package layer import ( "bytes" "context" "crypto/rand" "crypto/sha256" "errors" "fmt" "io" "time" v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container" objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object" oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" ) type FeatureSettingsMock struct { clientCut bool md5Enabled bool } func (k *FeatureSettingsMock) BufferMaxSizeForPut() uint64 { return 0 } func (k *FeatureSettingsMock) ClientCut() bool { return k.clientCut } func (k *FeatureSettingsMock) SetClientCut(clientCut bool) { k.clientCut = clientCut } func (k *FeatureSettingsMock) MD5Enabled() bool { return k.md5Enabled } func (k *FeatureSettingsMock) SetMD5Enabled(md5Enabled bool) { k.md5Enabled = md5Enabled } func (k *FeatureSettingsMock) FormContainerZone(ns string) (zone string, isDefault bool) { if ns == "" { return v2container.SysAttributeZoneDefault, true } return ns + ".ns", false } type TestFrostFS struct { FrostFS objects map[string]*object.Object objectErrors map[string]error objectPutErrors map[string]error containers map[string]*container.Container eaclTables map[string]*eacl.Table currentEpoch uint64 key *keys.PrivateKey } func NewTestFrostFS(key *keys.PrivateKey) *TestFrostFS { return &TestFrostFS{ objects: make(map[string]*object.Object), objectErrors: make(map[string]error), objectPutErrors: make(map[string]error), containers: make(map[string]*container.Container), eaclTables: make(map[string]*eacl.Table), key: key, } } func (t *TestFrostFS) CurrentEpoch() uint64 { return t.currentEpoch } func (t *TestFrostFS) SetObjectError(addr oid.Address, err error) { if err == nil { delete(t.objectErrors, addr.EncodeToString()) } else { t.objectErrors[addr.EncodeToString()] = err } } func (t *TestFrostFS) SetObjectPutError(fileName string, err error) { if err == nil { delete(t.objectPutErrors, fileName) } else { t.objectPutErrors[fileName] = err } } func (t *TestFrostFS) Objects() []*object.Object { res := make([]*object.Object, 0, len(t.objects)) for _, obj := range t.objects { res = append(res, obj) } return res } func (t *TestFrostFS) ObjectExists(objID oid.ID) bool { for _, obj := range t.objects { if id, _ := obj.ID(); id.Equals(objID) { return true } } return false } func (t *TestFrostFS) AddObject(key string, obj *object.Object) { t.objects[key] = obj } func (t *TestFrostFS) ContainerID(name string) (cid.ID, error) { for id, cnr := range t.containers { if container.Name(*cnr) == name { var cnrID cid.ID return cnrID, cnrID.DecodeString(id) } } return cid.ID{}, fmt.Errorf("not found") } func (t *TestFrostFS) SetContainer(cnrID cid.ID, cnr *container.Container) { t.containers[cnrID.EncodeToString()] = cnr } func (t *TestFrostFS) CreateContainer(_ context.Context, prm PrmContainerCreate) (*ContainerCreateResult, error) { var cnr container.Container cnr.Init() cnr.SetOwner(prm.Creator) cnr.SetPlacementPolicy(prm.Policy) cnr.SetBasicACL(prm.BasicACL) creationTime := prm.CreationTime if creationTime.IsZero() { creationTime = time.Now() } container.SetCreationTime(&cnr, creationTime) if prm.Name != "" { var d container.Domain d.SetName(prm.Name) d.SetZone(prm.Zone) container.WriteDomain(&cnr, d) container.SetName(&cnr, prm.Name) } for i := range prm.AdditionalAttributes { cnr.SetAttribute(prm.AdditionalAttributes[i][0], prm.AdditionalAttributes[i][1]) } b := make([]byte, 32) if _, err := io.ReadFull(rand.Reader, b); err != nil { return nil, err } var id cid.ID id.SetSHA256(sha256.Sum256(b)) t.containers[id.EncodeToString()] = &cnr return &ContainerCreateResult{ContainerID: id}, nil } func (t *TestFrostFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container) error { delete(t.containers, cnrID.EncodeToString()) return nil } func (t *TestFrostFS) Container(_ context.Context, prm PrmContainer) (*container.Container, error) { for k, v := range t.containers { if k == prm.ContainerID.EncodeToString() { return v, nil } } return nil, fmt.Errorf("container not found %s", prm.ContainerID) } func (t *TestFrostFS) UserContainers(context.Context, PrmUserContainers) ([]cid.ID, error) { var res []cid.ID for k := range t.containers { var idCnr cid.ID if err := idCnr.DecodeString(k); err != nil { return nil, err } res = append(res, idCnr) } return res, nil } func (t *TestFrostFS) ReadObject(ctx context.Context, prm PrmObjectRead) (*ObjectPart, error) { var addr oid.Address addr.SetContainer(prm.Container) addr.SetObject(prm.Object) sAddr := addr.EncodeToString() if err := t.objectErrors[sAddr]; err != nil { return nil, err } if obj, ok := t.objects[sAddr]; ok { owner := getBearerOwner(ctx) if !t.checkAccess(prm.Container, owner, eacl.OperationGet) { return nil, ErrAccessDenied } payload := obj.Payload() if prm.PayloadRange[0]+prm.PayloadRange[1] > 0 { off := prm.PayloadRange[0] payload = payload[off : off+prm.PayloadRange[1]] } return &ObjectPart{ Head: obj, Payload: io.NopCloser(bytes.NewReader(payload)), }, nil } return nil, fmt.Errorf("%w: %s", &apistatus.ObjectNotFound{}, addr) } func (t *TestFrostFS) CreateObject(_ context.Context, prm PrmObjectCreate) (oid.ID, error) { b := make([]byte, 32) if _, err := io.ReadFull(rand.Reader, b); err != nil { return oid.ID{}, err } var id oid.ID id.SetSHA256(sha256.Sum256(b)) attrs := make([]object.Attribute, 0) if err := t.objectPutErrors[prm.Filepath]; err != nil { return oid.ID{}, err } if prm.Filepath != "" { a := object.NewAttribute() a.SetKey(object.AttributeFilePath) a.SetValue(prm.Filepath) attrs = append(attrs, *a) } if prm.ClientCut { a := object.NewAttribute() a.SetKey("s3-client-cut") a.SetValue("true") attrs = append(attrs, *a) } for i := range prm.Attributes { a := object.NewAttribute() a.SetKey(prm.Attributes[i][0]) a.SetValue(prm.Attributes[i][1]) attrs = append(attrs, *a) } var owner user.ID user.IDFromKey(&owner, t.key.PrivateKey.PublicKey) obj := object.New() obj.SetContainerID(prm.Container) obj.SetID(id) obj.SetPayloadSize(prm.PayloadSize) obj.SetAttributes(attrs...) obj.SetCreationEpoch(t.currentEpoch) obj.SetOwnerID(owner) t.currentEpoch++ if len(prm.Locks) > 0 { lock := new(object.Lock) lock.WriteMembers(prm.Locks) objectv2.WriteLock(obj.ToV2(), (objectv2.Lock)(*lock)) } if prm.Payload != nil { all, err := io.ReadAll(prm.Payload) if err != nil { return oid.ID{}, err } obj.SetPayload(all) obj.SetPayloadSize(uint64(len(all))) var hash checksum.Checksum checksum.Calculate(&hash, checksum.SHA256, all) obj.SetPayloadChecksum(hash) } cnrID, _ := obj.ContainerID() objID, _ := obj.ID() addr := newAddress(cnrID, objID) t.objects[addr.EncodeToString()] = obj return objID, nil } func (t *TestFrostFS) DeleteObject(ctx context.Context, prm PrmObjectDelete) error { var addr oid.Address addr.SetContainer(prm.Container) addr.SetObject(prm.Object) if err := t.objectErrors[addr.EncodeToString()]; err != nil { return err } if _, ok := t.objects[addr.EncodeToString()]; ok { owner := getBearerOwner(ctx) if !t.checkAccess(prm.Container, owner, eacl.OperationDelete) { return ErrAccessDenied } delete(t.objects, addr.EncodeToString()) } return nil } func (t *TestFrostFS) TimeToEpoch(_ context.Context, now, futureTime time.Time) (uint64, uint64, error) { return t.currentEpoch, t.currentEpoch + uint64(futureTime.Sub(now).Seconds()), nil } func (t *TestFrostFS) AllObjects(cnrID cid.ID) []oid.ID { result := make([]oid.ID, 0, len(t.objects)) for _, val := range t.objects { objCnrID, _ := val.ContainerID() objObjID, _ := val.ID() if cnrID.Equals(objCnrID) { result = append(result, objObjID) } } return result } func (t *TestFrostFS) SetContainerEACL(_ context.Context, table eacl.Table, _ *session.Container) error { cnrID, ok := table.CID() if !ok { return errors.New("invalid cid") } if _, ok = t.containers[cnrID.EncodeToString()]; !ok { return errors.New("not found") } t.eaclTables[cnrID.EncodeToString()] = &table return nil } func (t *TestFrostFS) ContainerEACL(_ context.Context, prm PrmContainerEACL) (*eacl.Table, error) { table, ok := t.eaclTables[prm.ContainerID.EncodeToString()] if !ok { return nil, errors.New("not found") } return table, nil } func (t *TestFrostFS) checkAccess(cnrID cid.ID, owner user.ID, op eacl.Operation) bool { cnr, ok := t.containers[cnrID.EncodeToString()] if !ok { return false } if !cnr.BasicACL().Extendable() { return cnr.Owner().Equals(owner) } table, ok := t.eaclTables[cnrID.EncodeToString()] if !ok { return true } for _, rec := range table.Records() { if rec.Operation() == op && len(rec.Filters()) == 0 { for _, trgt := range rec.Targets() { if trgt.Role() == eacl.RoleOthers { return rec.Action() == eacl.ActionAllow } var targetOwner user.ID for _, pk := range eacl.TargetECDSAKeys(&trgt) { user.IDFromKey(&targetOwner, *pk) if targetOwner.Equals(owner) { return rec.Action() == eacl.ActionAllow } } } } } return true } func getBearerOwner(ctx context.Context) user.ID { if bd, err := middleware.GetBoxData(ctx); err == nil && bd.Gate.BearerToken != nil { return bearer.ResolveIssuer(*bd.Gate.BearerToken) } return user.ID{} }