[#539] Add context to errors

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-06-22 22:40:52 +03:00 committed by Kira
parent e1f1e6d960
commit 7ca519cb32
26 changed files with 111 additions and 102 deletions

View file

@ -178,7 +178,7 @@ func (c *center) Authenticate(r *http.Request) (*accessbox.Box, error) {
box, err := c.cli.GetBox(r.Context(), *addr)
if err != nil {
return nil, err
return nil, fmt.Errorf("get box: %w", err)
}
clonedRequest := cloneRequest(r, authHdr)
@ -220,7 +220,7 @@ func (c *center) checkFormData(r *http.Request) (*accessbox.Box, error) {
box, err := c.cli.GetBox(r.Context(), addr)
if err != nil {
return nil, err
return nil, fmt.Errorf("get box: %w", err)
}
secret := box.Gate.AccessKey
@ -340,12 +340,12 @@ func prepareForm(form *multipart.Form) error {
if len(v) > 0 {
field, err := v[0].Open()
if err != nil {
return err
return fmt.Errorf("file header open: %w", err)
}
data, err := io.ReadAll(field)
if err != nil {
return err
return fmt.Errorf("read field: %w", err)
}
form.Value[lowerKey] = []string{string(data)}
}

View file

@ -159,7 +159,7 @@ func (h *handler) bearerTokenIssuerKey(ctx context.Context) (*keys.PublicKey, er
key, err := keys.NewPublicKeyFromBytes(btoken.GetSignature().GetKey(), elliptic.P256())
if err != nil {
return nil, err
return nil, fmt.Errorf("public key from bytes: %w", err)
}
return key, nil
@ -186,7 +186,7 @@ func (h *handler) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
}
} else if err := xml.NewDecoder(r.Body).Decode(list); err != nil {
} else if err = xml.NewDecoder(r.Body).Decode(list); err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, errors.GetAPIError(errors.ErrMalformedXML))
return
}
@ -291,7 +291,7 @@ func (h *handler) PutObjectACLHandler(w http.ResponseWriter, r *http.Request) {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
}
} else if err := xml.NewDecoder(r.Body).Decode(list); err != nil {
} else if err = xml.NewDecoder(r.Body).Decode(list); err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, errors.GetAPIError(errors.ErrMalformedXML))
return
}
@ -399,7 +399,7 @@ func (h *handler) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Request)
}
bktPolicy := &bucketPolicy{Bucket: reqInfo.BucketName}
if err := json.NewDecoder(r.Body).Decode(bktPolicy); err != nil {
if err = json.NewDecoder(r.Body).Decode(bktPolicy); err != nil {
h.logAndSendError(w, "could not parse bucket policy", reqInfo, err)
return
}
@ -437,13 +437,13 @@ func parseACLHeaders(header http.Header, key *keys.PublicKey) (*AccessControlPol
}
if acp.AccessControlList, err = addGrantees(acp.AccessControlList, header, api.AmzGrantFullControl); err != nil {
return nil, err
return nil, fmt.Errorf("add grantees full control: %w", err)
}
if acp.AccessControlList, err = addGrantees(acp.AccessControlList, header, api.AmzGrantRead); err != nil {
return nil, err
return nil, fmt.Errorf("add grantees read: %w", err)
}
if acp.AccessControlList, err = addGrantees(acp.AccessControlList, header, api.AmzGrantWrite); err != nil {
return nil, err
return nil, fmt.Errorf("add grantees write: %w", err)
}
return acp, nil
@ -457,12 +457,12 @@ func addGrantees(list []*Grant, headers http.Header, hdr string) ([]*Grant, erro
permission, err := grantHdrToPermission(hdr)
if err != nil {
return nil, err
return nil, fmt.Errorf("parse header: %w", err)
}
grantees, err := parseGrantee(grant)
if err != nil {
return nil, err
return nil, fmt.Errorf("parse grantee: %w", err)
}
for _, grantee := range grantees {
@ -502,7 +502,7 @@ func parseGrantee(grantees string) ([]*Grantee, error) {
grantee, err := formGrantee(split2[0], split2[1])
if err != nil {
return nil, err
return nil, fmt.Errorf("form grantee: %w", err)
}
result = append(result, grantee)
}
@ -779,7 +779,7 @@ func astToTable(ast *ast) (*eacl.Table, error) {
for _, resource := range ast.Resources {
records, err := formRecords(resource.Operations, resource)
if err != nil {
return nil, err
return nil, fmt.Errorf("form records: %w", err)
}
for _, rec := range records {
table.AddRecord(rec)
@ -802,7 +802,7 @@ func formRecords(operations []*astOperation, resource *astResource) ([]*eacl.Rec
for _, user := range astOp.Users {
pk, err := keys.NewPublicKeyFromString(user)
if err != nil {
return nil, err
return nil, fmt.Errorf("public key from string: %w", err)
}
eacl.AddFormedTarget(record, eacl.RoleUser, (ecdsa.PublicKey)(*pk))
}
@ -811,7 +811,7 @@ func formRecords(operations []*astOperation, resource *astResource) ([]*eacl.Rec
if len(resource.Version) != 0 {
var id oid.ID
if err := id.DecodeString(resource.Version); err != nil {
return nil, err
return nil, fmt.Errorf("parse object version (oid): %w", err)
}
record.AddObjectIDFilter(eacl.MatchStringEqual, id)
}
@ -1256,7 +1256,7 @@ func bucketACLToTable(acp *AccessControlPolicy, resInfo *resourceInfo) (*eacl.Ta
ownerKey, err := keys.NewPublicKeyFromString(acp.Owner.ID)
if err != nil {
return nil, err
return nil, fmt.Errorf("public key from string: %w", err)
}
for _, grant := range acp.AccessControlList {
@ -1269,7 +1269,7 @@ func bucketACLToTable(acp *AccessControlPolicy, resInfo *resourceInfo) (*eacl.Ta
getRecord, err := getRecordFunction(grant.Grantee)
if err != nil {
return nil, err
return nil, fmt.Errorf("record func from grantee: %w", err)
}
for _, op := range permissionToOperations(grant.Permission) {
table.AddRecord(getRecord(op))

View file

@ -1,6 +1,7 @@
package handler
import (
"fmt"
"net/http"
"strconv"
"strings"
@ -176,7 +177,7 @@ func encodeToObjectAttributesResponse(info *data.ObjectInfo, p *GetObjectAttribu
case objectParts:
parts, err := formUploadAttributes(info, p.MaxParts, p.PartNumberMarker)
if err != nil {
return nil, err
return nil, fmt.Errorf("form upload attributes: %w", err)
}
if parts != nil {
resp.ObjectParts = parts
@ -210,7 +211,7 @@ func formUploadAttributes(info *data.ObjectInfo, maxParts, marker int) (*ObjectP
}
size, err := strconv.Atoi(nums[1])
if err != nil {
return nil, err
return nil, fmt.Errorf("parse part size: %w", err)
}
parts = append(parts, Part{PartNumber: num, Size: size})
}

View file

@ -5,6 +5,8 @@ import (
"strconv"
"strings"
"go.uber.org/zap"
"github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
@ -89,11 +91,13 @@ func (h *handler) AppendCORSHeaders(w http.ResponseWriter, r *http.Request) {
}
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
if err != nil {
h.log.Warn("get bucket info", zap.Error(err))
return
}
cors, err := h.obj.GetBucketCORS(r.Context(), bktInfo)
if err != nil {
h.log.Warn("get bucket cors", zap.Error(err))
return
}

View file

@ -258,7 +258,7 @@ func (h *handler) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Re
h.log.Error("couldn't delete objects", fields...)
}
if err := api.EncodeToResponse(w, response); err != nil {
if err = api.EncodeToResponse(w, response); err != nil {
h.logAndSendError(w, "could not write response", reqInfo, err, zap.Array("objects", marshaler))
return
}

View file

@ -182,7 +182,7 @@ func (h *handler) CreateMultipartUploadHandler(w http.ResponseWriter, r *http.Re
UploadID: info.Headers[layer.UploadIDAttributeName],
}
if err := api.EncodeToResponse(w, resp); err != nil {
if err = api.EncodeToResponse(w, resp); err != nil {
h.logAndSendError(w, "could not encode InitiateMultipartUploadResponse to response", reqInfo, err, additional...)
return
}
@ -360,7 +360,7 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
)
reqBody := new(CompleteMultipartUpload)
if err := xml.NewDecoder(r.Body).Decode(reqBody); err != nil {
if err = xml.NewDecoder(r.Body).Decode(reqBody); err != nil {
h.logAndSendError(w, "could not read complete multipart upload xml", reqInfo,
errors.GetAPIError(errors.ErrMalformedXML), additional...)
return
@ -599,7 +599,7 @@ func (h *handler) AbortMultipartUploadHandler(w http.ResponseWriter, r *http.Req
}
)
if err := h.obj.AbortMultipartUpload(r.Context(), p); err != nil {
if err = h.obj.AbortMultipartUpload(r.Context(), p); err != nil {
h.logAndSendError(w, "could not abort multipart upload", reqInfo, err, additional...)
return
}

View file

@ -3,6 +3,7 @@ package handler
import (
"context"
"encoding/xml"
"fmt"
"net/http"
"strings"
@ -153,7 +154,7 @@ func (h *handler) sendNotifications(ctx context.Context, p *SendNotificationPara
conf, err := h.obj.GetBucketNotificationConfiguration(ctx, p.BktInfo)
if err != nil {
return err
return fmt.Errorf("failed to get notification configuration: %w", err)
}
if conf.IsEmpty() {
return nil

View file

@ -113,7 +113,7 @@ func (p *policyCondition) UnmarshalJSON(data []byte) error {
)
if err := json.Unmarshal(data, &v); err != nil {
return err
return fmt.Errorf("unmarshal policy condition: %w", err)
}
switch v := v.(type) {
@ -487,7 +487,7 @@ func (h *handler) getNewEAclTable(r *http.Request, bktInfo *data.BucketInfo, obj
var newEaclTable *eacl.Table
key, err := h.bearerTokenIssuerKey(r.Context())
if err != nil {
return nil, err
return nil, fmt.Errorf("get bearer token issuer: %w", err)
}
objectACL, err := parseACLHeaders(r.Header, key)
if err != nil {

View file

@ -1,6 +1,9 @@
package handler
import "encoding/xml"
import (
"encoding/xml"
"fmt"
)
// ListBucketsResponse -- format for list buckets response.
type ListBucketsResponse struct {
@ -207,7 +210,7 @@ func (s StringMap) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
for _, t := range tokens {
if err := e.EncodeToken(t); err != nil {
return err
return fmt.Errorf("encode token: %w", err)
}
}

View file

@ -2,6 +2,7 @@ package layer
import (
"context"
"fmt"
"strconv"
"time"
@ -48,7 +49,7 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
if client.IsErrContainerNotFound(err) {
return nil, errors.GetAPIError(errors.ErrNoSuchBucket)
}
return nil, err
return nil, fmt.Errorf("get neofs container: %w", err)
}
info.Owner = *res.OwnerID()
@ -151,13 +152,13 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
AdditionalAttributes: attributes,
})
if err != nil {
return nil, err
return nil, fmt.Errorf("create container: %w", err)
}
bktInfo.CID = *idCnr
if err = n.setContainerEACLTable(ctx, bktInfo.CID, p.EACL, p.SessionEACL); err != nil {
return nil, err
return nil, fmt.Errorf("set container eacl: %w", err)
}
if err = n.bucketCache.Put(bktInfo); err != nil {

View file

@ -24,7 +24,7 @@ func (n *layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
)
if err := xml.NewDecoder(tee).Decode(cors); err != nil {
return err
return fmt.Errorf("xml decode cors: %w", err)
}
if cors.CORSRules == nil {
@ -44,12 +44,11 @@ func (n *layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
Size: int64(buf.Len()),
}
_, err := n.putSystemObjectIntoNeoFS(ctx, s)
if err != nil {
return err
if _, err := n.putSystemObjectIntoNeoFS(ctx, s); err != nil {
return fmt.Errorf("put system object: %w", err)
}
if err = n.systemCache.PutCORS(systemObjectKey(p.BktInfo, s.ObjName), cors); err != nil {
if err := n.systemCache.PutCORS(systemObjectKey(p.BktInfo, s.ObjName), cors); err != nil {
n.log.Error("couldn't cache system object", zap.Error(err))
}

View file

@ -340,7 +340,7 @@ func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwne
func (n *layer) GetBucketInfo(ctx context.Context, name string) (*data.BucketInfo, error) {
name, err := url.QueryUnescape(name)
if err != nil {
return nil, err
return nil, fmt.Errorf("unescape bucket name: %w", err)
}
if bktInfo := n.bucketCache.Get(name); bktInfo != nil {
@ -360,7 +360,7 @@ func (n *layer) GetBucketInfo(ctx context.Context, name string) (*data.BucketInf
func (n *layer) GetBucketACL(ctx context.Context, bktInfo *data.BucketInfo) (*BucketACL, error) {
eACL, err := n.GetContainerEACL(ctx, bktInfo.CID)
if err != nil {
return nil, err
return nil, fmt.Errorf("get container eacl: %w", err)
}
return &BucketACL{

View file

@ -422,8 +422,7 @@ func (n *layer) AbortMultipartUpload(ctx context.Context, p *UploadInfoParams) e
}
for _, info := range objects {
err := n.objectDelete(ctx, p.Bkt, info.ID)
if err != nil {
if err = n.objectDelete(ctx, p.Bkt, info.ID); err != nil {
return err
}
}

View file

@ -4,6 +4,7 @@ import (
"bytes"
"context"
"encoding/xml"
"fmt"
"github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data"
@ -20,7 +21,7 @@ type PutBucketNotificationConfigurationParams struct {
func (n *layer) PutBucketNotificationConfiguration(ctx context.Context, p *PutBucketNotificationConfigurationParams) error {
confXML, err := xml.Marshal(p.Configuration)
if err != nil {
return err
return fmt.Errorf("marshal notify configuration: %w", err)
}
s := &PutSystemObjectParams{
@ -68,7 +69,7 @@ func (n *layer) getNotificationConf(ctx context.Context, bkt *data.BucketInfo, s
conf := &data.NotificationConfiguration{}
if err = xml.Unmarshal(obj.Payload(), &conf); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal notify configuration: %w", err)
}
if err = n.systemCache.PutNotificationConfiguration(systemObjectKey(bkt, sysName), conf); err != nil {

View file

@ -568,7 +568,7 @@ func (n *layer) getAllObjectsVersions(ctx context.Context, bkt *data.BucketInfo,
if err != nil {
return nil, err
}
if err := n.listsCache.Put(cacheKey, ids); err != nil {
if err = n.listsCache.Put(cacheKey, ids); err != nil {
n.log.Error("couldn't cache list of objects", zap.Error(err))
}
}

View file

@ -108,7 +108,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject
attrs, err := n.attributesFromLock(ctx, p.Lock)
if err != nil {
return nil, err
return nil, fmt.Errorf("get lock attributes: %w", err)
}
prm.Attributes = append(prm.Attributes, attrs...)
@ -191,7 +191,7 @@ func (n *layer) getCORS(ctx context.Context, bkt *data.BucketInfo, sysName strin
cors := &data.CORSConfiguration{}
if err = xml.Unmarshal(obj.Payload(), &cors); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal cors: %w", err)
}
if err = n.systemCache.PutCORS(systemObjectKey(bkt, sysName), cors); err != nil {
@ -262,7 +262,7 @@ func (n *layer) GetBucketSettings(ctx context.Context, bktInfo *data.BucketInfo)
}
settings.IsNoneStatus = true
} else if err = json.Unmarshal(obj.Payload(), settings); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal settings: %w", err)
}
if err = n.systemCache.PutSettings(systemKey, settings); err != nil {
@ -308,7 +308,7 @@ func (n *layer) attributesFromLock(ctx context.Context, lock *data.ObjectLock) (
if !lock.Until.IsZero() {
_, exp, err := n.neoFS.TimeToEpoch(ctx, lock.Until)
if err != nil {
return nil, err
return nil, fmt.Errorf("fetch time to epoch: %w", err)
}
attrs := [][2]string{

View file

@ -115,12 +115,12 @@ func NewController(p *Options, l *zap.Logger) (*Controller, error) {
nc, err := nats.Connect(p.URL, ncopts...)
if err != nil {
return nil, err
return nil, fmt.Errorf("connect to nats: %w", err)
}
js, err := nc.JetStream()
if err != nil {
return nil, err
return nil, fmt.Errorf("get jet stream: %w", err)
}
return &Controller{
@ -141,7 +141,7 @@ func (c *Controller) Subscribe(ctx context.Context, topic string, handler layer.
c.mu.RUnlock()
if _, err := c.jsClient.AddStream(&nats.StreamConfig{Name: topic}); err != nil {
return err
return fmt.Errorf("add stream: %w", err)
}
if _, err := c.jsClient.ChanSubscribe(topic, ch); err != nil {

View file

@ -44,9 +44,9 @@ func (r *BucketResolver) Resolve(ctx context.Context, name string) (*cid.ID, err
if r.next != nil {
return r.next.Resolve(ctx, name)
}
return nil, err
return nil, fmt.Errorf("failed resolve: %w", err)
}
return cnrID, err
return cnrID, nil
}
func NewResolver(order []string, cfg *Config) (*BucketResolver, error) {
@ -56,7 +56,7 @@ func NewResolver(order []string, cfg *Config) (*BucketResolver, error) {
bucketResolver, err := newResolver(order[len(order)-1], cfg, nil)
if err != nil {
return nil, err
return nil, fmt.Errorf("create resolver: %w", err)
}
for i := len(order) - 2; i >= 0; i-- {
@ -65,7 +65,7 @@ func NewResolver(order []string, cfg *Config) (*BucketResolver, error) {
bucketResolver, err = newResolver(resolverName, cfg, next)
if err != nil {
return nil, err
return nil, fmt.Errorf("create resolver: %w", err)
}
}

View file

@ -192,9 +192,9 @@ func EncodeToResponse(w http.ResponseWriter, response interface{}) error {
w.WriteHeader(http.StatusOK)
if _, err := w.Write(xmlHeader); err != nil {
return err
return fmt.Errorf("write headers: %w", err)
} else if err = xml.NewEncoder(w).Encode(response); err != nil {
return err
return fmt.Errorf("encode xml response: %w", err)
}
return nil

View file

@ -189,7 +189,7 @@ func preparePolicy(policy ContainerPolicies) ([]*accessbox.AccessBox_ContainerPo
for locationConstraint, placementPolicy := range policy {
parsedPolicy, err := checkPolicy(placementPolicy)
if err != nil {
return nil, err
return nil, fmt.Errorf("check placement policy: %w", err)
}
result = append(result, &accessbox.AccessBox_ContainerPolicy{
@ -211,22 +211,22 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
policies, err := preparePolicy(options.ContainerPolicies)
if err != nil {
return err
return fmt.Errorf("prepare policies: %w", err)
}
lifetime.Iat, lifetime.Exp, err = a.neoFS.TimeToEpoch(ctx, time.Now().Add(options.Lifetime))
if err != nil {
return err
return fmt.Errorf("fetch time to epoch: %w", err)
}
gatesData, err := createTokens(options, lifetime)
if err != nil {
return err
return fmt.Errorf("create tokens: %w", err)
}
box, secrets, err := accessbox.PackTokens(gatesData)
if err != nil {
return err
return fmt.Errorf("pack tokens: %w", err)
}
box.ContainerPolicy = policies
@ -239,7 +239,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
zap.String("placement_policy", options.Container.PlacementPolicy))
id, err := a.checkContainer(ctx, options.Container, idOwner)
if err != nil {
return err
return fmt.Errorf("check container: %w", err)
}
a.log.Info("store bearer token into NeoFS",
@ -283,7 +283,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
defer file.Close()
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
profileName, accessKeyID, secrets.AccessKey)); err != nil {
return err
return fmt.Errorf("fails to write to file: %w", err)
}
}
return nil
@ -369,7 +369,7 @@ func buildBearerTokens(key *keys.PrivateKey, table *eacl.Table, lifetime lifetim
for _, gateKey := range gatesKeys {
tkn, err := buildBearerToken(key, table, lifetime, gateKey)
if err != nil {
return nil, err
return nil, fmt.Errorf("build bearer token: %w", err)
}
bearerTokens = append(bearerTokens, tkn)
}
@ -400,7 +400,7 @@ func buildSessionTokens(key *keys.PrivateKey, lifetime lifetimeOptions, ctxs []s
for i, ctx := range ctxs {
tkn, err := buildSessionToken(key, lifetime, ctx, gateKey)
if err != nil {
return nil, err
return nil, fmt.Errorf("build session token: %w", err)
}
tkns[i] = tkn
}

View file

@ -25,7 +25,7 @@ func (c *sessionTokenContext) UnmarshalJSON(data []byte) (err error) {
var m sessionTokenModel
if err = json.Unmarshal(data, &m); err != nil {
return err
return fmt.Errorf("unmarshal session token context: %w", err)
}
switch m.Verb {

View file

@ -101,7 +101,7 @@ func prepare() (context.Context, *zap.Logger) {
}
if log, err = zapConfig.Build(); err != nil {
panic(err)
panic(fmt.Errorf("create logger: %w", err))
}
return ctx, log
@ -414,14 +414,14 @@ It will be ceil rounded to the nearest amount of epoch.`,
signer := v4.NewSigner(sess.Config.Credentials)
req, err := http.NewRequest(strings.ToUpper(methodFlag), fmt.Sprintf("%s/%s/%s", endpointFlag, bucketFlag, objectFlag), nil)
if err != nil {
return err
return fmt.Errorf("failed to create new request: %w", err)
}
date := time.Now().UTC()
req.Header.Set(api.AmzDate, date.Format("20060102T150405Z"))
if _, err = signer.Presign(req, nil, "s3", *sess.Config.Region, lifetimeFlag, date); err != nil {
return err
return fmt.Errorf("presign: %w", err)
}
res := &struct{ URL string }{
@ -447,7 +447,7 @@ func parsePolicies(val string) (authmate.ContainerPolicies, error) {
var policies authmate.ContainerPolicies
if err = json.Unmarshal(data, &policies); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal policies: %w", err)
}
if _, ok := policies[api.DefaultLocationConstraint]; ok {
return nil, fmt.Errorf("config overrides %s location constraint", api.DefaultLocationConstraint)
@ -591,11 +591,11 @@ func createNeoFS(ctx context.Context, log *zap.Logger, key *ecdsa.PrivateKey, pe
p, err := pool.NewPool(prm)
if err != nil {
return nil, err
return nil, fmt.Errorf("create pool: %w", err)
}
if err = p.Dial(ctx); err != nil {
return nil, err
return nil, fmt.Errorf("dial pool: %w", err)
}
return neofs.NewAuthmateNeoFS(p), nil

View file

@ -99,7 +99,7 @@ func PackTokens(gatesData []*GateData) (*AccessBox, *Secrets, error) {
box := &AccessBox{}
ephemeralKey, err := keys.NewPrivateKey()
if err != nil {
return nil, nil, err
return nil, nil, fmt.Errorf("create ephemeral key: %w", err)
}
box.OwnerPublicKey = ephemeralKey.PublicKey().Bytes()
@ -143,7 +143,7 @@ func (x *AccessBox) GetPlacementPolicy() ([]*ContainerPolicy, error) {
for _, policy := range x.ContainerPolicy {
var cnrPolicy ContainerPolicy
if err := cnrPolicy.Policy.Unmarshal(policy.Policy); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal placement policy: %w", err)
}
cnrPolicy.LocationConstraint = policy.LocationConstraint
@ -158,12 +158,12 @@ func (x *AccessBox) GetPlacementPolicy() ([]*ContainerPolicy, error) {
func (x *AccessBox) GetBox(owner *keys.PrivateKey) (*Box, error) {
tokens, err := x.GetTokens(owner)
if err != nil {
return nil, err
return nil, fmt.Errorf("get tokens: %w", err)
}
policy, err := x.GetPlacementPolicy()
if err != nil {
return nil, err
return nil, fmt.Errorf("get policy: %w", err)
}
return &Box{
@ -187,7 +187,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
boxGate, err := encodeGate(ephemeralKey, gate.GateKey, tokens)
if err != nil {
return err
return fmt.Errorf("encode gate: %w", err)
}
x.Gates = append(x.Gates, boxGate)
}
@ -197,12 +197,12 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
func encodeGate(ephemeralKey *keys.PrivateKey, ownerKey *keys.PublicKey, tokens *Tokens) (*AccessBox_Gate, error) {
data, err := proto.Marshal(tokens)
if err != nil {
return nil, err
return nil, fmt.Errorf("encode tokens: %w", err)
}
encrypted, err := encrypt(ephemeralKey, ownerKey, data)
if err != nil {
return nil, err
return nil, fmt.Errorf("ecrypt tokens: %w", err)
}
gate := new(AccessBox_Gate)
@ -214,23 +214,23 @@ func encodeGate(ephemeralKey *keys.PrivateKey, ownerKey *keys.PublicKey, tokens
func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.PublicKey) (*GateData, error) {
data, err := decrypt(owner, sender, gate.Tokens)
if err != nil {
return nil, err
return nil, fmt.Errorf("decrypt tokens: %w", err)
}
tokens := new(Tokens)
if err := proto.Unmarshal(data, tokens); err != nil {
return nil, err
if err = proto.Unmarshal(data, tokens); err != nil {
return nil, fmt.Errorf("unmarshal tokens: %w", err)
}
var bearerTkn bearer.Token
if err = bearerTkn.Unmarshal(tokens.BearerToken); err != nil {
return nil, err
return nil, fmt.Errorf("unmarshal bearer token: %w", err)
}
sessionTkns := make([]*session.Container, len(tokens.SessionTokens))
for i, encSessionToken := range tokens.SessionTokens {
sessionTkn := new(session.Container)
if err := sessionTkn.Unmarshal(encSessionToken); err != nil {
return nil, err
if err = sessionTkn.Unmarshal(encSessionToken); err != nil {
return nil, fmt.Errorf("unmarshal session token: %w", err)
}
sessionTkns[i] = sessionTkn
}
@ -268,12 +268,12 @@ func deriveKey(secret []byte) ([]byte, error) {
func encrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) {
enc, err := getCipher(owner, sender)
if err != nil {
return nil, err
return nil, fmt.Errorf("get chiper: %w", err)
}
nonce := make([]byte, enc.NonceSize(), enc.NonceSize()+len(data)+enc.Overhead())
if _, err := rand.Read(nonce); err != nil {
return nil, err
if _, err = rand.Read(nonce); err != nil {
return nil, fmt.Errorf("generate random nonce: %w", err)
}
return enc.Seal(nonce, nonce, data, nil), nil
@ -282,7 +282,7 @@ func encrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byt
func decrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) {
dec, err := getCipher(owner, sender)
if err != nil {
return nil, err
return nil, fmt.Errorf("get chiper: %w", err)
}
if ld, ns := len(data), dec.NonceSize(); ld < ns {
@ -296,12 +296,12 @@ func decrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byt
func getCipher(owner *keys.PrivateKey, sender *keys.PublicKey) (cipher.AEAD, error) {
secret, err := generateShared256(owner, sender)
if err != nil {
return nil, err
return nil, fmt.Errorf("generate shared key: %w", err)
}
key, err := deriveKey(secret)
if err != nil {
return nil, err
return nil, fmt.Errorf("derive key: %w", err)
}
return chacha20poly1305.NewX(key)

View file

@ -87,16 +87,16 @@ func (c *cred) GetBox(ctx context.Context, addr oid.Address) (*accessbox.Box, er
box, err := c.getAccessBox(ctx, addr)
if err != nil {
return nil, err
return nil, fmt.Errorf("get access box: %w", err)
}
cachedBox, err = box.GetBox(c.key)
if err != nil {
return nil, err
return nil, fmt.Errorf("get box: %w", err)
}
if err = c.cache.Put(addr, cachedBox); err != nil {
return nil, err
return nil, fmt.Errorf("put box into cache: %w", err)
}
return cachedBox, nil
@ -111,7 +111,7 @@ func (c *cred) getAccessBox(ctx context.Context, addr oid.Address) (*accessbox.A
// decode access box
var box accessbox.AccessBox
if err = box.Unmarshal(data); err != nil {
return nil, err
return nil, fmt.Errorf("unmarhal access box: %w", err)
}
return &box, nil
@ -125,7 +125,7 @@ func (c *cred) Put(ctx context.Context, idCnr cid.ID, issuer user.ID, box *acces
}
data, err := box.Marshal()
if err != nil {
return nil, err
return nil, fmt.Errorf("marshall box: %w", err)
}
idObj, err := c.neoFS.CreateObject(ctx, PrmObjectCreate{
@ -136,7 +136,7 @@ func (c *cred) Put(ctx context.Context, idCnr cid.ID, issuer user.ID, box *acces
Payload: data,
})
if err != nil {
return nil, err
return nil, fmt.Errorf("create object: %w", err)
}
var addr oid.Address

View file

@ -132,7 +132,7 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat
// environment without hh disabling feature will ignore this attribute
// environment with hh disabling feature will set disabling = true if network config says so
if hhDisabled, err := isHomomorphicHashDisabled(ctx, x.pool); err != nil {
return nil, err
return nil, fmt.Errorf("check homomorphic hash enabled: %w", err)
} else if hhDisabled {
cnrOptions = append(cnrOptions, container.WithAttribute(
"__NEOFS__DISABLE_HOMOMORPHIC_HASHING", "true"))
@ -583,7 +583,7 @@ func (x *AuthmateNeoFS) CreateObject(ctx context.Context, prm tokens.PrmObjectCr
func isHomomorphicHashDisabled(ctx context.Context, p *pool.Pool) (bool, error) {
ni, err := p.NetworkInfo(ctx)
if err != nil {
return false, err
return false, fmt.Errorf("network info: %w", err)
}
// FIXME(@cthulhu-rider): parameter format hasn't been fixed in the protocol yet,

View file

@ -28,7 +28,7 @@ func GetKeyFromPath(walletPath, addrStr string, password *string) (*keys.Private
}
w, err := wallet.NewWalletFromFile(walletPath)
if err != nil {
return nil, err
return nil, fmt.Errorf("parse wallet: %w", err)
}
var addr util.Uint160