Commit graph

309 commits

Author SHA1 Message Date
Evgenii Stratonikov
c34cfa1f35 [#625] client/container: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
767ee5c0cd [#625] client/reputation: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
97d18bc515 [#625] client/netmap: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
8c5c3ac9e8 [#625] client/neofsid: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
8474abb911 [#625] client/neofs: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
6f50fefbea [#625] client/balance: remove intermediate wrapper
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-08 09:43:54 +03:00
Evgenii Stratonikov
476528361e [#1023] *: fix linter errors
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-01-31 13:01:58 +03:00
Leonard Lyubich
20b3ff84b3 [#1110] ir/container: Fix check of SetEACL operation
In previous implementation IR incorrectly verified `SetEACL` event of
`Container` contract. The incorrect behavior could be reproduced in two
ways:
  1. Create container using session, and perform `SetEACL` operation
  with a key that is different from the session one.
  2. Create container using session, and perform `SetEACL` w/o a
  session, but sign it using session key from the `Put` operation.

The problem was in the `checkSetEACL` validation method of IR container
processor. It always used session token used for container creation
during session ownership check.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-01-27 16:37:24 +03:00
Pavel Karpy
fee2f5a330 [#1100] *: Adopt new SDK's owner.ID API
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-01-21 17:58:30 +03:00
Evgenii Stratonikov
5828f43e52 [#851] util/rand: use single random source
It is much more convenient to skip source creation.
Also fix some bugs:
1. `cryptoSource.Int63()` now returns number in [0, 1<<63) as required
   by `rand.Source` interface.
2. Replace `cryptoSource.Uint63()` with `cryptoSource.Uint64` to allow
   generate uint64 numbers directly (see rand.Source64 docs).

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-01-12 19:29:27 +03:00
Leonard Lyubich
3d5eb2a396 [#1008] ir/netmap: Call Register method on peer approval
After https://github.com/nspcc-dev/neofs-contract/issues/154 alphabet
nodes should call `Register` method for approval of the notary
notifications spawned by `AddPeer` method.

Call `register` method for peer approval in Netmap processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-12-07 17:15:44 +03:00
Leonard Lyubich
973e50ad72 [#979] ir/subnet: Register parser and handler of RemoveNode event
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-12-01 19:27:16 +03:00
Leonard Lyubich
6f41cd86ed [#979] Upgrade SDK NeoFS Go dependency
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-12-01 17:31:04 +03:00
Pavel Karpy
1cee1b8f93 [#1002] ir: Add subnet check to the container Put process
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-12-01 16:26:15 +03:00
Pavel Karpy
5b8f195563 [#1000] ir/nodeValidators: Ignore zero subnet validation
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-12-01 12:27:35 +03:00
Pavel Karpy
a079a8f727 [#990] nodeValidators: Add subnet entrance validator
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-28 17:18:08 +03:00
Leonard Lyubich
41eaa1e246 [#973] ir: Listen and process Put/Delete events of Subnet contract
Define notification events, implement parsers. Add morph client of
Subnet contract. Listen, verify and approve events in Inner Ring app.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-11-28 16:15:18 +03:00
Pavel Karpy
214c2bd0cb [#987] ir: Add RemoveNode parser and handler
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-28 14:38:44 +03:00
Pavel Karpy
60e3ea978f [#971] *: Group all 3rd parties imports
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Pavel Karpy
ed4810a020 [#971] *: Add optional parameters to balance morph client calls
Adapt all balance wrapper calls to new
structures.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Pavel Karpy
dbf3a2f2fb [#971] *: Add optional parameters to container morph client calls
Adapt all container wrapper calls to new
structures.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Pavel Karpy
822d73fb02 [#971] *: Add notification TX hash to neofsid morph client calls
Add hash of the TX that generated notification
to neofsid event structures. Adapt all
neofsid wrapper calls to new structures.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Pavel Karpy
bad739258e [#971] *: Add notification TX hash to neofs/netmap morph client calls
Add hash of the TX that generated notification
to neofs/netmap event structures. Adapt all
neofs/netmap wrapper calls to new structures.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-11-19 09:58:03 +03:00
Alex Vanin
c9f2804885 [#976] innerring: Ignore non-HALT netmap.AddPeer notary invocations
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-11-18 09:57:16 +03:00
Evgenii Stratonikov
95893927aa *: replace neofs-api-go with neofs-sdk-go
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-11-12 17:29:09 +03:00
Leonard Lyubich
68565d9617 [#938] ir/netmap: Call AddPeer method if existing candidate was updated
In previous implementation IR handler of `AddPeer` notification didn't send
registration to contract if existing peer changed has changed its
information. as a consequence, the network map members could not update the
information without going into offline.

Change `processAddPeer` handler to check if
  * candidate in the network map is a brand new
  * or information about the network map member was changed
and call `AddPeer` method if so.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-11-10 18:05:30 +03:00
Alex Vanin
a437ffc3ed [#910] innerring: Make notary deposit on notification instead of timer
Timer is not suitable for notary deposits because it can never fire
in case of desynchronization or external epoch changes. Notary deposits
must be handled on new epoch event.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-11-02 11:28:02 +03:00
Leonard Lyubich
88e37ea372 [#946] ir: Refactor usage of NeoFS API client
The client needs of the IR application are very limited and rarely change.
Interface changes of the client library should not affect the operation of
various application packages, if they do not change their requirements for
the provided functionality. To localize the use of the base client and
facilitate further support, an auxiliary package is implemented that will
only be used by the IR application.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-11-01 11:41:57 +03:00
Leonard Lyubich
e0f0188466 [#907] container/put: Work with named containers
Add name and zone arguments to `Put` method of wrapper over the Container
contract client. Pass result of `container.GetNativeNameWithZone` function
to the method in `Put` helper function. Due to this, the storage node will
call the method depending on the presence of the container name in the
attributes.

Make IR to listen `putNamed` notification event. The event is processed like
`put` event, but with sanity check of the container attributes.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-10-18 11:54:34 +03:00
Pavel Karpy
96a65df32b [#873] innerring: Reuse atomic IR's epochDuration instead of RPC call
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-10-15 12:22:25 +03:00
Pavel Karpy
e5748bfc96 [#873] innerring/notary: Change notary deposit logic
IR tries to keep 1:3 proportion of GAS and
notary balances respectively. If that proportion
has been messed(means that notary balance is
lower than required) it sends half of its
GAS balance to the notary service.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-10-15 12:22:25 +03:00
Leonard Lyubich
e473f3ac91 [#645] *: Use helper functions to build client.NodeInfo structures
Helper functions from core/client package allow to set public keys of
storage nodes.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-30 20:57:00 +03:00
Alex Vanin
8aa290c8c3 [#627] processors/netmap: Read address of contract from client wrapper
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-30 18:02:58 +03:00
Leonard Lyubich
8fc1505351 [#627] ir: Read addresses of contracts from the client wrappers
After recent changes morph client wrappers provide contract address getter.
It can be used to compose notification parsers and handlers.

Use `ContractAddress` method in constructors of notification parsers and
handlers. Remove no longer used script hash parameters of event processors.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-30 14:47:04 +03:00
Alex Vanin
e558cdd9dd [#867] governance: Add more logs of the alphabet and inner ring lists
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-30 13:56:34 +03:00
Pavel Karpy
057d3ac06b [#846] innerring: Reuse original TX nonce from SN's NR
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-27 11:10:15 +03:00
Pavel Karpy
5702349cb2 [#846] innerring: Use epoch as nonce in cleanup netmap process
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-27 11:10:15 +03:00
Leonard Lyubich
264ab489bb [#848] ir/container: Prevent potential NPE in key conversion
Set `Curve` field in `ecdsa.PublicKey` instance from `keys.PublicKey` one in
`checkKeyOwnership` method of container processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-24 18:57:00 +03:00
Alex Vanin
dc26a09ec3 [#812] pkg/innerring: Support notary notifications in reputation processor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-13 14:51:07 +03:00
Pavel Karpy
b303e49408 [#815] morph/event/netmap: Add updateState notary notification support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-13 14:50:52 +03:00
Pavel Karpy
00caed8d3d [#815] morph/event/netmap: Add addPeer notary notification support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-13 14:50:52 +03:00
Pavel Karpy
ba77bb44e4 [#807] ir: Merge ContractProcessor and NotaryContractProcessor interfaces
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
539da27ccb [#807] morph/event/container: Add setEACL notary support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
e03b44ffc1 [#807] morph/event/container: Add delete notary support
Includes:
- `delete` container notary notification;
- refactor in processor bindings;
- fixed conflicts in `put` notifications.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
13f1273e82 [#770] ir/container: Support notary Put
Implement `NotaryContractProcessor` by IR
container processor. Add support for notary
`put` container operation. Do not parse `put`
non-notary notifications in notary enabled
environment.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
d252aa4a3e [#770] pkg/morph: Rename all parsers and handlers structs/interfaces
Prepare all listening structures for notary events:
rename(add prefix/suffix 'notification') all
notification specific handlers/parsers.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Leonard Lyubich
ba234699cd [#794] ir/neofs: Print tx IDs in LE on Withdraw and Deposit events
IDs come from NeoFS contract in big endian, but it is customary to write in
the node logs in little endian.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-06 18:11:38 +03:00
Leonard Lyubich
ad7ad12a0c [#746] morph: Implement and use multi-client
There is a need to work with a set of Neo RPC nodes in order not to depend
on the failure of some nodes while others are active.

Support "multi-client" mode of morph `Client` entity. If instance is not
"multi-client", it works as before. Constructor `New` creates multi-client,
and each method performs iterating over the fixed set of endpoints until
success. Opened client connections are cached (without eviction for now).

Storage (as earlier) and IR (from now) nodes can be configured with multiple
Neo endpoints. As above, `New` creates multi-client instance, so we don't
need initialization changes on app-side.

`Wait` and `GetDesignateHash` methods of `Client` return an error from now
to detect connection errors. `NotaryEnabled` method is removed as unused.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-02 11:04:38 +03:00
Pavel Karpy
dfbde0004e [#705] innerring/governance: Delete useless sort
Do not sort slice that is already sorted.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
c8d58d56b9 [#705] innerring/governance: Hide fetching ir keys behind interface
Add to governance processor IRFetcher interface.
Implementation must deduct if notary enabled or not.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
8ea5744326 [#705] pkg/morph/netmap: Fix updateInnerRing method
Add initialization of `updateInnerRing` method name
in config on startup.
Rename var `setInnerRing` => `updateInnerRing`.
Rename method `SetInnerRing` => `UpdateInnerRing`

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Alex Vanin
96da7ceb4f [#697] governance: Make best effort traversing main chain list of keys
We should go through every key in main chain list to merget lists
as fast as possible. Previously we drop main chain traversing as
soon as we have no more new keys to add. Instead we should try
to go for old keys in the list and add it as more as we can.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-15 10:49:21 +03:00
Pavel Karpy
c20eb15bd5 [#688] pkg/ir/governance: Add unsorted test case
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
bb3f16d487 [#688] pkg/ir/governance: Add public key sorting
Add sorting of passed public keys in `newAlphabetList`
function before Alphabet list merge to make returned
results more expected.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
361bff216a [#688] pkg/ir/governance: Check err type in tests
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
0bcc505682 [#668] pkg/audit: Skip audit for containers without SG
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-06 21:19:18 +03:00
Leonard Lyubich
43eff09944 [#607] *: Do not use deprecated elements of code
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
f7b42a1525 [#607] ir: Work with AddressGroup instead of single Address
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Pavel Karpy
48827f42d3 [#643] pkg: Sync method names and commentaries to them
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-24 16:10:44 +03:00
Pavel Karpy
8ddea8a5ee [#622] pkg/innerring: Change NodeValidator interface description
Make changes of the `NodeInfo` by implementations
of the `NodeValidator` interface optional.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
1cd0352bab [#622] pkg/innerring: Add composite validator
Add `CompositeValidator` that wraps
`netmap.NodeValidator`s and implements
`NodeValidator` interface itself.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
53b7e05b65 [#622] pkg/innerring: Add multiaddress validator
Add multiaddress validator that calls
`network.VerifyAddress`.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Evgenii Stratonikov
16e9e726ff [#496] morph/client: add wrapper for neofs contract
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
7cf0093012 [#496] pkg/innerring: remove unused processor parameters
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
8a2b7f4501 [#496] pkg/innerring: provide wrappers to processors
The only thing we need hashes for is to process notifications.
Balance contract if left for now, as it has some initialization.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Leonard Lyubich
adbbad0beb [#607] network: Do not work with Address pointers
`network.Address` structure in most cases created once and used read-only.

Replace `AddressFromString` function with `Address.FromString` method with
the same purpose and implementation. Make all libraries to work with value.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Pavel Karpy
68c7f6ce8a [#613] pkg/innerring/reputation: Add FIXME to ToV2 usage
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Pavel Karpy
ed9a5e44b6 [#613] pkg/innerring: Add sanity check of GlobalTrust
Add sanity checks of GlobalTrust value:
check if "got manager" is real manager for
peer with building managers for peer.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Evgenii Stratonikov
1553967328 [#562] cmd/neofs-ir: use NEP-6 wallet for keys
Also remove neofs-crypto uses from `pkg/innerring`.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Leonard Lyubich
68e85e4b33 [#412] ir/locode: Disallow explicit setting of LOCODE-derived attributes
Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.

Cover `Validator.VerifyAndUpdate` method with unit tests.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
75d6702d2e [#412] ir/locode: Fix docs of the VerifyAndUpdate method
`Validator.VerifyAndUpdate` method does not add location code attribute.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
2f38fef31a [#589] ir/container: Verify session token lifetime
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.

Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:

  * NBF value is gt the current epoch;
  * IAT is gt the current epoch;
  * EXP is le the current epoch.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 10:17:49 +03:00
Alex Vanin
e1ac2fe2e5 [#588] Fix go fmt linter errors
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-03 18:59:07 +03:00
Pavel Karpy
752efc6f8c [#584] pkg/innerring: Delete using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Pavel Karpy
057ebf9d51 [#584] pkg/innerring: Stop using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Leonard Lyubich
ed80f704d0 [#556] innerring/neofs: Process Bind/Unbind events
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
3e1463cc76 [#570] *: Use generator of test container IDs from API Go lib
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
3dd10b6795 [#570] *: Remove usage of deprecated elements from API Go library
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
70a7354e9d [#570] *: Use new Equal method of owner.ID type
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
9359f28161 [#525] ir/container: Compare owner IDs via Equal method
In recent change of API Go library `owner.ID.Equal` signature was
implemented.

Replace the comparison of string representations with `Equal` method call
and remove related TODOs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
937171911a [#525] ir/container: Simplify the approach to verify token signature
In recent change of API Go library `Token.Verify` signature was implemented.

Replace previous version-casting approach with new method call in token
signature check stage.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
23c5277014 [#525] ir/container: Check session verb and container ID
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers

Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
b73c0c67a2 [#525] ir/container: Fix checks without session token
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
ead4513feb [#525] ir/container: Verify operations with session token
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:

 - token owner should be the owner of the related container;
 - the intent must be signed with a session key;
 - the power of attorney must be signed by the owner of the container.

Omitted checks (TBD):

 - session token should have container session context;
 - the verb of the context should correspond to the operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 17:07:20 +03:00
Pavel Karpy
33bef46f31 [#549] network/cache: Change Get signature
Make network cache's `Get` method accept
`network.Address` argument instead of
string.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Leonard Lyubich
5a3a27ba9f [#525] ir/container: Remove no longer needed FIXME
In latest design of `Container` contract key binding is removed.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
e1fbc28851 [#525] ir/container: Remove resolved FIXME about notary call
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
40c796bd7e [#525] ir/container: Write session token on delete approval
Approved removed container ID should be stored in sidechain along with
related session token.

Forward session token from `Delete` event to `Wrapper.Delete` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
631d7b0e07 [#525] morph/container: Accept container session token in Delete
`Delete` method of latest `Container` contract accepts binary session token
as an argument.

Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
4ef369732a [#525] ir/container: Write session token on eACL table approval
Approved eACL table should be stored in sidechain along with related session
token.

Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
959610080a [#525] morph/container: Accept container session token in PutEACL
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.

Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
461fcfcf19 [#525] ir/container: Write session token on container approval
Approved container should be stored in sidechain along with related session
token.

Forward session token from `Put` event to `Wrapper.Put` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db67a117f0 [#525] morph/container: Accept container session token in Put
`Put` method of latest `Container` contract accepts binary session token as
an argument.

Provide `PutArgs.SetSessionToken` method. Accept session token as a `[]byte`
in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session token
from container in `wrapper.Put` function and pass it to the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
62281b91f4 [#505] morph/container: Rename PutEACLBinary to PutEACl in wrapper
There is no need to concretize the type of arguments in the method name.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
017fb6abed [#505] ir/container: Use client wrapper with enabled notary calls
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
ac2d347884 [#505] ir/container: Check key-to-owner mapping in key ownership check
Owner identifier can be calculated from public key. If it matches, no
additional verification of key ownership is required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
369c12b702 [#505] morph/container: Verify signature of deleting container ID
Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
83c27f6e8a [#505] morph/container: Change get container API
Make `Get` method of the wrapper over Container contract's client to
accept binary container ID. Create `Get` function similar to the previous
`Get` variation. Use this function in Container service server in the place
where `Get` method was used.

Additionally implement `AsContainerSource` function which allows
to simply compose container Source interface from the wrapper.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
6310535b3c [#505] ir/container: Check key ownership in Put container handler
Check if new container was signed by its owner, and otherwise prohibit
operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
5287c194e5 [#505] ir/container: Replace key ownership check into a separate method
Method of key ownership verification is going to be reused by the handlers
of the other events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
6239d5c0c7 [#505] ir/container: Verify signature in check of Put container event
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
ff715c8037 [#505] ir/container: Change the way to approve container delete event
Call `Delete` method on the wrapper over the Container contract's client
directly from `Processor.approveDeleteContainer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
24ad60e1c8 [#505] ir/container: Change the way to approve container put event
Call `Put` method on the wrapper over the Container contract's client
directly from `Processor.approvePutContainer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
9259ae640e [#505] ir/container: Slightly refactor Put and Delete handlers
Split up `processContainerPut` and `processContainerDelete` methods of
container `Processor` into two sub-methods: checking the event and its
assertion.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
a3ac294902 [#505] morph/container: Do not parse public key in Put event parser
Morph event structures defined in `pkg/morph/event`  should only carry
notification values without any additional interpretation. All logical work
should be concentrated on app-side.

Change data type of `Put.PublicKey` return to byte slice. `ParsePut` doesn't
unmarshal public key from now.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
a306eb9ce7 [#505] ir: Process set eACL notifications from Container contract
Add `setEACL` notification event parser (handler) to the return of the
`ListenerParsers` (`ListenerHandlers`) method. Read address of NeoFS ID
contract from `contracts.neofsid` config. Implement `NewNeoFSIDClient`
constructor in `invoke` package and use it in IR application.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
4949f4b064 [#505] ir/container: Refactor ListenerParsers and ListenerHandlers
Pre-allocate slices for a known number of elements. Use single `ParserInfo`
/ `HandlerInfo` variable in order to set Container contracts's address once
and change only values that differ between events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
372cba1fca [#505] ir/container: Check key ownership during set eACL handling
Use NeoFS ID contract client to check if public key from notification event
is tied to the owner of the container for which the eACL is being changed.
Approve changes coming from the owner of the container only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
b0271aa478 [#505] ir/container: Verify signature of binary eACL tables
Add signature check to `checkSetEACL` method of the `setEACL` notification
handler in Container processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
87d83174d9 [#505] ir/container: Implement simplified handling of SetEACL event
Implement `handleSetEACL` method similar to other handling methods in
Container processor. To begin with, the validation logic is skipped, and all
tables will be sent to the contract. In the future, the necessary checks
will be implemented. Listening for events in the IR node will also be added.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Evgenii Stratonikov
b52751e992 [#496] innerring/invoke: move wrapper structs to separate packages
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
ca0e3211be [#496] innerring/invoke: remove function wrappers
Use morph.Client directly.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 13:41:39 +03:00
Evgenii Stratonikov
2e31cd34e6 [#502] innerring: synchronize validators on mainnet alphabet update
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-25 11:10:01 +03:00
Evgenii Stratonikov
71b87155ef [#521] *: use stdlib errors package
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-05-19 16:42:54 +03:00
Alex Vanin
16f13bc0a5 [#522] Use HostAddrString as RPC endpoint instead of IPAddrString
To enable TLS support we can't operate with IP addresses directly.
Certificates are issued with host names so it is required to
pass them into RPC client. DNS resolving should be done by transport
layer and not be a part of node. Therefore `IPAddrString` usage is
removed from code.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-18 12:07:00 +03:00
Alex Vanin
d49bd4b94a Update neofs-api-go to v1.26.0
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-10 09:45:11 +03:00
Alex Vanin
f2562e8c47 [#486] innerring: Use fee provider and notary disabled flag in processors
Processors that use `invoke` package to make chain invocation should provide
fee config and client with enabled or disabled notary support. If notary
support is disabled, then functions from `invoke` package will perform
ordinary method invocation with extra fee.

Processors that use `morph/client` wrappers should check `notaryDisabled`
flag to call corresponding wrapper function.

Netmap processor omits some actions during validator syncronization
if notary is disabled.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-05 12:45:16 +03:00
Alex Vanin
c4f4381b13 [#486] morph/client: Separate container estimation functions
Inner ring should be able to invoke contract methods both notary
and non notary way.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-05-05 12:45:16 +03:00
Alex Vanin
0f01a69fd3 [#465] processor/neofs: Don't modify tx details
Mint, Burn and Cheque details should contain hash of
main net tx of Deposit and Withdraw invocation. They will
be formatted inside the contracts so alphabet nodes must
not modify them.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-04-08 17:01:00 +03:00
Alex Vanin
3e9c578e62 [#465] settlement: Use unified details format for all asset transfers
Unified format uses transfer type as the first byte
and extra details next. List of transfer types used in
contracts defined in `details.go`. It includes:
- audit settlement,
- basic income collection,
- basic income distribution.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-04-08 17:01:00 +03:00
Alex Vanin
0816f7b63b [#465] settlement/audit: Transfer audit fee to inner ring nodes
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-04-08 17:01:00 +03:00
Alex Vanin
27cf6f5112 [#452] Use API structures for reputation PeerID and GlobalTrust
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-04-06 10:35:20 +03:00
Alex Vanin
09e4479d44 [#452] innerring: Add reputation processor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-04-06 10:35:20 +03:00
Alex Vanin
3fe5962e92 [#447] innerring: Use governance processor in inner ring
Network map processors creates sync event once per epoch.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 12:38:42 +03:00
Alex Vanin
d0d1731af7 [#447] innerring: Define governance processor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 12:38:42 +03:00
Alex Vanin
999ad5e1c0 [#447] innerring: Do not handle or call InnerRingUpdate method
This method has been removed from netmap contract. Corresponding
event from neofs contract renamed to AlphabetUpdate and should not
be processed, because alphabet updated from `RoleManagement`
contract.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 12:38:42 +03:00
Alex Vanin
e05f1e1394 [#446] innerring: Use alphabet state in processors
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 11:53:10 +03:00
Alex Vanin
cd21641dfc [#446] innerring: Rename server.Index to server.InnerRingIndex
With different indexes for inner ring list and alphabet list this
is the better naming.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 11:53:10 +03:00
Alex Vanin
58119e6065 [#421] governance: Don't construct alphabet list with empty sidechain
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 10:16:48 +03:00
Alex Vanin
f4e39678f1 [#421] governance: Add list update functions for inner ring
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 10:16:48 +03:00
Alex Vanin
6339a115dc [#421] governance: Add new alphabet list constructor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-03-26 10:16:48 +03:00
Pavel Karpy
b9892edd6e [#416] innerring: Add gas threshold
On the `Deposit` events add gas balance check.
Make transfer only if the balance is greater
than the `GasTransferThreshold` that is defined
with environmental variable.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-03-19 13:57:58 +03:00
Leonard Lyubich
383d2494eb [#425] Adapt the Client's refactoring to the interface
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-03-17 15:00:37 +03:00
Evgenii Stratonikov
6679d59e89 [#422] pkg/services: Provide client options on cache creation
Because options are not used when client is already in cache
providing them to shared cache is misleading at best.
In the worst case `dial_timeout` is set randomly (because of race
condition) which can lead to one service having `dial_timeout` of
another. Thus we set default client creation options when cache is
created.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-03-15 14:07:53 +03:00
Evgenii Stratonikov
cc7287d6f7 [#422] pkg/services: Cache clients by address only
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-03-15 14:07:53 +03:00
Leonard Lyubich
bcfd33d9fb [#397] ir: Make UN-LOCODE attribute of the network map candidate optional
Previously UN-LOCODE attribute was required for each network map candidate.
In the absence of this attribute, the candidate was not allowed into the
network map. After revising the requirements for candidates, it was decided
not to require the mandatory installation of the attribute by candidates.

From now inner ring does not modify location attributes of the network map
candidate in the absence of UN-LOCODE attribute and does not block entry
into the network map for this criterion.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-25 14:36:11 +03:00
Leonard Lyubich
72935d0a80 [#392] ir: Upgrade to a dynamic number of alphabetical contracts
In previous implementation IR worked with exactly 7 alphabetic contracts
only. Actually number of contracts is limited to only the Glagolitic
alphabet.

Make IR to work with any valid number of alphabetic contracts. Change parser
of alphabetic contract addresses to read amount of processing contracts
before performance. Make Alphabet processor to use interface of the
alphabetic contract group. Use `alphabetContracts` type in IR `Server`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-24 19:16:52 +03:00
Leonard Lyubich
397c3b6757 [#392] ir: Remove bitsize from IR indices
There is no need to specify that IR indices are 32 bits in size.

Change return types of `Indexer` interface methods in audit and alphabet
packages. Support interface changes in `Server` implementation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-24 19:16:52 +03:00
Alex Vanin
0bb3836e84 [#383] innerring: Sort node info attributes
All node info attribute transformations can't guarantee
the order of attributes. However it should be consistent
otherwise smart-contract won't be able to collect signatures
and approve transaction.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-11 14:11:43 +03:00
Alex Vanin
058ab0e533 [#383] innerring: Marshal node info back after validation
Node info validator may change node attributes, e.g. update
it with human-readable location attributes based on LOCODE.
So inner ring node should provide new node info binary to
smart contract.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-11 14:11:43 +03:00
Leonard Lyubich
a737a46988 [#362] ir/netmap: Use const keys to node attributes from the API lib
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-11 14:01:35 +03:00
Leonard Lyubich
34248b00ed [#362] ir/netmap: Do not add LocationCode attribute to netmap candidate
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-11 14:01:35 +03:00
Leonard Lyubich
19681693f7 [#316] ir/netmap: Rename City node attributes
Rename `City`/`CityCode` attribute keys to `Location`/`LocationCode`
respectively.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-10 14:05:03 +03:00
Leonard Lyubich
0a87fec6c6 [#316] ir/netmap: Rename LOCODE attribute key
Rename key to LOCODE node attribute from `Locode` to `UN-LOCODE`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-10 14:05:03 +03:00
Leonard Lyubich
db703a5117 [#316] ir/netmap: Validate LOCODE attributes of network map candidates
Define a structure for dealing with the geographic location of nodes.
Implement VerifyAndUpdate (with the same purpose as NodeValidator interface)
that checks LOCODE attribute and fills other attributes of the location.
Technically the entity is a wrapper over the NeoFS location database: it
maps the node LOCODE to the database record from which the new attributes
are generated.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-10 14:05:03 +03:00
Leonard Lyubich
cbfaceb956 [#316] ir/netmap: Validate network map candidates in Netmap processor
Define NodeValidator interface of the entity that checks and finalizes
NodeInfo structure. Add NodeValidator to Netmap processor. Pass NodeInfo
structures of network map candidates to NodeValidator in order to verify it
and prepare to final state required by network.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-02-10 14:05:03 +03:00
Alex Vanin
3775d61ccb [#365] settlement/basic: Use big.Int constructor for unification
Check if `new(big.Int)` will be efficient later and replace
all `big.NewInt()` in code or leave it as it is.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-03 15:17:58 +03:00
Alex Vanin
6a9a2b5d04 [#365] settlement/basic: Remove TxTable from context
TxTable used twice in context to transfer assets to
and from banking account. There is no need to store
instance of table persistently.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-03 15:17:58 +03:00
Alex Vanin
d77d49bd2a [#365] Provide distribute income event in settlement processor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-03 15:17:58 +03:00
Alex Vanin
8e741a277d [#365] settlement/basic: Implement asset distribution
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-02-03 15:17:58 +03:00