elebedeva/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#419] eacl: Replace eACL storage implementation to app-side

Browse source 
Replace `eacl.Storage` interface implementation from eACL lib to neofs-node
app package. Remove `eacl.WithMorphClient` option in order to abstract eACL
validator from eACL storage implementation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-03-04 11:09:23 +03:00 committed by Leonard Lyubich
parent 8c3864e6d6
commit ed808c3f1b
2 changed files with 42 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
cmd/neofs-node/object.go
View file

@ -3,14 +3,18 @@ package main
import ( import (
"context" "context"
eaclSDK "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/client" "github.com/nspcc-dev/neofs-api-go/pkg/client"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object" objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/util/signature"
"github.com/nspcc-dev/neofs-api-go/v2/object" "github.com/nspcc-dev/neofs-api-go/v2/object"
objectGRPC "github.com/nspcc-dev/neofs-api-go/v2/object/grpc" objectGRPC "github.com/nspcc-dev/neofs-api-go/v2/object/grpc"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object" objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
"github.com/nspcc-dev/neofs-node/pkg/morph/event" "github.com/nspcc-dev/neofs-node/pkg/morph/event"
"github.com/nspcc-dev/neofs-node/pkg/network/cache" "github.com/nspcc-dev/neofs-node/pkg/network/cache"
objectTransportGRPC "github.com/nspcc-dev/neofs-node/pkg/network/transport/object/grpc" objectTransportGRPC "github.com/nspcc-dev/neofs-node/pkg/network/transport/object/grpc"
@ -32,6 +36,7 @@ import (
"github.com/nspcc-dev/neofs-node/pkg/services/policer" "github.com/nspcc-dev/neofs-node/pkg/services/policer"
"github.com/nspcc-dev/neofs-node/pkg/services/replicator" "github.com/nspcc-dev/neofs-node/pkg/services/replicator"
"github.com/nspcc-dev/neofs-node/pkg/util/logger" "github.com/nspcc-dev/neofs-node/pkg/util/logger"
"github.com/pkg/errors"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -338,7 +343,9 @@ func initObjectService(c *cfg) {
), ),
acl.WithLocalStorage(ls), acl.WithLocalStorage(ls),
acl.WithEACLValidatorOptions( acl.WithEACLValidatorOptions(
eacl.WithMorphClient(c.cfgObject.cnrClient), eacl.WithEACLStorage(&morphEACLStorage{
w: c.cfgObject.cnrClient,
}),
eacl.WithLogger(c.log), eacl.WithLogger(c.log),
), ),
acl.WithNetmapState(c.cfgNetmap.state), acl.WithNetmapState(c.cfgNetmap.state),
@ -346,3 +353,37 @@ func initObjectService(c *cfg) {
), ),
) )
} }
type morphEACLStorage struct {
w *wrapper.Wrapper
}
type signedEACLTable eaclSDK.Table
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
return (*eaclSDK.Table)(s).Marshal(buf)
}
func (s *signedEACLTable) SignedDataSize() int {
// TODO: add eacl.Table.Size method
return (*eaclSDK.Table)(s).ToV2().StableSize()
}
func (s *morphEACLStorage) GetEACL(cid *container.ID) (*eaclSDK.Table, error) {
table, sig, err := s.w.GetEACL(cid)
if err != nil {
return nil, err
}
if err := signature.VerifyDataWithSource(
(*signedEACLTable)(table),
func() ([]byte, []byte) {
return sig.Key(), sig.Sign()
},
signature.SignWithRFC6979(),
); err != nil {
return nil, errors.Wrap(err, "incorrect signature")
}
return table, nil
}

47
pkg/services/object/acl/eacl/opts.go
View file

@ -1,48 +1,9 @@
package eacl package eacl
import ( import (
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/util/signature"
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
"github.com/nspcc-dev/neofs-node/pkg/util/logger" "github.com/nspcc-dev/neofs-node/pkg/util/logger"
"github.com/pkg/errors"
) )
type morphStorage struct {
w *wrapper.Wrapper
}
type signedEACLTable eacl.Table
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
return (*eacl.Table)(s).Marshal(buf)
}
func (s *signedEACLTable) SignedDataSize() int {
// TODO: add eacl.Table.Size method
return (*eacl.Table)(s).ToV2().StableSize()
}
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
table, sig, err := s.w.GetEACL(cid)
if err != nil {
return nil, err
}
if err := signature.VerifyDataWithSource(
(*signedEACLTable)(table),
func() ([]byte, []byte) {
return sig.Key(), sig.Sign()
},
signature.SignWithRFC6979(),
); err != nil {
return nil, errors.Wrap(err, "incorrect signature")
}
return table, nil
}
func WithLogger(v *logger.Logger) Option { func WithLogger(v *logger.Logger) Option {
return func(c *cfg) { return func(c *cfg) {
c.logger = v c.logger = v
@ -54,11 +15,3 @@ func WithEACLStorage(v Storage) Option {
c.storage = v c.storage = v
} }
} }
func WithMorphClient(v *wrapper.Wrapper) Option {
return func(c *cfg) {
c.storage = &morphStorage{
w: v,
}
}
}