10 @@ service ControlService {
rpc HealthCheck (HealthCheckRequest) returns (HealthCheckResponse);
rpc AddPolicy (AddPolicyRequest) returns (AddPolicyResponse);
rpc PutPolicy (PutPolicyRequest) returns (PutPolicyResponse);
rpc RemovePolicy (RemovePolicyRequest) returns (RemovePolicyResponse);
}
// Signature of some message.
@ -23,8 +27,11 @@ message Signature {
// Health check request.
message HealthCheckRequest {
message Body {
}
// Body of health check request message.
bytes body = 1;
Body body = 1;
// Body signature.
Signature signature = 2;
@ -35,11 +42,13 @@ message HealthCheckResponse {
// Health check response body
message Body {
// Health status of storage node application.
HealthStatus health_status = 2;
HealthStatus health_status = 1;
}
// Body of health check response message.
Body body = 1;
Signature signature = 2;
}
@ -60,8 +69,14 @@ enum HealthStatus {
// Add policy request.
message AddPolicyRequest {
// Body of health check request message.
bytes body = 1;
message Body {
// Namespace.
string namespace = 1;
// Chain rules.
bytes chain = 2;
}
Body body = 1;
// Body signature.
Signature signature = 2;
@ -69,5 +84,61 @@ message AddPolicyRequest {
// Add policy response.
message AddPolicyResponse {
message Body {
}
Body body = 1;
Signature signature = 2;
}
// Put policy request.
message PutPolicyRequest {
message Body {
// Namespace.
string namespace = 1;
// Chain rules.
bytes chain = 2;
}
Body body = 1;
// Body signature.
Signature signature = 2;
}
// Put policy response.
message PutPolicyResponse {
message Body {
}
Body body = 1;
Signature signature = 2;
}
// Add policy request.
message RemovePolicyRequest {
message Body {
// Namespace.
string namespace = 1;
// Chain id to remove.
string chainID = 2;
}
Body body = 1;
// Body signature.
Signature signature = 2;
}
// Add policy response.
message RemovePolicyResponse {
message Body {
bool removed = 1;
}
Body body = 1;
Signature signature = 2;
}

View file

@ -0,0 +1,705 @@
// Code generated by protoc-gen-go-frostfs. DO NOT EDIT.
package control
import "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/proto"
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *Signature) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.BytesSize(1, x.Key)
size += proto.BytesSize(2, x.Sign)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *Signature) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.BytesMarshal(1, buf[offset:], x.Key)
offset += proto.BytesMarshal(2, buf[offset:], x.Sign)
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *HealthCheckRequest_Body) StableSize() (size int) {
if x == nil {
return 0
}
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *HealthCheckRequest_Body) StableMarshal(buf []byte) []byte {
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *HealthCheckRequest) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *HealthCheckRequest) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *HealthCheckRequest) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *HealthCheckRequest) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *HealthCheckRequest) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *HealthCheckResponse_Body) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.EnumSize(1, int32(x.HealthStatus))
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *HealthCheckResponse_Body) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.EnumMarshal(1, buf[offset:], int32(x.HealthStatus))
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *HealthCheckResponse) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *HealthCheckResponse) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *HealthCheckResponse) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *HealthCheckResponse) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *HealthCheckResponse) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *AddPolicyRequest_Body) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.StringSize(1, x.Namespace)
size += proto.BytesSize(2, x.Chain)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *AddPolicyRequest_Body) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.StringMarshal(1, buf[offset:], x.Namespace)
offset += proto.BytesMarshal(2, buf[offset:], x.Chain)
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *AddPolicyRequest) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *AddPolicyRequest) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *AddPolicyRequest) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *AddPolicyRequest) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *AddPolicyRequest) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *AddPolicyResponse_Body) StableSize() (size int) {
if x == nil {
return 0
}
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *AddPolicyResponse_Body) StableMarshal(buf []byte) []byte {
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *AddPolicyResponse) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *AddPolicyResponse) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *AddPolicyResponse) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *AddPolicyResponse) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *AddPolicyResponse) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *PutPolicyRequest_Body) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.StringSize(1, x.Namespace)
size += proto.BytesSize(2, x.Chain)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *PutPolicyRequest_Body) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.StringMarshal(1, buf[offset:], x.Namespace)
offset += proto.BytesMarshal(2, buf[offset:], x.Chain)
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *PutPolicyRequest) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *PutPolicyRequest) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *PutPolicyRequest) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *PutPolicyRequest) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *PutPolicyRequest) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *PutPolicyResponse_Body) StableSize() (size int) {
if x == nil {
return 0
}
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *PutPolicyResponse_Body) StableMarshal(buf []byte) []byte {
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *PutPolicyResponse) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *PutPolicyResponse) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *PutPolicyResponse) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *PutPolicyResponse) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *PutPolicyResponse) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *RemovePolicyRequest_Body) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.StringSize(1, x.Namespace)
size += proto.StringSize(2, x.ChainID)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *RemovePolicyRequest_Body) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.StringMarshal(1, buf[offset:], x.Namespace)
offset += proto.StringMarshal(2, buf[offset:], x.ChainID)
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *RemovePolicyRequest) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *RemovePolicyRequest) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *RemovePolicyRequest) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *RemovePolicyRequest) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *RemovePolicyRequest) SetSignature(sig *Signature) {
x.Signature = sig
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *RemovePolicyResponse_Body) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.BoolSize(1, x.Removed)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *RemovePolicyResponse_Body) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.BoolMarshal(1, buf[offset:], x.Removed)
return buf
}
// StableSize returns the size of x in protobuf format.
//
// Structures with the same field values have the same binary size.
func (x *RemovePolicyResponse) StableSize() (size int) {
if x == nil {
return 0
}
size += proto.NestedStructureSize(1, x.Body)
size += proto.NestedStructureSize(2, x.Signature)
return size
}
// StableMarshal marshals x in protobuf binary format with stable field order.
//
// If buffer length is less than x.StableSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same binary format.
func (x *RemovePolicyResponse) StableMarshal(buf []byte) []byte {
if x == nil {
return []byte{}
}
if buf == nil {
buf = make([]byte, x.StableSize())
}
var offset int
offset += proto.NestedStructureMarshal(1, buf[offset:], x.Body)
offset += proto.NestedStructureMarshal(2, buf[offset:], x.Signature)
return buf
}
// ReadSignedData fills buf with signed data of x.
// If buffer length is less than x.SignedDataSize(), new buffer is allocated.
//
// Returns any error encountered which did not allow writing the data completely.
// Otherwise, returns the buffer in which the data is written.
//
// Structures with the same field values have the same signed data.
func (x *RemovePolicyResponse) SignedDataSize() int {
return x.GetBody().StableSize()
}
// SignedDataSize returns size of the request signed data in bytes.
//
// Structures with the same field values have the same signed data size.
func (x *RemovePolicyResponse) ReadSignedData(buf []byte) ([]byte, error) {
return x.GetBody().StableMarshal(buf), nil
}
func (x *RemovePolicyResponse) SetSignature(sig *Signature) {
x.Signature = sig
}

View file

@ -25,6 +25,8 @@ type ControlServiceClient interface {
// Performs health check of the storage node.
HealthCheck(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error)
AddPolicy(ctx context.Context, in *AddPolicyRequest, opts ...grpc.CallOption) (*AddPolicyResponse, error)
PutPolicy(ctx context.Context, in *PutPolicyRequest, opts ...grpc.CallOption) (*PutPolicyResponse, error)
RemovePolicy(ctx context.Context, in *RemovePolicyRequest, opts ...grpc.CallOption) (*RemovePolicyResponse, error)
}
type controlServiceClient struct {
@ -53,6 +55,24 @@ func (c *controlServiceClient) AddPolicy(ctx context.Context, in *AddPolicyReque
return out, nil
}
func (c *controlServiceClient) PutPolicy(ctx context.Context, in *PutPolicyRequest, opts ...grpc.CallOption) (*PutPolicyResponse, error) {
out := new(PutPolicyResponse)
err := c.cc.Invoke(ctx, "/control.ControlService/PutPolicy", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *controlServiceClient) RemovePolicy(ctx context.Context, in *RemovePolicyRequest, opts ...grpc.CallOption) (*RemovePolicyResponse, error) {
out := new(RemovePolicyResponse)
err := c.cc.Invoke(ctx, "/control.ControlService/RemovePolicy", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// ControlServiceServer is the server API for ControlService service.
// All implementations should embed UnimplementedControlServiceServer
// for forward compatibility
@ -60,6 +80,8 @@ type ControlServiceServer interface {
// Performs health check of the storage node.
HealthCheck(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error)
AddPolicy(context.Context, *AddPolicyRequest) (*AddPolicyResponse, error)
PutPolicy(context.Context, *PutPolicyRequest) (*PutPolicyResponse, error)
RemovePolicy(context.Context, *RemovePolicyRequest) (*RemovePolicyResponse, error)
}
// UnimplementedControlServiceServer should be embedded to have forward compatible implementations.
@ -72,6 +94,12 @@ func (UnimplementedControlServiceServer) HealthCheck(context.Context, *HealthChe
func (UnimplementedControlServiceServer) AddPolicy(context.Context, *AddPolicyRequest) (*AddPolicyResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method AddPolicy not implemented")
}
func (UnimplementedControlServiceServer) PutPolicy(context.Context, *PutPolicyRequest) (*PutPolicyResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method PutPolicy not implemented")
}
func (UnimplementedControlServiceServer) RemovePolicy(context.Context, *RemovePolicyRequest) (*RemovePolicyResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method RemovePolicy not implemented")
}
// UnsafeControlServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to ControlServiceServer will
@ -120,6 +148,42 @@ func _ControlService_AddPolicy_Handler(srv interface{}, ctx context.Context, dec
return interceptor(ctx, in, info, handler)
}
func _ControlService_PutPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(PutPolicyRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ControlServiceServer).PutPolicy(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/control.ControlService/PutPolicy",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ControlServiceServer).PutPolicy(ctx, req.(*PutPolicyRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ControlService_RemovePolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RemovePolicyRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ControlServiceServer).RemovePolicy(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/control.ControlService/RemovePolicy",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ControlServiceServer).RemovePolicy(ctx, req.(*RemovePolicyRequest))
}
return interceptor(ctx, in, info, handler)
}
// ControlService_ServiceDesc is the grpc.ServiceDesc for ControlService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
@ -135,6 +199,14 @@ var ControlService_ServiceDesc = grpc.ServiceDesc{
MethodName: "AddPolicy",
Handler: _ControlService_AddPolicy_Handler,
},
{
MethodName: "PutPolicy",
Handler: _ControlService_PutPolicy_Handler,
},
{
MethodName: "RemovePolicy",
Handler: _ControlService_RemovePolicy_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "pkg/service/control/service.proto",