forked from TrueCloudLab/frostfs-node
1deb3f3d01
In previous implementation wrapper over the Container contract's client accepted the signature of the eACL table in addition to itself. After recent changes in API Go lib table carries its signature. Thus, it is redundant to pass the eACL table signature separately. Make `wrapper.PutEACL` method to accept `eacl.Table` only. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
93 lines
2.3 KiB
Go
93 lines
2.3 KiB
Go
package wrapper
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg"
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
|
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
|
client "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
|
|
)
|
|
|
|
// GetEACL reads the extended ACL table from NeoFS system
|
|
// through Container contract call.
|
|
func (w *Wrapper) GetEACL(cid *cid.ID) (*eacl.Table, error) {
|
|
if cid == nil {
|
|
return nil, errNilArgument
|
|
}
|
|
|
|
args := client.EACLArgs{}
|
|
|
|
v2 := cid.ToV2()
|
|
if v2 == nil {
|
|
return nil, errUnsupported // use other major version if there any
|
|
}
|
|
|
|
args.SetCID(v2.GetValue())
|
|
|
|
rpcAnswer, err := w.client.EACL(args)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Client may not return errors if the table is missing, so check this case additionally.
|
|
// The absence of a signature in the response can be taken as an eACL absence criterion,
|
|
// since unsigned table cannot be approved in the storage by design.
|
|
sig := rpcAnswer.Signature()
|
|
if len(sig) == 0 {
|
|
return nil, container.ErrEACLNotFound
|
|
}
|
|
|
|
tableSignature := pkg.NewSignature()
|
|
tableSignature.SetKey(rpcAnswer.PublicKey())
|
|
tableSignature.SetSign(sig)
|
|
|
|
table := eacl.NewTable()
|
|
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
|
|
// use other major version if there any
|
|
return nil, err
|
|
}
|
|
|
|
table.SetSignature(tableSignature)
|
|
|
|
return table, nil
|
|
}
|
|
|
|
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
|
|
// along with sig.Key() and sig.Sign().
|
|
//
|
|
// Returns error if table is nil.
|
|
//
|
|
// If TryNotary is provided, calls notary contract.
|
|
func PutEACL(w *Wrapper, table *eacl.Table) error {
|
|
if table == nil {
|
|
return errNilArgument
|
|
}
|
|
|
|
data, err := table.Marshal()
|
|
if err != nil {
|
|
return fmt.Errorf("can't marshal eacl table: %w", err)
|
|
}
|
|
|
|
sig := table.Signature()
|
|
|
|
return w.PutEACL(data, sig.Key(), sig.Sign())
|
|
}
|
|
|
|
// PutEACL saves binary eACL table with its key and signature
|
|
// in NeoFS system through Container contract call.
|
|
//
|
|
// Returns any error encountered that caused the saving to interrupt.
|
|
func (w *Wrapper) PutEACL(table, key, sig []byte) error {
|
|
if len(sig) == 0 || len(key) == 0 {
|
|
return errNilArgument
|
|
}
|
|
|
|
args := client.SetEACLArgs{}
|
|
args.SetSignature(sig)
|
|
args.SetPublicKey(key)
|
|
args.SetEACL(table)
|
|
|
|
return w.client.SetEACL(args)
|
|
}
|