From 9e825239ac5f57c27cef2ca5291a17ea7f1e4202 Mon Sep 17 00:00:00 2001 From: Airat Arifullin Date: Tue, 28 May 2024 11:54:38 +0300 Subject: [PATCH] [#85] acl: Regenerate protobufs for Bearer token Signed-off-by: Airat Arifullin --- acl/convert.go | 65 ++++++++++++++++++++++++++++++++++++++++++- acl/grpc/types.go | 13 +++++++++ acl/grpc/types.pb.go | Bin 39448 -> 44088 bytes acl/json.go | 8 ++++++ acl/marshal.go | 52 ++++++++++++++++++++++++++++++---- acl/test/generate.go | 15 +++++++++- acl/types.go | 41 ++++++++++++++++++++++++++- 7 files changed, 186 insertions(+), 8 deletions(-) diff --git a/acl/convert.go b/acl/convert.go index 342c1108..0cf455c7 100644 --- a/acl/convert.go +++ b/acl/convert.go @@ -2,6 +2,8 @@ package acl import ( acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl/grpc" + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape" + apeGRPC "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape/grpc" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" refsGRPC "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs/grpc" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/grpc" @@ -418,6 +420,54 @@ func (l *TokenLifetime) FromGRPCMessage(m grpc.Message) error { return nil } +func (c *APEOverride) ToGRPCMessage() grpc.Message { + var m *acl.BearerToken_Body_APEOverride + + if c != nil { + m = new(acl.BearerToken_Body_APEOverride) + + m.SetTarget(c.target.ToGRPCMessage().(*apeGRPC.ChainTarget)) + + if len(c.chains) > 0 { + apeChains := make([]*apeGRPC.Chain, len(c.chains)) + for i := range c.chains { + apeChains[i] = c.chains[i].ToGRPCMessage().(*apeGRPC.Chain) + } + m.SetChains(apeChains) + } + } + + return m +} + +func (c *APEOverride) FromGRPCMessage(m grpc.Message) error { + v, ok := m.(*acl.BearerToken_Body_APEOverride) + if !ok { + return message.NewUnexpectedMessageType(m, v) + } + + if targetGRPC := v.GetTarget(); targetGRPC != nil { + if c.target == nil { + c.target = new(ape.ChainTarget) + } + if err := c.target.FromGRPCMessage(v.GetTarget()); err != nil { + return err + } + } + + if apeChains := v.GetChains(); len(apeChains) > 0 { + c.chains = make([]*ape.Chain, len(apeChains)) + for i := range apeChains { + c.chains[i] = new(ape.Chain) + if err := c.chains[i].FromGRPCMessage(apeChains[i]); err != nil { + return err + } + } + } + + return nil +} + func (bt *BearerTokenBody) ToGRPCMessage() grpc.Message { var m *acl.BearerToken_Body @@ -428,6 +478,7 @@ func (bt *BearerTokenBody) ToGRPCMessage() grpc.Message { m.SetLifetime(bt.lifetime.ToGRPCMessage().(*acl.BearerToken_Body_TokenLifetime)) m.SetEaclTable(bt.eacl.ToGRPCMessage().(*acl.EACLTable)) m.SetAllowImpersonate(bt.impersonate) + m.SetAPEOverride(bt.apeOverride.ToGRPCMessage().(*acl.BearerToken_Body_APEOverride)) } return m @@ -477,7 +528,19 @@ func (bt *BearerTokenBody) FromGRPCMessage(m grpc.Message) error { bt.eacl = new(Table) } - err = bt.eacl.FromGRPCMessage(eacl) + if err = bt.eacl.FromGRPCMessage(eacl); err != nil { + return err + } + } + + if apeOverrideGRPC := v.GetApeOverride(); apeOverrideGRPC != nil { + if bt.apeOverride == nil { + bt.apeOverride = new(APEOverride) + } + err = bt.apeOverride.FromGRPCMessage(apeOverrideGRPC) + if err != nil { + return err + } } bt.impersonate = v.GetAllowImpersonate() diff --git a/acl/grpc/types.go b/acl/grpc/types.go index ce50e2fc..fbcbb915 100644 --- a/acl/grpc/types.go +++ b/acl/grpc/types.go @@ -1,6 +1,7 @@ package acl import ( + ape "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape/grpc" refs "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs/grpc" ) @@ -74,6 +75,18 @@ func (m *BearerToken_Body) SetEaclTable(v *EACLTable) { m.EaclTable = v } +func (m *BearerToken_Body) SetAPEOverride(v *BearerToken_Body_APEOverride) { + m.ApeOverride = v +} + +func (m *BearerToken_Body_APEOverride) SetChains(v []*ape.Chain) { + m.Chains = v +} + +func (m *BearerToken_Body_APEOverride) SetTarget(v *ape.ChainTarget) { + m.Target = v +} + // SetOwnerId sets identifier of the bearer token owner. func (m *BearerToken_Body) SetOwnerId(v *refs.OwnerID) { m.OwnerId = v diff --git a/acl/grpc/types.pb.go b/acl/grpc/types.pb.go index 1b57b1aa3784e503be276b1bfbbeeaba15c7d314..aec449c3f29b1f2d1dc2466b1868c3ed3f9af8b7 100644 GIT binary patch delta 4250 zcmai1drX_x6_+U?*brX9kYF$uoChT4;U}*(32D-FUGr+QZVC|F*w@&^_Gj$R1d|Yh z`Unk8LikN>s;CdCnzl)68sw_l)GB>Ut5&tm)rA?aDYTdc_Gl@wb z`v-jPJ?D3R=bYcY-}jw+uHYAM7tCMK+0I_D>wR(FF_MV;n-_mtd*@(Bhe6-b!FKR? zg8O|c5A-tLf7@M5^$kaOlKB#x#S|7%Vk11k5n9AoqNZ5A`uSoq?aW_ zN-7dy!=UxG8=9RalZI#yRsPulJ0=6^ZYQ zB)Bh-W`Rr&wS`dmIFGSZESIR&kZX7jd3n28OOjJkC8j2PewBImDUq;0?QLzRC=p1c zwDgI#B#o9)8~r?)497-9Sz>I%oVX@3#ON@kJrY(!6re5}ags$-)CU@PIGASPAl2=U zggF&QZHn_mG^~=+L^>*KX@pCiSkBi<3`BjZV33OWQff#^geUpV0Q30;Gvbs`QX?VB zP3SDjsqk1h8ErSH={RTGCEo*rt!KLuNayQo!JOH8K*~^#=SV2*4=wQ!6Y<64#5+J5 z&3SDSC&$))n;5OOgr1g$gPN3Y(p+v)p=xEn9nW z%RK~8vGpTd*jKR}`_jIilDuSi>4%;I+Z0~e->@NXnYXfCT-Dmu(#n>VcXfR$;;xM% z>BhV=WQ5ibidf!~g*zII+Ll2-WzZ+Mno7i2EF8%W9DG-2viYp6bHe5nf893mx2w}? z(39c9TLXAjWo+|WsO(M$bF(K|P#wv=O z^|lp>vO1l3ceI&6dN4Q8j1QDX#0O>e37-XT`tGjO z)rWWEaG+Y`n+{l3Q1?4~@B}%$8K}m^R0F;U6vH~A$8Seh@?1%;Lcq;IsX8tMUKtsri@}b*tCS;O@yWHsX)ZmLy72c-p zchUw_hfSmwTUe?^Nj0G_RH_@+2uOYO4^>mV8M@InJTO*M85UeH6 z9$`A2qVMygRO_G#S4Nxgt9T_ojas#eqz2zsHqtyTc$}1x9c?bNOVFT%qtXBQuuT+t zHc^YGR6Q1`t9L|Xk=Bq2^O0iwC%SH7Yz?0GG$5Yn7GA}6t%pu{qP2z`OFAzYjLO=) zu?D;xs~|DkaW1lrYHBQW2&Rw6>^K!`6A534)fs{=QA8(E!3VKE*)}?3`-f@_E~=Bx zoxto@`Y<0Zfg#XM=cs&XQ12-gTpBThQ}<}J7&ar&FoJ$;di4|Qb>KF5|ky3Qi1V=6jgD=3J0CYs|lmvd|usx^%S8` z)*EcHjdq$1BFR3)hib6RQ-lL*BWAgIK`j;mdR4G$SNp!B-5;VTEzrqj>GG=S^o!ru zuNv`NHb!fLJBSZLwM?dS%c;A?)R&xW-4e)!nc-RzR7rtdC~6nAX)TRQ4w6Nxb5#`i zo$^9+b&4RT%;MBq?Uo$mN|#;Y(?3CFDdi1Xay_TYrTg*vu2a&jSRPBQxXewu04k%+ z_?apv_J(SKEmebH#EkirY?n1IE!#Dr~R zZSGE5Qz2)jv2cq(T+TG$oX3ne6#dY*FqImTty)G^o318@ZzLeNcG0Cb-Y8_=5j5iN zaV9QnrypA;)}nZ-RBSvk?!v|620S`dhL6Xq#L}1JE;#GzIWV!b!n-EooN^TJyC(VblnP3l{5F0 zH9|aE|B{w^TREAB*@TBCt10!9laj~lv^O_dj2UJ%errSp>A!V_pnyFRM(tp$$!^;=|l%yvsDYTE=Vb^RAUZ?*Hvt0%5 zUR*r2c6CesYhmuy`sxW|2Yn>ix_VhKp(NE{vVGj%PTz9*FW?4!ekiV-FqxSM>i+s5 z1HGQ!*N9Kft;`x8^6Cm4R%9M9;_68Q=1#V+q?1m;E{vV5!yiw+SKzYZ$p?+uD|1il zifO0<*n!4VO*nt*@nSk_V!80tRdUTwstjT+&HRx?!n!j84@66k3*FF_` z#rKLweA}|NE#F$Pcxs5uT>|O0d?f9w;Qu2L8x3QC8fELo;^`V3JZ&uf%HrA6)i*C% yZ(d-~pD~h52qfz|v%MG{KUznh4BPNs99<~El}GZwJF*`>qUvw7}W|EihOK3|d<1R)aHBvpLAvG9$_65FDjIzi7KsD4*Sc zQfNUQwG+n2)GcnhIjk`YPN&8hKjNH!%#6xrV$6ORw`rnt%fx$cH-ET)_uPBVbIx&HYs&oB8lQ9P?#p2W<)jty!?zSf@U*(O90H0bTD=5c(?2yNb}zp}{G;6iJRe4BGg7PC)yItG0Y_ zjvTB`aJU^3;kO|^9&x0yXX8fj0-0!Z6cNZ_2ZKD}Fky3R5*!W@jyo7D&S}D>03RzI z0zBnpv+QuvDqeT8ka*EzWOOQM(dC^cEOpAz-^n^0>7=e-cE$@PZ@KOw>Q?VEA;(_? z4jNDu1Tzq>V4}W^p zVx5l6w9?mH$+TC6BCi&^yVS{K;-p}|*M#chOIav0IDEn1nUbhy(HlU>Jc?SI8Q>7AMBSZPfXCj`m3~dul z)*N33Rz*QKZD(UQYbVd8z-eXE3 zxYc^HUT567G$zGwA}uY#64|a^e+kKP%umGZ$-@BX+LcW> zKa`7?hvclvbpZ*!7)nEdBNs+;<_FSAQe$U)mqwTqaJq;>~(+aajG-wD(uxo^=yo;E>+bhZX zvB_K>(GY%#qXz1_BV33z6D9aNBuO?fCNrZNYzr2^Iw2Hl$#6)g**9}%l!g@tS=inn zS@hOw)VVoa2&&1$wfI9EZ#~+_n6d}PG#DgX9~ *{%|ES11PsA@(;t8lsTa5QBUr zq=9N&gv+5)>Y6yNAxAMD9xtKheqzckGQ2v@HuQF|j__y8Ry;vLc1|#mQD(dyH%z#hEpjjF!Pk&R<21crPju?C7$$ zxVAmU_2KAre(d7mR$hXR{6jCupqfoW{fs`fs!UZ;p)zbj#%w0J;N#fLN`k%&124+p zoE626&qjG<)obQ1hz!hikJhkBYk+Do3wsu14_;0$NFTVIUgUB--OiRqdy}n&6KMaB ZG`*P5GsIMj4XKEpSm7CC-jg5m{soywk+c8+ diff --git a/acl/json.go b/acl/json.go index 0e2078ba..90465557 100644 --- a/acl/json.go +++ b/acl/json.go @@ -21,6 +21,14 @@ func (t *Target) UnmarshalJSON(data []byte) error { return message.UnmarshalJSON(t, data, new(acl.EACLRecord_Target)) } +func (a *APEOverride) MarshalJSON() ([]byte, error) { + return message.MarshalJSON(a) +} + +func (a *APEOverride) UnmarshalJSON(data []byte) error { + return message.UnmarshalJSON(a, data, new(acl.BearerToken_Body_APEOverride)) +} + func (r *Record) MarshalJSON() ([]byte, error) { return message.MarshalJSON(r) } diff --git a/acl/marshal.go b/acl/marshal.go index cd6c6dd7..2e593045 100644 --- a/acl/marshal.go +++ b/acl/marshal.go @@ -28,10 +28,14 @@ const ( lifetimeNotValidBeforeField = 2 lifetimeIssuedAtField = 3 - bearerTokenBodyACLField = 1 - bearerTokenBodyOwnerField = 2 - bearerTokenBodyLifetimeField = 3 - bearerTokenBodyImpersonate = 4 + tokenAPEChainsTargetField = 1 + tokenAPEChainsChainsField = 2 + + bearerTokenBodyACLField = 1 + bearerTokenBodyOwnerField = 2 + bearerTokenBodyLifetimeField = 3 + bearerTokenBodyImpersonate = 4 + bearerTokenTokenAPEChainsField = 5 bearerTokenBodyField = 1 bearerTokenSignatureField = 2 @@ -239,6 +243,42 @@ func (l *TokenLifetime) Unmarshal(data []byte) error { return message.Unmarshal(l, data, new(acl.BearerToken_Body_TokenLifetime)) } +func (c *APEOverride) StableMarshal(buf []byte) []byte { + if c == nil { + return []byte{} + } + + if buf == nil { + buf = make([]byte, c.StableSize()) + } + + var offset int + + offset += protoutil.NestedStructureMarshal(tokenAPEChainsTargetField, buf[offset:], c.target) + for i := range c.chains { + offset += protoutil.NestedStructureMarshal(tokenAPEChainsChainsField, buf[offset:], c.chains[i]) + } + + return buf +} + +func (c *APEOverride) StableSize() (size int) { + if c == nil { + return 0 + } + + size += protoutil.NestedStructureSize(tokenAPEChainsTargetField, c.target) + for i := range c.chains { + size += protoutil.NestedStructureSize(tokenAPEChainsChainsField, c.chains[i]) + } + + return size +} + +func (c *APEOverride) Unmarshal(data []byte) error { + return message.Unmarshal(c, data, new(acl.BearerToken_Body_APEOverride)) +} + func (bt *BearerTokenBody) StableMarshal(buf []byte) []byte { if bt == nil { return []byte{} @@ -253,7 +293,8 @@ func (bt *BearerTokenBody) StableMarshal(buf []byte) []byte { offset += protoutil.NestedStructureMarshal(bearerTokenBodyACLField, buf[offset:], bt.eacl) offset += protoutil.NestedStructureMarshal(bearerTokenBodyOwnerField, buf[offset:], bt.ownerID) offset += protoutil.NestedStructureMarshal(bearerTokenBodyLifetimeField, buf[offset:], bt.lifetime) - protoutil.BoolMarshal(bearerTokenBodyImpersonate, buf[offset:], bt.impersonate) + offset += protoutil.BoolMarshal(bearerTokenBodyImpersonate, buf[offset:], bt.impersonate) + protoutil.NestedStructureMarshal(bearerTokenTokenAPEChainsField, buf[offset:], bt.apeOverride) return buf } @@ -267,6 +308,7 @@ func (bt *BearerTokenBody) StableSize() (size int) { size += protoutil.NestedStructureSize(bearerTokenBodyOwnerField, bt.ownerID) size += protoutil.NestedStructureSize(bearerTokenBodyLifetimeField, bt.lifetime) size += protoutil.BoolSize(bearerTokenBodyImpersonate, bt.impersonate) + size += protoutil.NestedStructureSize(bearerTokenTokenAPEChainsField, bt.apeOverride) return size } diff --git a/acl/test/generate.go b/acl/test/generate.go index 3151c52f..30a960a1 100644 --- a/acl/test/generate.go +++ b/acl/test/generate.go @@ -2,6 +2,7 @@ package acltest import ( "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl" + apetest "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape/test" accountingtest "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs/test" ) @@ -22,8 +23,20 @@ func GenerateBearerTokenBody(empty bool) *acl.BearerTokenBody { if !empty { m.SetOwnerID(accountingtest.GenerateOwnerID(false)) - m.SetEACL(GenerateTable(false)) m.SetLifetime(GenerateTokenLifetime(false)) + m.SetAPEOverride(GenerateAPEOverride(empty)) + } + + return m +} + +func GenerateAPEOverride(empty bool) *acl.APEOverride { + var m *acl.APEOverride + + if !empty { + m = new(acl.APEOverride) + m.SetTarget(apetest.GenerateChainTarget(empty)) + m.SetChains(apetest.GenerateRawChains(false, 3)) } return m diff --git a/acl/types.go b/acl/types.go index 1524e7b7..b42528bd 100644 --- a/acl/types.go +++ b/acl/types.go @@ -1,6 +1,9 @@ package acl -import "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" +import ( + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape" + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" +) // HeaderFilter is a unified structure of FilterInfo // message from proto definition. @@ -46,6 +49,12 @@ type TokenLifetime struct { exp, nbf, iat uint64 } +type APEOverride struct { + target *ape.ChainTarget + + chains []*ape.Chain +} + type BearerTokenBody struct { eacl *Table @@ -53,6 +62,8 @@ type BearerTokenBody struct { lifetime *TokenLifetime + apeOverride *APEOverride + impersonate bool } @@ -318,6 +329,34 @@ func (bt *BearerTokenBody) SetEACL(v *Table) { bt.eacl = v } +func (t *APEOverride) GetTarget() *ape.ChainTarget { + return t.target +} + +func (t *APEOverride) GetChains() []*ape.Chain { + return t.chains +} + +func (t *APEOverride) SetTarget(v *ape.ChainTarget) { + t.target = v +} + +func (t *APEOverride) SetChains(v []*ape.Chain) { + t.chains = v +} + +func (bt *BearerTokenBody) GetAPEOverride() *APEOverride { + if bt != nil { + return bt.apeOverride + } + + return nil +} + +func (bt *BearerTokenBody) SetAPEOverride(v *APEOverride) { + bt.apeOverride = v +} + func (bt *BearerTokenBody) GetOwnerID() *refs.OwnerID { if bt != nil { return bt.ownerID