forked from TrueCloudLab/frostfs-node
[#32] Use pkg/core interfaces to fetch container and netmap
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
parent
ad36a2cd8f
commit
f6904db84f
3 changed files with 24 additions and 35 deletions
BIN
go.sum
BIN
go.sum
Binary file not shown.
|
|
@ -3,27 +3,18 @@ package acl
|
|||
import (
|
||||
"context"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/container"
|
||||
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type (
|
||||
// ContainerGetter accesses NeoFS container storage.
|
||||
// fixme: use core.container interface implementation
|
||||
ContainerGetter interface {
|
||||
Get(*refs.ContainerID) (*container.Container, error)
|
||||
}
|
||||
|
||||
Classifier interface {
|
||||
Classify(RequestV2, *refs.ContainerID) acl.Role
|
||||
}
|
||||
|
||||
// BasicChecker checks basic ACL rules.
|
||||
BasicChecker struct {
|
||||
containers ContainerGetter
|
||||
containers container.Source
|
||||
sender SenderClassifier
|
||||
next object.Service
|
||||
}
|
||||
|
|
@ -62,7 +53,7 @@ var (
|
|||
// NewBasicChecker is a constructor for basic ACL checker of object requests.
|
||||
func NewBasicChecker(
|
||||
c SenderClassifier,
|
||||
cnr ContainerGetter,
|
||||
cnr container.Source,
|
||||
next object.Service) BasicChecker {
|
||||
|
||||
return BasicChecker{
|
||||
|
|
@ -247,8 +238,12 @@ func (b BasicChecker) findRequestInfo(
|
|||
cid *refs.ContainerID,
|
||||
op acl.Operation) (info requestInfo, err error) {
|
||||
|
||||
// container.Source interface implemented with SDK's definitions,
|
||||
// so we have to convert id there.
|
||||
containerID := containerSDK.NewIDFromV2(cid)
|
||||
|
||||
// fetch actual container
|
||||
cnr, err := b.containers.Get(cid)
|
||||
cnr, err := b.containers.Get(containerID)
|
||||
if err != nil || cnr.GetOwnerID() == nil {
|
||||
return info, ErrUnknownContainer
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,23 +4,18 @@ import (
|
|||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
|
||||
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
|
||||
sdk "github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/container"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type (
|
||||
// fixme: use core.netmap interface implementation
|
||||
NetmapFetcher interface {
|
||||
Current() (netmap.Netmap, error)
|
||||
Previous(int) (netmap.Netmap, error)
|
||||
}
|
||||
|
||||
InnerRingFetcher interface {
|
||||
InnerRingKeys() ([][]byte, error)
|
||||
}
|
||||
|
|
@ -32,12 +27,11 @@ type (
|
|||
|
||||
SenderClassifier struct {
|
||||
innerRing InnerRingFetcher
|
||||
netmap NetmapFetcher
|
||||
netmap core.Source
|
||||
}
|
||||
)
|
||||
|
||||
// fixme: update classifier constructor
|
||||
func NewSenderClassifier(ir InnerRingFetcher, nm NetmapFetcher) SenderClassifier {
|
||||
func NewSenderClassifier(ir InnerRingFetcher, nm core.Source) SenderClassifier {
|
||||
return SenderClassifier{
|
||||
innerRing: ir,
|
||||
netmap: nm,
|
||||
|
|
@ -120,16 +114,16 @@ func requestOwner(req RequestV2) (*refs.OwnerID, *ecdsa.PublicKey, error) {
|
|||
}
|
||||
|
||||
key := crypto.UnmarshalPublicKey(bodySignature.GetKey())
|
||||
neo3wallet, err := sdk.NEO3WalletFromPublicKey(key)
|
||||
neo3wallet, err := owner.NEO3WalletFromPublicKey(key)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "can't create neo3 wallet")
|
||||
}
|
||||
|
||||
// form owner from public key
|
||||
owner := new(refs.OwnerID)
|
||||
owner.SetValue(neo3wallet.Bytes())
|
||||
// form user from public key
|
||||
user := new(refs.OwnerID)
|
||||
user.SetValue(neo3wallet.Bytes())
|
||||
|
||||
return owner, key, nil
|
||||
return user, key, nil
|
||||
}
|
||||
|
||||
func originalBodySignature(v *session.RequestVerificationHeader) *refs.Signature {
|
||||
|
|
@ -165,7 +159,7 @@ func (c SenderClassifier) isContainerKey(
|
|||
cnr *container.Container) (bool, error) {
|
||||
|
||||
// first check current netmap
|
||||
nm, err := c.netmap.Current()
|
||||
nm, err := core.GetLatestNetworkMap(c.netmap)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
|
@ -179,7 +173,7 @@ func (c SenderClassifier) isContainerKey(
|
|||
|
||||
// then check previous netmap, this can happen in-between epoch change
|
||||
// when node migrates data from last epoch container
|
||||
nm, err = c.netmap.Previous(1)
|
||||
nm, err = core.GetPreviousNetworkMap(c.netmap)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
|
@ -188,7 +182,7 @@ func (c SenderClassifier) isContainerKey(
|
|||
}
|
||||
|
||||
func lookupKeyInContainer(
|
||||
nm netmap.Netmap,
|
||||
nm *netmap.Netmap,
|
||||
owner, cid []byte,
|
||||
cnr *container.Container) (bool, error) {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue