Commit graph

1210 commits

Author SHA1 Message Date
Pavel Karpy
0bcc505682 [#668] pkg/audit: Skip audit for containers without SG
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-06 21:19:18 +03:00
Leonard Lyubich
7c1432aa57 [#660] services/container: Don't check container format in Put
Storage node should only reflect container Put requests to sidechain w/o any
validation. All verification steps are performed by IR.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-07-05 11:05:44 +03:00
Leonard Lyubich
54d6f3de55 [#660] core/container: Use version.IsValid in CheckFormat
Container can have version later than the current lib version, and it should
not be considered as invalid. But it should still have adequate version.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-07-05 11:05:44 +03:00
Leonard Lyubich
8192933313 [#660] services/netmap: Don't call IsSupportedVersion in LocalNodeInfo
Clients can have version later than the server. The server should not deny
these clients.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-07-05 11:05:44 +03:00
Leonard Lyubich
69826ebd90 [#660] core: Implement function to check protocol version adequacy
Create `version` package and implement `IsValid` function which checks if
version is not earlier than the genesis one.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-07-05 11:05:44 +03:00
Alex Vanin
c90f054f35 [#658] morph/neofs: Add TryNotary() option
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Alex Vanin
c0093b2b79 [#658] morph/neofsid: Add TryNotary() option
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Alex Vanin
92451c08af [#658] innerring: Do not use notary in audit client
Audit client is used to send audit results and they should be
signed by inner ring node itself on order to be saved in
smart contract.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Pavel Karpy
a2b622d62e [#647] pkg/morph/netmap/wrapper: GetCandidates method
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-29 22:29:23 +03:00
Pavel Karpy
d664a00e94 [#647] pkg/morph/netmap: Add netmapCandidates method
Add `netmapCandidates` method to `netmap` client
wrapper. Method parses node storages candidates
for the next epoch.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-29 22:29:23 +03:00
Pavel Karpy
403f836968 [#647] pkg/morph: Add constant var to err message
Use defined constant variable instead of
hardcoded number in error message.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-29 22:29:23 +03:00
Leonard Lyubich
dab33e0f9b [#652] Update Neo Go to v0.95.3
Add `keys.NEP2ScryptParams()` to `keys.NEP2Decrypt` call arguments.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-29 13:44:59 +03:00
Leonard Lyubich
56d4410913 [#638] Update to Go 1.16
Changes:

  * replace `iotuil` elements with the ones from `os` package;
  * replace `os.Filemode` with `fs.FileMode`;
  * use `signal.NotifyContext` instead of `NewGracefulContext` (removed).

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-29 13:44:59 +03:00
Leonard Lyubich
8eadf18e01 [#607] services/control: Fix incorrect allocation in NetmapSnapshot
Fix make with length + subsequent append.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
f8ee6b1164 [#607] services/netmap: Support backward compatibility
Make Netmap service to return single network address on `LocalNodeInfo` RPC
in order to older clients.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
6f861b6489 [#607] network: Support URI address strings
Make Address.FromString method to parse URI addresses and enable TLS for TLS
schemes.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
43eff09944 [#607] *: Do not use deprecated elements of code
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
cbe20a2bac [#607] network: Add helper function to iterate over all addresses
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
119031c8c7 [#607] network: Make AddressGroup.WriteToNodeInfo method a function
Method implementation doesn't use any private logic.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
359bbe319a [#607] network: Remove no longer needed GroupFromAddress function
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
e3eade619d [#607] network: Remove no longer used Address.AddTLS method
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
b723c92ef8 [#607] network: Make Address.Equal method unexported
The method is used only in the same package.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
61cc70d899 [#607] network: Remove no longer used Address.WriteToNodeInfo method
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
149367cab9 [#607] network: Sort addresses in AddressGroup.FromIterator method
Implement `sort.Interface` interface on `AddressGroup` and perform sorting
in `AddressGroup.FromIterator` method. Addresses with enabled TLS are "less"
in terms of slice position.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
1e52e86bbc [#607] node/control: Make group address in NodeInfo message
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
cede2b4ed7 [#607] reputation,container: Support address groups in ServerInfo
There is a need to support multiple server endpoints for reputation and
container transmission.

Replace `ServerInfo.Address` getter with `ServerInfo.IterateAddresses`
iterator.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
d6bb697726 [#607] container/announce: Use public keys as keys to server cache
In future server info will contain multiple endpoints whose string
representation will be worse suited to the cache key.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
44a2c81f8e [#607] reputation/router: Use public keys as keys to server cache
In future server info will contain multiple endpoints whose string
representation will be worse suited to the cache key.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
f7b42a1525 [#607] ir: Work with AddressGroup instead of single Address
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
9033cf5aa1 [#607] placement: Work with AddressGroup
Make `PlacementBuilder` implementations to work `network.AddressGroup` type.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
b3dd9a3254 [#607] placement: Make traverser to return list of address groups
Make placement `Traverser.Next` method to return ``[]network.AddressGroup`
in order to support multiple addresses of the storeage nodes.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
8ac3c62518 [#607] object/head: Make client constructor to work with group address
Make Object Head service to work with `AddressGroup` instead of `Address`
in order to support multiple addresses of the storage node.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
d0e48c949b [#607] object/search: Make client constructor to work with group address
Make Object Search service to work with `AddressGroup` instead of `Address`
in order to support multiple addresses of the storage node.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
ad14df07f6 [#607] object/get: Make client constructor to work with group address
Make Object Get service to work with `AddressGroup` instead of `Address` in
order to support multiple addresses of the storage node.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
8972f84672 [#607] object/put: Make client constructor to work with group address
Make Object Put service to work with `AddressGroup` instead of `Address` in
order to support multiple addresses of the storage node.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
6e5d7f84af [#607] network: Generalize LocalAddressSource to address group
Make `LocalAddressSource.LocalAddress` method to return `AddressGroup`. Make
`IsLocalAddress` function to accept parameter of type `AddressGroup`. Adopt
the application code with temporary `GroupFromAddress` helper.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
e11f50ec8e [#607] network: Make ClientCache to accept AddressGroup
Change type of the `ClientCache.Get` method's parameter to `AddressGroup`.
Use `GroupFromAddress` to call the method from the wrappers in order to no
change their interface.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
5db7c5c2a8 [#607] network: Implement function to stringify AddressGroup
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
c82615667d [#607] network: Return group-address client from ClientCache
Add group-address `Client` implementation. Return instances of this
implementation from `ClientCache.Get` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
3805b0f638 [#607] client: Overload Client interface
There is a need to generalize single-address client to group-address client.
To do this, we can re-implement `Client` interface from NeoFS API Go library
and still use it in the application code. There is a problem with method
`Raw` which must return single-address raw client. So as not to make changes
to API library we need to overload Client interface in order to support
`Raw` method in group-address client implementation.

Define `Client` interface in new `pkg/core/client` package. Completely
inherit API `Client` interface. Add `RawForAddress` method to build raw
client for the single node address. Adopt the application code that used Raw
method to work with new `Client`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
5e4208648a [#607] network: Implement AddressGroup type
Define `network.AddressGroup` type which represents group of network
addresses. This type is going to be used to support group-address of the
storage node.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Alex Vanin
5df55bcfaf [#648] morph/client: Fix method name in NewEpoch
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-25 16:29:00 +03:00
Pavel Karpy
48827f42d3 [#643] pkg: Sync method names and commentaries to them
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-24 16:10:44 +03:00
Leonard Lyubich
25391111ad [#633] object: Disallow empty attribute values
Values of object attributes must not be empty according to NeoFS
specification.

Make `FormatValidator.Validate` method to return an error if at least one
attribute has empty value.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-24 11:12:23 +03:00
Leonard Lyubich
01dd17e30a [#633] object: Prevent duplicate attributes by key
Keys of object attributes must be unique according to NeoFS specification.

Make `FormatValidator.Validate` method to return an error if at least one
attribute is duplicated.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-24 11:12:23 +03:00
Pavel Karpy
6efeee5ce0 [#641] ir/container: Add unique attributes check
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-24 11:11:13 +03:00
Pavel Karpy
8ddea8a5ee [#622] pkg/innerring: Change NodeValidator interface description
Make changes of the `NodeInfo` by implementations
of the `NodeValidator` interface optional.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
7b3897253c [#622] pkg/innerring: Add multiaddress validation
Start using multiaddress validation in netmap
processor.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
1cd0352bab [#622] pkg/innerring: Add composite validator
Add `CompositeValidator` that wraps
`netmap.NodeValidator`s and implements
`NodeValidator` interface itself.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
53b7e05b65 [#622] pkg/innerring: Add multiaddress validator
Add multiaddress validator that calls
`network.VerifyAddress`.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
ea5c74e761 [#622] pkg/network: Add multiaddress validation
Validation checks:
1. if address can be parsed by network package;
2. if address contains correct amount of protocols;
3. if address's protocols are in correct order.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Evgenii Stratonikov
16e9e726ff [#496] morph/client: add wrapper for neofs contract
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
458fc4f5ae [#496] morph/client: provide notary options on client creation
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
7cf0093012 [#496] pkg/innerring: remove unused processor parameters
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
8a2b7f4501 [#496] pkg/innerring: provide wrappers to processors
The only thing we need hashes for is to process notifications.
Balance contract if left for now, as it has some initialization.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
ZhangTao1596
9b87e6267d [#568] shard/writecache: Maintain memory size and db size
Signed-off-by: ZhangTao1596 <zhangtao@ngd.neo.org>
2021-06-21 14:26:30 +03:00
Leonard Lyubich
adbbad0beb [#607] network: Do not work with Address pointers
`network.Address` structure in most cases created once and used read-only.

Replace `AddressFromString` function with `Address.FromString` method with
the same purpose and implementation. Make all libraries to work with value.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
5de074f24c [#607] network: Implement WriteToNodeInfo method on Address
Implement `Address.WriteToNodeInfo` method which sets address of `NodeInfo`
structure. Use it in storage node application.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
e5504c7130 [#607] network: Do not use Address.String for address comparison
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
dd67e2b690 [#607] network: Remove Address methods used only for testing
Remove `Encapsulate`, `Decapsulate` and `IPAddrString` methods of `Address`
since they are used in unit tests only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
47fe8911a3 [#607] network: Rename Address.HostAddrString method to HostAddr
Return tyype is clear from the method's signature and docs, there is no
point in reflecting it in the name.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
35f81729e4 [#607] network: Do not return error from Address.HostAddrString method
Panic if internal `manet.DialArgs` call returns error since this is
unexpected according to `AddressFromString` implementation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
4c2d8d5ac9 [#607] network: Reflect all supported formats in AddressFromString docs
Comment that `AddressFromString` function supports host addresses.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
9e241ab91e [#607] network: Remove unused HostAddrFromMultiaddr function.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
95ccbbc2f9 [#607] network: Accept value instead of pointer in IsLocalAddress
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
fdd123ad98 [#607] network: Prevent potential panic in Address.Equal method
Make `Address.Equal` method to accept value instead of pointer in order to
prevent NPE.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
6de0af0650 [#607] network: Use Equal method in IsLocalAddress function
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
b2b33aeac9 [#607] network: Don't export L4 protocol constant
Const is used for internal package needs only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Pavel Karpy
68c7f6ce8a [#613] pkg/innerring/reputation: Add FIXME to ToV2 usage
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Pavel Karpy
ed9a5e44b6 [#613] pkg/innerring: Add sanity check of GlobalTrust
Add sanity checks of GlobalTrust value:
check if "got manager" is real manager for
peer with building managers for peer.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Pavel Karpy
6b176e8769 [#613] pkg/reputation: Move manager building to pkg
Move `managers` package to `pkg` since
it can be reused in other packages.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Leonard Lyubich
cc81723b01 [#615] blobovnicza: Simplify byte size stringer
Make `stringifyByteSize` to return number of bytes as string.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-16 12:14:04 +03:00
Alex Vanin
08b5f29e16 [#609] morph/client: Make halt state error private
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-15 16:52:51 +03:00
Alex Vanin
0ec3faefc9 [#609] morph/client: Check return state in invoke
Test invocations are used in `Invoke` method to calculate
consumed gas. We can check return code and return error
if panic happened in contract.

This is already done the same way in `TestInvoke` method.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-15 16:52:51 +03:00
Leonard Lyubich
455fd952dd [#414] ir: Serve ControlService
Serve `ControlService` instance on configured endpoint (do not serve if not
specified). Read allowed keys from config.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
4001ba2967 [#414] ir: Switch health status on application state transitions
Set health status to

  * `UNDEFINED` during Server construction;
  * `STARTING` on `Server.Start` call;
  * `READY` after successful `Server.Start` call;
  * `SHUTTING_DOWN` on `Server.Stop` call.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
567421a9b5 [#414] ir: Implement HealthChecker on Server
`HealthChecker` interface is required to construct `ControlServiceServer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
dcfe9a6504 [#414] ir/control: Implement service server
Implement `ControlServiceServer` on `Server` type. The `Server` requires all
requests to be signed with keys from the so-called whitelist. To obtain
health status, it uses the abstraction in the form of `HealthChecker`
interface.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
93803b1a90 [#414] ir: Define Control service
Define `ControlService` for IR similar to the one from storage node. Add
`HealthStatus` RPC which returns health status of the IR application.
Implement getters, setters and methods to sign/verify the messages.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Evgenii Stratonikov
9142c778c7 [#562] pkg: remove nspcc-dev/neofs-crypto dependency
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Evgenii Stratonikov
5cab0026c3 [#562] pkg/morph: remove neofs-crypto uses
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Evgenii Stratonikov
1553967328 [#562] cmd/neofs-ir: use NEP-6 wallet for keys
Also remove neofs-crypto uses from `pkg/innerring`.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Alex Vanin
e50abeab0c [#598] innerring/config: Override global config only in debug build
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-09 16:20:37 +03:00
Leonard Lyubich
68e85e4b33 [#412] ir/locode: Disallow explicit setting of LOCODE-derived attributes
Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.

Cover `Validator.VerifyAndUpdate` method with unit tests.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
75d6702d2e [#412] ir/locode: Fix docs of the VerifyAndUpdate method
`Validator.VerifyAndUpdate` method does not add location code attribute.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
096acb2a44 [#580] v2/object/put: Check payload size of the relayed objects
NeoFS network dictates the limitation of the maximum size of the "finished"
objects. The payload size of an object is recorded in its header. When
writing finished objects, the nodes must check:

  * satisfying the constraint;
  * matching the value in the header to the number of payload bytes.

Provide value returned by `MaxSizeSource` component to `validatingTarget`.
Check max size value during the stream of the "finished" objects. Check
header value during the streaming and on-close. Check payload size in v2
relay scenario.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 12:08:37 +03:00
Leonard Lyubich
2f38fef31a [#589] ir/container: Verify session token lifetime
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.

Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:

  * NBF value is gt the current epoch;
  * IAT is gt the current epoch;
  * EXP is le the current epoch.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 10:17:49 +03:00
Alex Vanin
e1ac2fe2e5 [#588] Fix go fmt linter errors
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-03 18:59:07 +03:00
Pavel Karpy
752efc6f8c [#584] pkg/innerring: Delete using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Pavel Karpy
057ebf9d51 [#584] pkg/innerring: Stop using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Leonard Lyubich
ed80f704d0 [#556] innerring/neofs: Process Bind/Unbind events
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
48d934ecf8 [#556] morph/neofsid: Construct static client with enabled notary
Pass `TryNotary()` option to constructor of the static client of the NeoFS
ID contract in `NewFromMorph`. This will allow to use client wrapper for key
management in IR application.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
f76083484b [#556] morph/container: Do not parse public key in Put event parser
Morph event structures defined in `pkg/morph/event` should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side. Change `Bind.User` / `Unbind.User` to
return byte slice. Change `Bind.Keys` / `Unbind.Keys` to return `[][]byte`.
`ParseBind` / `ParseUnbind` don't decode data from now.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
55c83454b6 [#556] morph/neofsid: Implement key management on client wrapper
Implement method `ClientWrapper.ManageKeys` method which provides the
interface to add/remove keys to/from NeoFS account.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
4713e6b2b8 [#556] morph/neofsid: Add Client methods to add/remove keys
Implement `AddKeys` / `RemoveKeys` methods to call `addKey` / `removeKey`
methods of NeoFS ID contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
8c2d42368a [#556] morph/neofs: Implement wrapper over contract client
Implement wrapper over NeoFS contact's client which allows you to
conveniently interact with the contract. Implement `ManageKeys` method
for binding or unbinding public keys to the NeoFS account.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
9dc741d43e [#556] morph/neofs: Implement contract client
Implement NeoFS contact's client which is responsible for collecting call
arguments and parsing stack items. Initially key binding and unbinding are
supported.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Evgenii Stratonikov
b8a7c11e57 [#501] object/put: reduce TTL of the relayed request
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-02 10:31:14 +03:00
Evgenii Stratonikov
3468491224 [#501] object/put: relay requests for signed objects
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-02 10:31:14 +03:00
Evgenii Stratonikov
a422f42ca9 [#501] object/put: refactor distributed target
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-02 10:31:14 +03:00
Leonard Lyubich
d34de558f0 [#570] *: Use generator of test owner IDs from API Go lib
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
3e1463cc76 [#570] *: Use generator of test container IDs from API Go lib
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
3dd10b6795 [#570] *: Remove usage of deprecated elements from API Go library
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
70a7354e9d [#570] *: Use new Equal method of owner.ID type
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
49a42b1d3e [#567] innerring: Close cached clients on shutdown
Register `CloseAll` method to be called on IR application shutdown.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 13:11:37 +03:00
Leonard Lyubich
bf92e895c0 [#567] network/clients: Implement method to close the cached clients
Update API Go library with introduce `Client.Conn` method. Implement
`ClientCache.CloseAll` method which reads and closes connections of all
cached clients.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 13:11:37 +03:00
Leonard Lyubich
9359f28161 [#525] ir/container: Compare owner IDs via Equal method
In recent change of API Go library `owner.ID.Equal` signature was
implemented.

Replace the comparison of string representations with `Equal` method call
and remove related TODOs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
937171911a [#525] ir/container: Simplify the approach to verify token signature
In recent change of API Go library `Token.Verify` signature was implemented.

Replace previous version-casting approach with new method call in token
signature check stage.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
23c5277014 [#525] ir/container: Check session verb and container ID
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers

Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
b73c0c67a2 [#525] ir/container: Fix checks without session token
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
ead4513feb [#525] ir/container: Verify operations with session token
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:

 - token owner should be the owner of the related container;
 - the intent must be signed with a session key;
 - the power of attorney must be signed by the owner of the container.

Omitted checks (TBD):

 - session token should have container session context;
 - the verb of the context should correspond to the operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 17:07:20 +03:00
Pavel Karpy
f89c8bf239 [#549] clientCache: Add TLS to client
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Pavel Karpy
f267fbc56a [#549] network/Address: Add TLS
There is no TLS protocol support in
`go-multiaddr` library, but there is
public function that can register any
protocol that can be implemented outside
the library. Also `TLSEnabled` function
for parsing TLS protocol from
`network.Address` was added.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Pavel Karpy
33bef46f31 [#549] network/cache: Change Get signature
Make network cache's `Get` method accept
`network.Address` argument instead of
string.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Leonard Lyubich
5a3a27ba9f [#525] ir/container: Remove no longer needed FIXME
In latest design of `Container` contract key binding is removed.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
fb4e328171 [#525] morph/container: Remove binding key argument from Put call
`bindKey` parameter of `Put` method of `Container` contract was removed in
latest version.

Do not pass bind key of type `[]byte` to `Put` invocation. Remove no longer
needed field from `PutArgs`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
e1fbc28851 [#525] ir/container: Remove resolved FIXME about notary call
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a1bfcdc74a [#525] v2/container: Write session token from header to removal witness
If container is removed via session, then session token should be included
in removal witness.

Write session token from request meta header to `container.RemovalWitness`
structure which is passed to `wrapper.Delete` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
40c796bd7e [#525] ir/container: Write session token on delete approval
Approved removed container ID should be stored in sidechain along with
related session token.

Forward session token from `Delete` event to `Wrapper.Delete` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
631d7b0e07 [#525] morph/container: Accept container session token in Delete
`Delete` method of latest `Container` contract accepts binary session token
as an argument.

Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
166e5440ab [#525] event/container: Parse session token from Delete notification
The 3rd item of `Delete` container notification event is a byte array of
serialized session token.  Parse session token in `ParseDelete` function.
Provide `Delete.SessionToken` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
c12ea210da Fix typo in error details of ParseSetEACL function
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
9659bdc14d [#525] event/container: Fix docs of SessionToken methods
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a1e1350db0 [#525] core/container: Extend removal witness with session token
NeoFS containers can be removed within a trusted session. There is a need to
take this into account during removal inspection.

Define `SessionToken` / `SetSessionToken` methods on `RemovalWitness` struct
in order to embed `session.Token` to it.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
9a0964efa4 [#525] morph/container: Accept RemovalWitness in Delete function
Make `wrapper.Delete` function to accept `container.RemovalWitness` struct
instead of its separated elements. `Signature` type is replaced by binary
signature since public key is unused.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
d691a20d52 [#525] core/container: Define removal witness
Define `RemovalWitness` structure which groups the information required to
prove and verify the removal of a container. This type is going to be used
in container Delete-related methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
edfdc4274a [#525] morph/container: Pass session token to Delete call
Pass session token (byte array) argument to `Delete` method call of
`Container` contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
cfa209d74e [#525] morph/container: Attach parsed session token to table in GetEACL
Unmarshal session token from `EACLValues` and write it to resulting
`eacl.Table` structure in `Wrapper.GetEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
7ca6f601ef [#525] morph/container: Parse session token, key and signature in EACL
`EACL` method of `Container` contract returns binary session token, key and
signature along with eACL table.

Provide `Signature`, `PublicKey` and `SessionToken` getters from
`EACLValues` structure. Parse and set all values in `Client.EACL` methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
4ef369732a [#525] ir/container: Write session token on eACL table approval
Approved eACL table should be stored in sidechain along with related session
token.

Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db7312274c [#525] event/container: Parse session token from SetEACL notification
The 4th item of `SetEACL` container notification event is a byte array of
serialized session token.

Parse session token in `ParseSetEACL` function. Provide
`SetEACL.SessionToken` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
b09f212990 [#525] v2/container: Write session token from header to eACL table
If eACL table is set via session, then session token should be written to
it.

Write session token from request meta header to `eacl.Table` structure which
is passed to `wrapper.PutEACL` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
5c2b8de87d [#525] v2/container: Make context with token reusable
Rename `PutContext` to `ContextWithToken` and implement its constructor as a
separate function in order to reuse it in other RPCs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
959610080a [#525] morph/container: Accept container session token in PutEACL
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.

Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
c4a3adc8b0 [#525] morph/container: Attach all parsed items to container in Get
Unmarshal session token from `GetValues` and write it to resulting
`Container` structure in `Wrapper.Get` method. Write key-signature pair from
`GetValues` to resulting `Container` structure in `Wrapper.Get` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
b9b369dd5b [#525] morph/container: Parse session token, key and signature in Get
`Get` method of `Container` contract returns binary session token, key and
signature along with container.

Provide `Signature`, `PublicKey` and `SessionToken` getters from `GetValues`
structure. Parse and set all values in `Client.Get` methods.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
461fcfcf19 [#525] ir/container: Write session token on container approval
Approved container should be stored in sidechain along with related session
token.

Forward session token from `Put` event to `Wrapper.Put` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
0f91b78df1 [#525] event/container: Parse binary session token from Put notification
The 4th item of `Put` container notification event is a byte array of
serialized session token.

Parse session token in `ParsePut` function. Provide `Put.SessionToken`
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
98cc685a9b [#525] v2/container: Write session token from header to container
If container is created via session, then session token should be written to
it.

Write session token from request meta header to `Container` structure which
is passed to `wrapper.Put` function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db67a117f0 [#525] morph/container: Accept container session token in Put
`Put` method of latest `Container` contract accepts binary session token as
an argument.

Provide `PutArgs.SetSessionToken` method. Accept session token as a `[]byte`
in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session token
from container in `wrapper.Put` function and pass it to the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
1deb3f3d01 [#525] morph/container: Do not accept signature in PutEACL function
In previous implementation wrapper over the Container contract's client
accepted the signature of the eACL table in addition to itself. After recent
changes in API Go lib table carries its signature. Thus, it is redundant
to pass the eACL table signature separately.

Make `wrapper.PutEACL` method to accept `eacl.Table` only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
32828d2b90 [#525] morph/container: Do not accept signature in Put function
In previous implementation wrapper over the Container contract's client
accepted the signature of the container in addition to itself. After recent
changes in API Go lib container carries its signature. Thus, it is redundant
to pass the container signature separately.

Make `wrapper.Put` method to accept `Container` only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
df197dc38b [#525] morph/container: Do not return signature from GetEACL method
In previous implementation wrapper over the Container contract's client
returned the signature of the eACL table in addition to itself. After recent
changes in API Go lib table carries its signature. Thus, it is redundant to
return the table signature separately.

Make `Wrapper.GetEACL` method to return only `eacl.Table` with error.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
615813d6de [#525] v2/container: Return session token in GetExtendedACL
In recent API changes `GetExtendedACLResponseBody` carries session token.
In recent API Go lib changes `eacl.Table` structure carries related session
token.

Write session token of eACL table from sidechain to GetExtendedACL response
body in node's `ContainerService` server.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
a7f71bf167 [#525] v2/container: Return session token and signature in Get
In recent API changes `GetResponseBody` carries session token and signature.
In recent API Go lib changes `Container` structure carries its session
token and signature.

Write session token and signature of container from sidechain to Get
response body in node's `ContainerService` server.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Alex Vanin
975ab0dff7 [#561] acl: Add tests for request meta header traverser
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Alex Vanin
a025e6250e [#561] acl: Fetch session token from original request meta header
As it explained in previous commit, session token also should
be presented in original meta header but can be omitted in higher
layers.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Alex Vanin
d368afffe5 [#561] acl: Fetch bearer token from original request meta header
Request meta headers are organized in a layers, where
upper layers re-sign down layers. Bearer token should be
a part of original meta header and it can be omitted in
upper layers. Therefore we need to traverse over linked list
of meta header to the original meta header to get bearer token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-27 11:21:14 +03:00
Leonard Lyubich
8448207854 [#505] morph/container: Change parsing of eACL contract method's result
`eACL` method of `Container` contract returns structure with 4 fields (the
4th is a recently added binary session token).

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
70f800eb76 [#505] event/container: Change number of items in SetEACL event
Change expected event items to 4 in order to support new binary session
token item. Parsing of the session token will be implemented later.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00