forked from TrueCloudLab/frostfs-node
Dmitrii Stepanov
632bd8e38d
If request has no tag, but request's public key is netmap node's key or one of allowed internal tag keys from config, then request must use internal IO tag. Change-Id: Iff93b626941a81b088d8999b3f2947f9501dcdf8 Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
226 lines
8.5 KiB
Go
226 lines
8.5 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/qos"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger/test"
|
|
utilTesting "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/testing"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-qos/tagging"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestQoSService_Client(t *testing.T) {
|
|
t.Parallel()
|
|
s, pk := testQoSServicePrepare(t)
|
|
t.Run("IO tag client defined", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagClient.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Request)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("no IO tag defined, signed with unknown key", func(t *testing.T) {
|
|
ctx := s.AdjustIncomingTag(context.Background(), pk.Request)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("no IO tag defined, signed with allowed critical key", func(t *testing.T) {
|
|
ctx := s.AdjustIncomingTag(context.Background(), pk.Critical)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("unknown IO tag, signed with unknown key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), "some IO tag we don't know")
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Request)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("unknown IO tag, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), "some IO tag we don't know")
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("unknown IO tag, signed with allowed internal key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), "some IO tag we don't know")
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Internal)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("unknown IO tag, signed with allowed critical key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), "some IO tag we don't know")
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Critical)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("IO tag internal defined, signed with unknown key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagInternal.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Request)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("IO tag internal defined, signed with allowed critical key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagInternal.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Critical)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("IO tag critical defined, signed with unknown key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagCritical.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Request)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("IO tag critical defined, signed with allowed internal key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagCritical.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Internal)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
}
|
|
|
|
func TestQoSService_Internal(t *testing.T) {
|
|
t.Parallel()
|
|
s, pk := testQoSServicePrepare(t)
|
|
t.Run("IO tag internal defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagInternal.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagInternal.String(), tag)
|
|
})
|
|
t.Run("IO tag internal defined, signed with allowed internal key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagInternal.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Internal)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagInternal.String(), tag)
|
|
})
|
|
t.Run("no IO tag defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := s.AdjustIncomingTag(context.Background(), pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagInternal.String(), tag)
|
|
})
|
|
t.Run("no IO tag defined, signed with allowed internal key", func(t *testing.T) {
|
|
ctx := s.AdjustIncomingTag(context.Background(), pk.Internal)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagInternal.String(), tag)
|
|
})
|
|
}
|
|
|
|
func TestQoSService_Critical(t *testing.T) {
|
|
t.Parallel()
|
|
s, pk := testQoSServicePrepare(t)
|
|
t.Run("IO tag critical defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagCritical.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagCritical.String(), tag)
|
|
})
|
|
t.Run("IO tag critical defined, signed with allowed critical key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagCritical.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.Critical)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagCritical.String(), tag)
|
|
})
|
|
}
|
|
|
|
func TestQoSService_NetmapGetError(t *testing.T) {
|
|
t.Parallel()
|
|
s, pk := testQoSServicePrepare(t)
|
|
s.netmapSource = &utilTesting.TestNetmapSource{}
|
|
t.Run("IO tag internal defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagInternal.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("IO tag critical defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), qos.IOTagCritical.String())
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("no IO tag defined, signed with netmap key", func(t *testing.T) {
|
|
ctx := s.AdjustIncomingTag(context.Background(), pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
t.Run("unknown IO tag, signed with netmap key", func(t *testing.T) {
|
|
ctx := tagging.ContextWithIOTag(context.Background(), "some IO tag we don't know")
|
|
ctx = s.AdjustIncomingTag(ctx, pk.NetmapNode)
|
|
tag, ok := tagging.IOTagFromContext(ctx)
|
|
require.True(t, ok)
|
|
require.Equal(t, qos.IOTagClient.String(), tag)
|
|
})
|
|
}
|
|
|
|
func testQoSServicePrepare(t *testing.T) (*cfgQoSService, *testQoSServicePublicKeys) {
|
|
nmSigner, err := keys.NewPrivateKey()
|
|
require.NoError(t, err)
|
|
|
|
reqSigner, err := keys.NewPrivateKey()
|
|
require.NoError(t, err)
|
|
|
|
allowedCritSigner, err := keys.NewPrivateKey()
|
|
require.NoError(t, err)
|
|
|
|
allowedIntSigner, err := keys.NewPrivateKey()
|
|
require.NoError(t, err)
|
|
|
|
var node netmap.NodeInfo
|
|
node.SetPublicKey(nmSigner.PublicKey().Bytes())
|
|
nm := &netmap.NetMap{}
|
|
nm.SetEpoch(100)
|
|
nm.SetNodes([]netmap.NodeInfo{node})
|
|
|
|
return &cfgQoSService{
|
|
logger: test.NewLogger(t),
|
|
netmapSource: &utilTesting.TestNetmapSource{
|
|
Netmaps: map[uint64]*netmap.NetMap{
|
|
100: nm,
|
|
},
|
|
CurrentEpoch: 100,
|
|
},
|
|
allowedCriticalPubs: [][]byte{
|
|
allowedCritSigner.PublicKey().Bytes(),
|
|
},
|
|
allowedInternalPubs: [][]byte{
|
|
allowedIntSigner.PublicKey().Bytes(),
|
|
},
|
|
},
|
|
&testQoSServicePublicKeys{
|
|
NetmapNode: nmSigner.PublicKey().Bytes(),
|
|
Request: reqSigner.PublicKey().Bytes(),
|
|
Internal: allowedIntSigner.PublicKey().Bytes(),
|
|
Critical: allowedCritSigner.PublicKey().Bytes(),
|
|
}
|
|
}
|
|
|
|
type testQoSServicePublicKeys struct {
|
|
NetmapNode []byte
|
|
Request []byte
|
|
Internal []byte
|
|
Critical []byte
|
|
}
|