In previous implementation `Config.Sub` method could lead to the violation
of the internal `path` slice because of `append`. This has been observed on
deeply nested subsections.
Fix `Config.Sub` to copy internal slice in order to prevent violations.
Cover problem case in test config files and unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Dedicated type `LoggerSection` turned out to be redundant since it doesn't
do a hidden logic and just uses `config.Config` API.
Remove `LoggerSection` type and implement `Level` which do the same.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation ENV values were read only if config filepath is
specified. From now ENVs are always read to `Config`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In some cases viper doesn't interpret `section.value` as a subsection with
`section` name, but value is value still can be accessed through full
pathname.
Fix `Config.Sub` method implementation in order to always interpret
configuration like described above as a subsection. From now method never
returns nil, therefore an additional check has been removed from the `Value`
method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Create `logger` sub-package of `config` package. Implement `LoggerSection`
type of logger sub-section. Add `Level` method to read logger level config
value. Default level is `info`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Create `config` package nearby storage node application. Implement `Config`
as a wrapper over `viper.Viper` that provides the minimum functionality
required by the application.
The constructor allows you to read the config from the file. Methods are
provided for reading subsections and values from the config tree. Helper
functions are implemented to cast a value to native Go types.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Update API Go library with introduce `Client.Conn` method. Implement
`ClientCache.CloseAll` method which reads and closes connections of all
cached clients.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Container sessions allow to perform some operations on behalf of another
user. There is a need to to attach session tokens to commands.
Add `session` flag to `put`, `delete` and `set-eacl` commands from
`container` section. It should be a path to the JSON-encoded session token.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `owner.ID.Equal` signature was
implemented.
Replace the comparison of string representations with `Equal` method call
and remove related TODOs.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `Token.Verify` signature was implemented.
Replace previous version-casting approach with new method call in token
signature check stage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers
Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement function `fatalOnErrDetails` similar to `fatalOnErr` but accepting
string details that are written to log output. Use the function everywhere
in application code without wrapping in an if-else statement.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:
- token owner should be the owner of the related container;
- the intent must be signed with a session key;
- the power of attorney must be signed by the owner of the container.
Omitted checks (TBD):
- session token should have container session context;
- the verb of the context should correspond to the operation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is no TLS protocol support in
`go-multiaddr` library, but there is
public function that can register any
protocol that can be implemented outside
the library. Also `TLSEnabled` function
for parsing TLS protocol from
`network.Address` was added.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
