dstepanov-yadro/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity
333 commits 260 branches 26 tags 20 MiB
Commit graph

141 commits

Author SHA1 Message Date
Leonard Lyubich
f66c7958e7 [#109] services/policer: Assign tasks to Replicator 
Make Policer to call AddTask method of Replicator when an insufficient
number of copies of an object is detected in the container.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 15:23:22 +03:00
Leonard Lyubich
2d46baa4a5 [#109] services: Implement Replicator service 
Implement Replicator service that performs background work to replicate
local object to remote nodes in the container. Replicator is going to be
used by Policer.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 15:23:22 +03:00
Leonard Lyubich
53efa18e14 [#109] object/put: Implement remote object sender 
Define RemoteSender structure with PutObject method that puts object to a
remote node locally.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 15:23:22 +03:00
Leonard Lyubich
968033deed [#40] object/put: Assign zero return of MaxObjectSize invalid 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 14:03:25 +03:00
Leonard Lyubich
7fdb14cf8a [#83] services/response: Set epoch number from network state 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Leonard Lyubich
19f9c7eacb [#83] services: Remove setting of meta header from executing services 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Leonard Lyubich
0341773318 [#83] services: Implement response sub-service for each service 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Leonard Lyubich
6bede7d836 [#83] services/util: Implement response service 
Create response package. Implement response Service that sets values of
response meta header.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Leonard Lyubich
1cc7983c4e [#83] services/util: Add meta header methods to ResponseMessage 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Leonard Lyubich
71a06f9e01 [#83] services/util: Define type of response message interface 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-23 10:54:48 +03:00
Alex Vanin
7464254680 [#106] Put simplest bearer token check first 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 18:02:11 +03:00
Alex Vanin
23ec33e821 [#106] Check bearer token lifetime 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 18:02:11 +03:00
Alex Vanin
bb455af05f [#106] Ignore bearer token if basic ACL restrict it 
There is a bit to allow or deny bearer token check for
each object service method. If this bit is not set then
ignore bearer token and use extended ACL table from
sidechain.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 18:02:11 +03:00
Alex Vanin
89cd2ad463 [#106] Process bearer token in ACL service 
If bearer token is presented in the request then check
if it is a valid one and then use it to process extended
ACL checks.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 18:02:11 +03:00
Alex Vanin
094248690b [#115] Make ACL classifier errors transparent for client 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 11:55:28 +03:00
Alex Vanin
ca552f53c6 [#115] Check session token validity 
Malicious user can stole public session key and use
it by sending request from it's own scope. To prevent
this each session token is signed and signature private
key must be corresponded with owner id in token. Therefore
malicious node cannot impersonate request without private
key to sign token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-22 11:55:28 +03:00
Leonard Lyubich
16a5107ef1 [#60] object/put: Provide network State interface to formatter 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-22 11:54:08 +03:00
Leonard Lyubich
b627814dd8 [#60] object/transformer: Set creation epoch number in new objects 
Set value of CreationEpoch object field to the value from network State.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-22 11:54:08 +03:00
Leonard Lyubich
4a56f82571 [#60] object/transformer: Group parameters of NewFormatTarget func 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-22 11:54:08 +03:00
Leonard Lyubich
2541ed4b8f [#88] object/eacl: Use String() methods to calculate ID values 
Replace hex encoding of IDs with String() call (base58) in eACL processing.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 18:53:04 +03:00
Leonard Lyubich
5318abcf38 [#88] object/search: Use String() methods to calculate ID values 
Replace hex encoding of IDs with String() call (base58) in search query
processing.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 18:53:04 +03:00
Leonard Lyubich
0dab4b7581 [#108] services: Implement Policer service 
Implement Policer service that performs background work to check compliance
with the placement policy for local objects in the container. In the initial
implementation, the selection of the working queue of objects is
simplified, and there is no transfer of the result to the replicator.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 14:42:51 +03:00
Leonard Lyubich
f6e56aa956 [#108] placement: Implement Builder from netmap source 
Implement placement.Builder interface on netmap.Source wrapper.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 14:42:51 +03:00
Leonard Lyubich
5017ff0e4a [#108] object/head: Export remote header retrieval utility 
Export remote head functionality in headsvc package. Refactor head service
to use RemoteHeader.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 14:42:51 +03:00
Leonard Lyubich
5ad0df7794 [#108] object/head: Return 404 error if header was not found 
Define ErrNotFound error in headsvc package. Return ErrNotFound from Head
method if the header was not found in the container.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-21 14:42:51 +03:00
Alex Vanin
ae0dd9e051 [#106] Pass bearer token through generated requests 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-20 18:05:29 +03:00
Alex Vanin
9e08b41a6f [#102] Set split header in left object 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-20 09:59:09 +03:00
Alex Vanin
719075ca97 [#99] Fix no-root search matcher 
Wrong boolean operation order made matcher return false
on `non-root` search query with non-regular objects. Instead
it should return true for `non-root` query and false for `root`
query.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-16 13:45:35 +03:00
Alex Vanin
1332a6d3a8 [#92] Provide session token to all produced requests 
If object service produces new request, the should contain
session token. This is the only way for node to grant access
for a private container.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-15 10:20:10 +03:00
Alex Vanin
2d5cb378a7 [#84] Add netmap service executor and signer 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-09 09:15:18 +03:00
Alex Vanin
0e7e0bd2d6 [#84] Remove mocks and debug code from neofs-node services 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-09 09:15:18 +03:00
Alex Vanin
87fc4f5df7 [#82] Use morph wrapper in container service 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-08 11:22:50 +03:00
Alex Vanin
cd34145969 [#73] Use request owner public key in eACL check 
Classifier fetches public key of the request owner
and owner itself. Extended ACL check should rely on
this public key, because it might be extracted from
session token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-05 18:02:37 +03:00
Alex Vanin
7a2654719e [#71] Return only regular objects in root object search 
Root search applies for user objects, so it should not
return tombstones and storage groups.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-05 14:03:55 +03:00
Alex Vanin
11262bed4a [#71] Broadcast tombstone to container 
With one tombstone for split objects we can't simply
place it in container. We should inform all nodes that
store split objects of removed original object.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-05 14:03:55 +03:00
Leonard Lyubich
9cdf7d3896 [#69] object/acl: Check eACL rules in ACL service 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
1d676fcfb2 [#69] object/acl: Add eACL components to service 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
a7782cf1f9 [#69] object/acl: Extended requestInfo structure 
Add container identifier field. Add send public key field.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
6c3c872ee4 [#69] object/acl: Define access denied error 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
0f52444ae9 [#69] object/acl: Change basic ACL type in requestInfo 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
30e6912c7b [#69] object/acl: Construct service from options 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
e5898c9ca8 [#69] object/acl: Rename BasicChecker to Service 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 14:02:14 +03:00
Leonard Lyubich
0d5495e997 [#70] object manager: Implement an example object garbage collector 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 09:36:29 +03:00
Leonard Lyubich
798fca9354 [#70] core/object: Process a delete group at tombstone 
Send object group to delete queue processor after tombstone content
validation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 09:36:29 +03:00
Leonard Lyubich
2b16edebc9 [#70] object/put: Fix NPE caused by nil FormatValidator 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-05 09:36:29 +03:00
Alex Vanin
801999c577 [#66] Impersonate object service verb from session token 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-02 19:47:49 +03:00
Alex Vanin
afeebd310c [#66] Use session token of object header at put ACL check 
Owner of the request is stored in session token most of the times.
Put request contains session token in the object body, so we have
to fetch it from there.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-02 19:47:49 +03:00
Leonard Lyubich
69a69cdbee [#67] object/eacl: Implement eACL validator 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-02 19:46:45 +03:00
Leonard Lyubich
44fcd2f212 [#64] object/delete: Change the formation of tombstone 
Make delete service to write list of child object addresses to tombstone
payload.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
 2020-10-02 19:46:27 +03:00
Alex Vanin
861bac3892 [#59] Use max msg size in transport server and splitter 
For GRPC it is about 4 MiB.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
 2020-10-02 11:25:36 +03:00