2023-11-20 16:35:16 +00:00
|
|
|
package chainbase
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"path/filepath"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util"
|
|
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
|
|
|
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/util/slice"
|
|
|
|
"go.etcd.io/bbolt"
|
|
|
|
)
|
|
|
|
|
|
|
|
type boltLocalOverrideStorage struct {
|
|
|
|
*cfg
|
|
|
|
|
|
|
|
db *bbolt.DB
|
|
|
|
}
|
|
|
|
|
2023-12-12 12:36:27 +00:00
|
|
|
var chainBucket = []byte{0}
|
2023-11-20 16:35:16 +00:00
|
|
|
|
|
|
|
var (
|
2024-01-11 08:51:29 +00:00
|
|
|
// ErrRootBucketNotFound signals the database has not been properly initialized.
|
|
|
|
ErrRootBucketNotFound = logicerr.New("root bucket not found")
|
2023-11-20 16:35:16 +00:00
|
|
|
|
2024-01-11 08:51:29 +00:00
|
|
|
ErrGlobalNamespaceBucketNotFound = logicerr.New("global namespace bucket not found")
|
2023-11-20 16:35:16 +00:00
|
|
|
|
2024-01-11 08:51:29 +00:00
|
|
|
ErrTargetTypeBucketNotFound = logicerr.New("target type bucket not found")
|
2023-11-20 16:35:16 +00:00
|
|
|
|
2024-01-11 08:51:29 +00:00
|
|
|
ErrTargetNameBucketNotFound = logicerr.New("target name bucket not found")
|
2023-11-20 16:35:16 +00:00
|
|
|
|
2024-01-11 08:51:29 +00:00
|
|
|
ErrBucketNotContainsChainID = logicerr.New("chain id not found in bucket")
|
2024-03-11 14:55:50 +00:00
|
|
|
|
|
|
|
errChainIDIsNotSet = errors.New("chain ID is not set")
|
2023-11-20 16:35:16 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// NewBoltLocalOverrideDatabase returns storage wrapper for storing access policy engine
|
|
|
|
// local overrides.
|
|
|
|
//
|
|
|
|
// chain storage (chainBucket):
|
|
|
|
// -> global namespace bucket (nBucket):
|
|
|
|
// --> target bucket (tBucket)
|
|
|
|
// ---> target name (resource) bucket (rBucket):
|
|
|
|
//
|
|
|
|
// | Key | Value |
|
|
|
|
// x---------------------x-------------------x
|
|
|
|
// | chain id (string) | serialized chain |
|
|
|
|
// x---------------------x-------------------x
|
|
|
|
//
|
|
|
|
//nolint:godot
|
|
|
|
func NewBoltLocalOverrideDatabase(opts ...Option) LocalOverrideDatabase {
|
|
|
|
c := defaultCfg()
|
|
|
|
|
|
|
|
for i := range opts {
|
|
|
|
opts[i](c)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &boltLocalOverrideStorage{
|
|
|
|
cfg: c,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) Init() error {
|
|
|
|
return cs.db.Update(func(tx *bbolt.Tx) error {
|
|
|
|
_, err := tx.CreateBucketIfNotExists(chainBucket)
|
|
|
|
return err
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) Open(context.Context) error {
|
|
|
|
err := util.MkdirAllX(filepath.Dir(cs.path), cs.perm)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("can't create dir %s for the chain DB: %w", cs.path, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
opts := *bbolt.DefaultOptions
|
|
|
|
opts.NoSync = cs.noSync
|
|
|
|
opts.Timeout = 100 * time.Millisecond
|
|
|
|
|
|
|
|
cs.db, err = bbolt.Open(cs.path, cs.perm, &opts)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("can't open the chain DB: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
cs.db.MaxBatchSize = cs.maxBatchSize
|
|
|
|
cs.db.MaxBatchDelay = cs.maxBatchDelay
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) Close() error {
|
|
|
|
var err error
|
|
|
|
if cs.db != nil {
|
|
|
|
err = cs.db.Close()
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2024-03-07 16:21:18 +00:00
|
|
|
func getTypeBucket(tx *bbolt.Tx, name chain.Name, target policyengine.Target) (*bbolt.Bucket, error) {
|
2023-11-20 16:35:16 +00:00
|
|
|
cbucket := tx.Bucket(chainBucket)
|
|
|
|
if cbucket == nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
return nil, ErrRootBucketNotFound
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
nbucket := cbucket.Bucket([]byte(name))
|
|
|
|
if nbucket == nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
return nil, fmt.Errorf("%w: %w: %s", policyengine.ErrChainNotFound, ErrGlobalNamespaceBucketNotFound, name)
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
2024-03-07 16:21:18 +00:00
|
|
|
return nbucket.Bucket([]byte{byte(target.Type)}), nil
|
|
|
|
}
|
2023-11-20 16:35:16 +00:00
|
|
|
|
2024-03-07 16:21:18 +00:00
|
|
|
func normalizeTargetName(target *policyengine.Target) {
|
2024-01-26 15:45:10 +00:00
|
|
|
if target.Type == policyengine.Namespace && target.Name == "" {
|
|
|
|
target.Name = "root"
|
|
|
|
}
|
2024-03-07 16:21:18 +00:00
|
|
|
}
|
2024-01-26 15:45:10 +00:00
|
|
|
|
2024-03-07 16:21:18 +00:00
|
|
|
func getTargetBucket(tx *bbolt.Tx, name chain.Name, target policyengine.Target) (*bbolt.Bucket, error) {
|
|
|
|
typeBucket, err := getTypeBucket(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if typeBucket == nil {
|
|
|
|
return nil, fmt.Errorf("%w: %w: %c", policyengine.ErrChainNotFound, ErrTargetTypeBucketNotFound, target.Type)
|
|
|
|
}
|
|
|
|
|
|
|
|
normalizeTargetName(&target)
|
2023-11-20 16:35:16 +00:00
|
|
|
rbucket := typeBucket.Bucket([]byte(target.Name))
|
|
|
|
if rbucket == nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
return nil, fmt.Errorf("%w: %w: %s", policyengine.ErrChainNotFound, ErrTargetNameBucketNotFound, target.Name)
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
|
|
|
return rbucket, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func getTargetBucketCreateIfEmpty(tx *bbolt.Tx, name chain.Name, target policyengine.Target) (*bbolt.Bucket, error) {
|
|
|
|
cbucket := tx.Bucket(chainBucket)
|
|
|
|
if cbucket == nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
return nil, ErrRootBucketNotFound
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
nbucket := cbucket.Bucket([]byte(name))
|
|
|
|
if nbucket == nil {
|
|
|
|
var err error
|
|
|
|
nbucket, err = cbucket.CreateBucket([]byte(name))
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not create a bucket for the global chain name %s: %w", name, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
typeBucket := nbucket.Bucket([]byte{byte(target.Type)})
|
|
|
|
if typeBucket == nil {
|
|
|
|
var err error
|
2024-01-11 08:00:45 +00:00
|
|
|
typeBucket, err = nbucket.CreateBucket([]byte{byte(target.Type)})
|
2023-11-20 16:35:16 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not create a bucket for the target type '%c': %w", target.Type, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-03-07 16:21:18 +00:00
|
|
|
normalizeTargetName(&target)
|
2023-11-20 16:35:16 +00:00
|
|
|
rbucket := typeBucket.Bucket([]byte(target.Name))
|
|
|
|
if rbucket == nil {
|
|
|
|
var err error
|
|
|
|
rbucket, err = typeBucket.CreateBucket([]byte(target.Name))
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not create a bucket for the target name %s: %w", target.Name, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return rbucket, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) AddOverride(name chain.Name, target policyengine.Target, c *chain.Chain) (chain.ID, error) {
|
2024-01-29 08:23:56 +00:00
|
|
|
if len(c.ID) == 0 {
|
2024-03-11 14:55:50 +00:00
|
|
|
return chain.ID{}, errChainIDIsNotSet
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
serializedChain := c.Bytes()
|
|
|
|
|
|
|
|
err := cs.db.Update(func(tx *bbolt.Tx) error {
|
|
|
|
rbuck, err := getTargetBucketCreateIfEmpty(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return rbuck.Put([]byte(c.ID), serializedChain)
|
|
|
|
})
|
|
|
|
|
|
|
|
return c.ID, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) GetOverride(name chain.Name, target policyengine.Target, chainID chain.ID) (*chain.Chain, error) {
|
|
|
|
var serializedChain []byte
|
|
|
|
|
|
|
|
if err := cs.db.View(func(tx *bbolt.Tx) error {
|
|
|
|
rbuck, err := getTargetBucket(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
serializedChain = rbuck.Get([]byte(chainID))
|
|
|
|
if serializedChain == nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
return fmt.Errorf("%w: %w: %s", policyengine.ErrChainNotFound, ErrBucketNotContainsChainID, chainID)
|
2023-11-20 16:35:16 +00:00
|
|
|
}
|
|
|
|
serializedChain = slice.Copy(serializedChain)
|
|
|
|
return nil
|
|
|
|
}); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
c := &chain.Chain{}
|
2024-02-02 17:26:14 +00:00
|
|
|
if err := c.DecodeBytes(serializedChain); err != nil {
|
2023-11-20 16:35:16 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return c, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) RemoveOverride(name chain.Name, target policyengine.Target, chainID chain.ID) error {
|
|
|
|
return cs.db.Update(func(tx *bbolt.Tx) error {
|
|
|
|
rbuck, err := getTargetBucket(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return rbuck.Delete([]byte(chainID))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-03-07 16:21:18 +00:00
|
|
|
func (cs *boltLocalOverrideStorage) RemoveOverridesByTarget(name chain.Name, target policyengine.Target) error {
|
|
|
|
return cs.db.Update(func(tx *bbolt.Tx) error {
|
|
|
|
typeBucket, err := getTypeBucket(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
normalizeTargetName(&target)
|
|
|
|
return typeBucket.DeleteBucket([]byte(target.Name))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-11-20 16:35:16 +00:00
|
|
|
func (cs *boltLocalOverrideStorage) ListOverrides(name chain.Name, target policyengine.Target) ([]*chain.Chain, error) {
|
|
|
|
var serializedChains [][]byte
|
|
|
|
var serializedChain []byte
|
|
|
|
if err := cs.db.View(func(tx *bbolt.Tx) error {
|
|
|
|
rbuck, err := getTargetBucket(tx, name, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return rbuck.ForEach(func(_, v []byte) error {
|
|
|
|
serializedChain = slice.Copy(v)
|
|
|
|
serializedChains = append(serializedChains, serializedChain)
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
}); err != nil {
|
2024-01-11 08:51:29 +00:00
|
|
|
if errors.Is(err, policyengine.ErrChainNotFound) {
|
2023-11-20 16:35:16 +00:00
|
|
|
return []*chain.Chain{}, nil
|
|
|
|
}
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
chains := make([]*chain.Chain, 0, len(serializedChains))
|
|
|
|
for _, serializedChain = range serializedChains {
|
|
|
|
c := &chain.Chain{}
|
2024-02-02 17:26:14 +00:00
|
|
|
if err := c.DecodeBytes(serializedChain); err != nil {
|
2023-11-20 16:35:16 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
chains = append(chains, c)
|
|
|
|
}
|
|
|
|
return chains, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) DropAllOverrides(name chain.Name) error {
|
|
|
|
return cs.db.Update(func(tx *bbolt.Tx) error {
|
2024-01-11 08:51:29 +00:00
|
|
|
cbucket := tx.Bucket(chainBucket)
|
|
|
|
if cbucket == nil {
|
|
|
|
return ErrRootBucketNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
nbucket := cbucket.Bucket([]byte(name))
|
|
|
|
if nbucket == nil {
|
|
|
|
return fmt.Errorf("%w: %w: global namespace %s", policyengine.ErrChainNotFound, ErrGlobalNamespaceBucketNotFound, name)
|
|
|
|
}
|
|
|
|
|
2023-11-20 16:35:16 +00:00
|
|
|
return tx.DeleteBucket([]byte(name))
|
|
|
|
})
|
|
|
|
}
|
2024-01-29 08:23:56 +00:00
|
|
|
|
|
|
|
func (cs *boltLocalOverrideStorage) ListOverrideDefinedTargets(name chain.Name) ([]policyengine.Target, error) {
|
|
|
|
var targets []policyengine.Target
|
|
|
|
if err := cs.db.View(func(tx *bbolt.Tx) error {
|
|
|
|
var err error
|
|
|
|
targets, err = getTargets(tx, name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return targets, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func getTargets(tx *bbolt.Tx, name chain.Name) ([]policyengine.Target, error) {
|
|
|
|
var targets []policyengine.Target
|
|
|
|
cbucket := tx.Bucket(chainBucket)
|
|
|
|
if cbucket == nil {
|
|
|
|
return nil, ErrRootBucketNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
nbucket := cbucket.Bucket([]byte(name))
|
|
|
|
if nbucket == nil {
|
|
|
|
return nil, fmt.Errorf("%w: %w: %s", policyengine.ErrChainNotFound, ErrGlobalNamespaceBucketNotFound, name)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := nbucket.ForEachBucket(func(k []byte) error {
|
|
|
|
ttype := policyengine.TargetType(k[0])
|
|
|
|
if err := nbucket.Bucket(k).ForEachBucket(func(k []byte) error {
|
|
|
|
targets = append(targets, policyengine.Target{
|
|
|
|
Type: ttype,
|
|
|
|
Name: string(slice.Copy(k)),
|
|
|
|
})
|
|
|
|
return nil
|
|
|
|
}); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return targets, nil
|
|
|
|
}
|