From 22be532cbdb22a03e9319a479807443223149dd3 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Tue, 14 Mar 2023 13:31:30 +0300 Subject: [PATCH] object/put: Persist session token till the end of a session Previously a token could've expired in the middle of an object.PUT stream, leading to upload being interrupted. This is bad, because user doesn't always now what is the right values for the session token lifetime. More than that, setting it to a very high value will eventually blow up the session token database. In this commit we read the session token once and reuse it for the whole stream duration. Signed-off-by: Evgenii Stratonikov --- pkg/services/object/put/remote.go | 28 ++++++++++------------------ pkg/services/object/put/streamer.go | 6 +++++- 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/pkg/services/object/put/remote.go b/pkg/services/object/put/remote.go index 04fc0d7d..0f0dc355 100644 --- a/pkg/services/object/put/remote.go +++ b/pkg/services/object/put/remote.go @@ -2,6 +2,7 @@ package putsvc import ( "context" + "crypto/ecdsa" "fmt" clientcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client" @@ -17,7 +18,7 @@ import ( type remoteTarget struct { ctx context.Context - keyStorage *util.KeyStorage + privateKey *ecdsa.PrivateKey commonPrm *util.CommonPrm @@ -50,20 +51,6 @@ func (t *remoteTarget) WriteObject(obj *object.Object, _ objectcore.ContentMeta) } func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) { - var sessionInfo *util.SessionInfo - - if tok := t.commonPrm.SessionToken(); tok != nil { - sessionInfo = &util.SessionInfo{ - ID: tok.ID(), - Owner: tok.Issuer(), - } - } - - key, err := t.keyStorage.GetKey(sessionInfo) - if err != nil { - return nil, fmt.Errorf("(%T) could not receive private key: %w", t, err) - } - c, err := t.clientConstructor.Get(t.nodeInfo) if err != nil { return nil, fmt.Errorf("(%T) could not create SDK client %s: %w", t, t.nodeInfo, err) @@ -73,7 +60,7 @@ func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) { prm.SetContext(t.ctx) prm.SetClient(c) - prm.SetPrivateKey(key) + prm.SetPrivateKey(t.privateKey) prm.SetSessionToken(t.commonPrm.SessionToken()) prm.SetBearerToken(t.commonPrm.BearerToken()) prm.SetXHeaders(t.commonPrm.XHeaders()) @@ -116,13 +103,18 @@ func (p *RemotePutPrm) WithObject(v *object.Object) *RemotePutPrm { // PutObject sends object to remote node. func (s *RemoteSender) PutObject(ctx context.Context, p *RemotePutPrm) error { + key, err := s.keyStorage.GetKey(nil) + if err != nil { + return err + } + t := &remoteTarget{ ctx: ctx, - keyStorage: s.keyStorage, + privateKey: key, clientConstructor: s.clientConstructor, } - err := clientcore.NodeInfoFromRawNetmapElement(&t.nodeInfo, netmapCore.Node(p.node)) + err = clientcore.NodeInfoFromRawNetmapElement(&t.nodeInfo, netmapCore.Node(p.node)) if err != nil { return fmt.Errorf("parse client node info: %w", err) } diff --git a/pkg/services/object/put/streamer.go b/pkg/services/object/put/streamer.go index 1e27ef34..ae1a2f45 100644 --- a/pkg/services/object/put/streamer.go +++ b/pkg/services/object/put/streamer.go @@ -2,6 +2,7 @@ package putsvc import ( "context" + "crypto/ecdsa" "errors" "fmt" @@ -20,6 +21,8 @@ type Streamer struct { ctx context.Context + sessionKey *ecdsa.PrivateKey + target transformer.ObjectTarget relay func(client.NodeInfo, client.MultiAddressClient) error @@ -115,6 +118,7 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error { } } + p.sessionKey = sessionKey p.target = &validatingTarget{ fmt: p.fmtValidator, unpreparedObject: true, @@ -227,7 +231,7 @@ func (p *Streamer) newCommonTarget(prm *PutInitPrm) transformer.ObjectTarget { rt := &remoteTarget{ ctx: p.ctx, - keyStorage: p.keyStorage, + privateKey: p.sessionKey, commonPrm: prm.common, clientConstructor: p.clientConstructor, }