There is a need to process public keys of the placement result.
Implement `Node.PublicKey` method which returns storage node's key announced
in netmap.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation `placement.Traverser.Next` method returned slice
of `network.AddressGroup` elements. There is a need to process keys of
storage nodes besides network addresses for intra-container communication.
Wrap `network.AddressGroup` in a new type `placement.Node` that summarizes
the storage node information required for communication. Return slice of
`Node` instances from `Traverser.Next` method. Fix compilation breaks in
dependent packages.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
IDs come from NeoFS contract in big endian, but it is customary to write in
the node logs in little endian.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Shard should try to read object headers from write-cache if it is enabled.
Extend `writecache.Cache` interface with `Head` method. Call the method in
`Shard.Head` if `Shard.hasWriteCache` returns true.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Write cache should be able to execute HEAD operations according to spec.
Add simple implementation of `Head` method through the `Get` one. Leave
notes for future optimization.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Caching is performed inside `GetNativeContractHash` method of neo-go client,
so the additional cache level is redundant.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is no need to continue iterating over Neo RPC endpoints in case of
some address-independent error (e.g. NeoFS logic error).
Unwrap and immediately return `neofsError` errors from loop in
`iterateClients`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `error` interface on new `neofsError` type which is a wrapper over
NeoFS-specific error. Wrap all `Client` errors except neo-go client API ones
into `neofsError`. Wrapped errors are going to be used for multi-endpoint
loop control.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Since morph `Client` works in multi-client mode, there is an error case when
we can not get network magic when all endpoints are unavailable.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to work with a set of Neo RPC nodes in order not to depend
on the failure of some nodes while others are active.
Support "multi-client" mode of morph `Client` entity. If instance is not
"multi-client", it works as before. Constructor `New` creates multi-client,
and each method performs iterating over the fixed set of endpoints until
success. Opened client connections are cached (without eviction for now).
Storage (as earlier) and IR (from now) nodes can be configured with multiple
Neo endpoints. As above, `New` creates multi-client instance, so we don't
need initialization changes on app-side.
`Wait` and `GetDesignateHash` methods of `Client` return an error from now
to detect connection errors. `NotaryEnabled` method is removed as unused.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
As soon as resulting list and cache operate with the attribute pointer,
we can add attribute structure immediately and set restored key and
value of the attribute later.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Attributes are linked to each other through parents, so they can
be returned in any order. However, it will be better to return
the list in consistent order to reduce entropy.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Parser should reuse existing attributes from the cache to update list
of the parent links in it. Parent links should be unique.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
In previous implementation Container service handlers didn't cache the
results of `Get` / `GetEACL` / `List` operations. As a consequence of this,
high load on the service caused neo-go client's connection errors. To avoid
this there is a need to use cache. Object service already uses `Get` and
`GetEACL` caches.
Implement cache of `List` results. Share already implemented cache of Object
service with the Container one. Provide new instance of read-only container
storage (defined as an interface)to morph executor's constructor on which
container service is based. Write operations remained unchanged.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation of Policer's job queue the same list of objects for
processing was selected at each iteration. This was caused by consistent
return of `engine.List` function.
Use `rand.Shuffle` function to compose pseudo-random list of all objects in
order to approximately evenly distribute objects to work.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
To encode attributes with semicolon or slash, use
backslash as escaped character.
Example:
User-Agent:NeoFS\/0.23
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Do not init caches for eACL, containers and netmap
if `disable_cache` config options is `true`, use
direct RPC calls instead.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Do not read `without_notary` config value from env.
Make morph client constructor return client without
notary support. Enabling notary support should be done
with public `EnableNotarySupport` method separately.
Notary availability is deducted with client. Further,
if notary is presented on chain its support is
enabled at the corresponding client.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Add `MkdirAllX` function that wraps `os.MkdirAll`
and adds `x` permission for user and group.
This is used to make all created dirs openable
for user and group regardless of the read config
permissions.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
When Inner Ring node starts, it should sync nearest epoch tick
event based on the block of the latest epoch. Otherwise epoch
ticking can be stopped, because ballots or notary transactions
are valid for limited period of time.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Get innerring list and committee in innerring
indexer from interfaces, not from structs.
Passing IR fetcher to indexer constructor depends
on having Notary contract in sidechain(use NeoFS
role or netmap contract).
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Add `IrFetcherWithNotary` and `IrFetcherWithoutNotary`
that can fetch IR keys with and without usage of
notary contract.
Both can be hidden behind
`InnerRingKeys() (keys.PublicKeys, error)` interface.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Add initialization of `updateInnerRing` method name
in config on startup.
Rename var `setInnerRing` => `updateInnerRing`.
Rename method `SetInnerRing` => `UpdateInnerRing`
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
We should go through every key in main chain list to merget lists
as fast as possible. Previously we drop main chain traversing as
soon as we have no more new keys to add. Instead we should try
to go for old keys in the list and add it as more as we can.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Add sorting of passed public keys in `newAlphabetList`
function before Alphabet list merge to make returned
results more expected.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
If `WITHOUT_MAINNET` environmental variable is
`true`:
- Do not read `NeoFS` and `processing`
script-hashes from envs;
- Do not init Governance processor;
- Do not init NeoFS processor.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Storage node should only reflect container Put requests to sidechain w/o any
validation. All verification steps are performed by IR.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Container can have version later than the current lib version, and it should
not be considered as invalid. But it should still have adequate version.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Create `version` package and implement `IsValid` function which checks if
version is not earlier than the genesis one.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Audit client is used to send audit results and they should be
signed by inner ring node itself on order to be saved in
smart contract.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Add `netmapCandidates` method to `netmap` client
wrapper. Method parses node storages candidates
for the next epoch.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Changes:
* replace `iotuil` elements with the ones from `os` package;
* replace `os.Filemode` with `fs.FileMode`;
* use `signal.NotifyContext` instead of `NewGracefulContext` (removed).
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Netmap service to return single network address on `LocalNodeInfo` RPC
in order to older clients.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `sort.Interface` interface on `AddressGroup` and perform sorting
in `AddressGroup.FromIterator` method. Addresses with enabled TLS are "less"
in terms of slice position.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to support multiple server endpoints for reputation and
container transmission.
Replace `ServerInfo.Address` getter with `ServerInfo.IterateAddresses`
iterator.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In future server info will contain multiple endpoints whose string
representation will be worse suited to the cache key.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In future server info will contain multiple endpoints whose string
representation will be worse suited to the cache key.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make placement `Traverser.Next` method to return ``[]network.AddressGroup`
in order to support multiple addresses of the storeage nodes.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Object Head service to work with `AddressGroup` instead of `Address`
in order to support multiple addresses of the storage node.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Object Search service to work with `AddressGroup` instead of `Address`
in order to support multiple addresses of the storage node.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Object Get service to work with `AddressGroup` instead of `Address` in
order to support multiple addresses of the storage node.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make Object Put service to work with `AddressGroup` instead of `Address` in
order to support multiple addresses of the storage node.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `LocalAddressSource.LocalAddress` method to return `AddressGroup`. Make
`IsLocalAddress` function to accept parameter of type `AddressGroup`. Adopt
the application code with temporary `GroupFromAddress` helper.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Change type of the `ClientCache.Get` method's parameter to `AddressGroup`.
Use `GroupFromAddress` to call the method from the wrappers in order to no
change their interface.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add group-address `Client` implementation. Return instances of this
implementation from `ClientCache.Get` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to generalize single-address client to group-address client.
To do this, we can re-implement `Client` interface from NeoFS API Go library
and still use it in the application code. There is a problem with method
`Raw` which must return single-address raw client. So as not to make changes
to API library we need to overload Client interface in order to support
`Raw` method in group-address client implementation.
Define `Client` interface in new `pkg/core/client` package. Completely
inherit API `Client` interface. Add `RawForAddress` method to build raw
client for the single node address. Adopt the application code that used Raw
method to work with new `Client`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `network.AddressGroup` type which represents group of network
addresses. This type is going to be used to support group-address of the
storage node.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Values of object attributes must not be empty according to NeoFS
specification.
Make `FormatValidator.Validate` method to return an error if at least one
attribute has empty value.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Keys of object attributes must be unique according to NeoFS specification.
Make `FormatValidator.Validate` method to return an error if at least one
attribute is duplicated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add `CompositeValidator` that wraps
`netmap.NodeValidator`s and implements
`NodeValidator` interface itself.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Validation checks:
1. if address can be parsed by network package;
2. if address contains correct amount of protocols;
3. if address's protocols are in correct order.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
The only thing we need hashes for is to process notifications.
Balance contract if left for now, as it has some initialization.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
`network.Address` structure in most cases created once and used read-only.
Replace `AddressFromString` function with `Address.FromString` method with
the same purpose and implementation. Make all libraries to work with value.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `Address.WriteToNodeInfo` method which sets address of `NodeInfo`
structure. Use it in storage node application.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Remove `Encapsulate`, `Decapsulate` and `IPAddrString` methods of `Address`
since they are used in unit tests only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Return tyype is clear from the method's signature and docs, there is no
point in reflecting it in the name.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Panic if internal `manet.DialArgs` call returns error since this is
unexpected according to `AddressFromString` implementation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Add sanity checks of GlobalTrust value:
check if "got manager" is real manager for
peer with building managers for peer.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Test invocations are used in `Invoke` method to calculate
consumed gas. We can check return code and return error
if panic happened in contract.
This is already done the same way in `TestInvoke` method.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Serve `ControlService` instance on configured endpoint (do not serve if not
specified). Read allowed keys from config.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Set health status to
* `UNDEFINED` during Server construction;
* `STARTING` on `Server.Start` call;
* `READY` after successful `Server.Start` call;
* `SHUTTING_DOWN` on `Server.Stop` call.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `ControlServiceServer` on `Server` type. The `Server` requires all
requests to be signed with keys from the so-called whitelist. To obtain
health status, it uses the abstraction in the form of `HealthChecker`
interface.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `ControlService` for IR similar to the one from storage node. Add
`HealthStatus` RPC which returns health status of the IR application.
Implement getters, setters and methods to sign/verify the messages.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.
Cover `Validator.VerifyAndUpdate` method with unit tests.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
NeoFS network dictates the limitation of the maximum size of the "finished"
objects. The payload size of an object is recorded in its header. When
writing finished objects, the nodes must check:
* satisfying the constraint;
* matching the value in the header to the number of payload bytes.
Provide value returned by `MaxSizeSource` component to `validatingTarget`.
Check max size value during the stream of the "finished" objects. Check
header value during the streaming and on-close. Check payload size in v2
relay scenario.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.
Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:
* NBF value is gt the current epoch;
* IAT is gt the current epoch;
* EXP is le the current epoch.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Pass `TryNotary()` option to constructor of the static client of the NeoFS
ID contract in `NewFromMorph`. This will allow to use client wrapper for key
management in IR application.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Morph event structures defined in `pkg/morph/event` should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side. Change `Bind.User` / `Unbind.User` to
return byte slice. Change `Bind.Keys` / `Unbind.Keys` to return `[][]byte`.
`ParseBind` / `ParseUnbind` don't decode data from now.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement method `ClientWrapper.ManageKeys` method which provides the
interface to add/remove keys to/from NeoFS account.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `AddKeys` / `RemoveKeys` methods to call `addKey` / `removeKey`
methods of NeoFS ID contract.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement wrapper over NeoFS contact's client which allows you to
conveniently interact with the contract. Implement `ManageKeys` method
for binding or unbinding public keys to the NeoFS account.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement NeoFS contact's client which is responsible for collecting call
arguments and parsing stack items. Initially key binding and unbinding are
supported.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Update API Go library with introduce `Client.Conn` method. Implement
`ClientCache.CloseAll` method which reads and closes connections of all
cached clients.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `owner.ID.Equal` signature was
implemented.
Replace the comparison of string representations with `Equal` method call
and remove related TODOs.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In recent change of API Go library `Token.Verify` signature was implemented.
Replace previous version-casting approach with new method call in token
signature check stage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers
Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:
- token owner should be the owner of the related container;
- the intent must be signed with a session key;
- the power of attorney must be signed by the owner of the container.
Omitted checks (TBD):
- session token should have container session context;
- the verb of the context should correspond to the operation.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is no TLS protocol support in
`go-multiaddr` library, but there is
public function that can register any
protocol that can be implemented outside
the library. Also `TLSEnabled` function
for parsing TLS protocol from
`network.Address` was added.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
`bindKey` parameter of `Put` method of `Container` contract was removed in
latest version.
Do not pass bind key of type `[]byte` to `Put` invocation. Remove no longer
needed field from `PutArgs`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
If container is removed via session, then session token should be included
in removal witness.
Write session token from request meta header to `container.RemovalWitness`
structure which is passed to `wrapper.Delete` function.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved removed container ID should be stored in sidechain along with
related session token.
Forward session token from `Delete` event to `Wrapper.Delete` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Delete` method of latest `Container` contract accepts binary session token
as an argument.
Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
The 3rd item of `Delete` container notification event is a byte array of
serialized session token. Parse session token in `ParseDelete` function.
Provide `Delete.SessionToken` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
NeoFS containers can be removed within a trusted session. There is a need to
take this into account during removal inspection.
Define `SessionToken` / `SetSessionToken` methods on `RemovalWitness` struct
in order to embed `session.Token` to it.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `wrapper.Delete` function to accept `container.RemovalWitness` struct
instead of its separated elements. `Signature` type is replaced by binary
signature since public key is unused.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Define `RemovalWitness` structure which groups the information required to
prove and verify the removal of a container. This type is going to be used
in container Delete-related methods.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Unmarshal session token from `EACLValues` and write it to resulting
`eacl.Table` structure in `Wrapper.GetEACL` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`EACL` method of `Container` contract returns binary session token, key and
signature along with eACL table.
Provide `Signature`, `PublicKey` and `SessionToken` getters from
`EACLValues` structure. Parse and set all values in `Client.EACL` methods.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved eACL table should be stored in sidechain along with related session
token.
Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
The 4th item of `SetEACL` container notification event is a byte array of
serialized session token.
Parse session token in `ParseSetEACL` function. Provide
`SetEACL.SessionToken` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
If eACL table is set via session, then session token should be written to
it.
Write session token from request meta header to `eacl.Table` structure which
is passed to `wrapper.PutEACL` function.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Rename `PutContext` to `ContextWithToken` and implement its constructor as a
separate function in order to reuse it in other RPCs.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.
Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Unmarshal session token from `GetValues` and write it to resulting
`Container` structure in `Wrapper.Get` method. Write key-signature pair from
`GetValues` to resulting `Container` structure in `Wrapper.Get` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Get` method of `Container` contract returns binary session token, key and
signature along with container.
Provide `Signature`, `PublicKey` and `SessionToken` getters from `GetValues`
structure. Parse and set all values in `Client.Get` methods.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Approved container should be stored in sidechain along with related session
token.
Forward session token from `Put` event to `Wrapper.Put` method.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>