From 6b6728356aa258ba8c2dab8156db7724c6e66550 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Tue, 17 Dec 2019 15:35:38 +0300 Subject: [PATCH 1/5] Container access control type definitions --- container/service.pb.go | 129 +++++++--- container/service.proto | 3 + container/types.go | 13 + container/types.pb.go | 519 ++++++++++++++++++++++++++++++++++++++-- container/types.proto | 14 ++ 5 files changed, 618 insertions(+), 60 deletions(-) diff --git a/container/service.pb.go b/container/service.pb.go index d9febc0..cac8764 100644 --- a/container/service.pb.go +++ b/container/service.pb.go @@ -38,6 +38,8 @@ type PutRequest struct { OwnerID OwnerID `protobuf:"bytes,3,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"` // Rules define storage policy for the object inside the container. Rules netmap.PlacementRule `protobuf:"bytes,4,opt,name=rules,proto3" json:"rules"` + // Container ACL. + Group AccessGroup `protobuf:"bytes,5,opt,name=Group,proto3" json:"Group"` // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"` // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) @@ -90,6 +92,13 @@ func (m *PutRequest) GetRules() netmap.PlacementRule { return netmap.PlacementRule{} } +func (m *PutRequest) GetGroup() AccessGroup { + if m != nil { + return m.Group + } + return AccessGroup{} +} + type PutResponse struct { // CID (container id) is a SHA256 hash of the container structure CID CID `protobuf:"bytes,1,opt,name=CID,proto3,customtype=CID" json:"CID"` @@ -382,43 +391,44 @@ func init() { func init() { proto.RegisterFile("container/service.proto", fileDescriptor_e1fa9d7ab2e7ae06) } var fileDescriptor_e1fa9d7ab2e7ae06 = []byte{ - // 562 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x54, 0xcd, 0x6e, 0xd3, 0x4c, - 0x14, 0xed, 0x34, 0xf9, 0xd2, 0xe6, 0xba, 0x1f, 0x3f, 0xa3, 0x86, 0x1a, 0x4b, 0x24, 0x91, 0x57, - 0x01, 0x11, 0x5b, 0x84, 0x4a, 0xb0, 0x41, 0x82, 0x24, 0x52, 0xa9, 0x44, 0x45, 0x64, 0x24, 0x16, - 0xec, 0x1c, 0xf7, 0x26, 0x58, 0x72, 0x6c, 0xe3, 0x19, 0x07, 0xe5, 0x4d, 0x78, 0x07, 0x24, 0xb6, - 0xf0, 0x08, 0x5d, 0x76, 0x89, 0x58, 0x44, 0x28, 0xac, 0x79, 0x07, 0xe4, 0xf1, 0xf8, 0x27, 0x69, - 0x81, 0x65, 0xc5, 0xc6, 0x9a, 0x39, 0xe7, 0x9e, 0x3b, 0xf7, 0xdc, 0xb9, 0x1e, 0x38, 0x70, 0x02, - 0x9f, 0xdb, 0xae, 0x8f, 0x91, 0xc9, 0x30, 0x9a, 0xbb, 0x0e, 0x1a, 0x61, 0x14, 0xf0, 0x80, 0xd6, - 0x73, 0x42, 0xa3, 0x92, 0x31, 0x67, 0xc8, 0xed, 0x94, 0xd6, 0xf6, 0x33, 0x6c, 0x8e, 0x91, 0x3b, - 0x59, 0x48, 0xb4, 0x51, 0x64, 0xe3, 0x8b, 0x10, 0x99, 0x84, 0xef, 0x4d, 0x5d, 0xfe, 0x36, 0x1e, - 0x1b, 0x4e, 0x30, 0x33, 0x7d, 0x16, 0x3a, 0x4e, 0xf7, 0x14, 0xe7, 0xa6, 0x8f, 0x7c, 0x66, 0x87, - 0x26, 0x43, 0x0f, 0x1d, 0x1e, 0x44, 0x32, 0xb6, 0x5b, 0x8a, 0x9d, 0x06, 0xd3, 0xc0, 0x14, 0xf0, - 0x38, 0x9e, 0x88, 0x9d, 0xd8, 0x88, 0x55, 0x1a, 0xae, 0x7f, 0xde, 0x06, 0x18, 0xc5, 0xdc, 0xc2, - 0x77, 0x31, 0x32, 0x4e, 0x4d, 0xa8, 0x9f, 0x20, 0x63, 0xf6, 0x14, 0x8f, 0x87, 0x2a, 0x69, 0x93, - 0xce, 0x5e, 0xff, 0xe6, 0xd9, 0xb2, 0xb5, 0xf5, 0x6d, 0xd9, 0x2a, 0x08, 0xab, 0x58, 0x52, 0x0d, - 0x76, 0x07, 0x76, 0x68, 0x3b, 0x2e, 0x5f, 0xa8, 0xdb, 0x6d, 0xd2, 0xa9, 0x5a, 0xf9, 0x9e, 0xde, - 0x85, 0x9d, 0x97, 0xef, 0x7d, 0x8c, 0x8e, 0x87, 0x6a, 0x45, 0xa4, 0xba, 0x2e, 0x53, 0x65, 0xb0, - 0x95, 0x2d, 0xe8, 0x03, 0xf8, 0x2f, 0x8a, 0x3d, 0x64, 0x6a, 0xb5, 0x4d, 0x3a, 0x4a, 0xaf, 0x61, - 0xa4, 0xe6, 0x8c, 0x91, 0x67, 0x3b, 0x38, 0x43, 0x9f, 0x5b, 0xb1, 0x87, 0xfd, 0x6a, 0xa2, 0xb7, - 0xd2, 0x48, 0xfa, 0x18, 0xaa, 0x27, 0xc8, 0x6d, 0x75, 0x2c, 0x14, 0x9a, 0x91, 0xb5, 0x5f, 0x5a, - 0x49, 0xb8, 0xe7, 0x68, 0x9f, 0x62, 0xd4, 0xdf, 0x4d, 0x64, 0xe7, 0xcb, 0x16, 0xb1, 0x84, 0x82, - 0x0e, 0xa1, 0xf6, 0x5a, 0x74, 0x5d, 0x75, 0x84, 0x56, 0xdf, 0xd4, 0x0a, 0xd6, 0x75, 0x6c, 0xee, - 0x06, 0xfe, 0x85, 0x1c, 0x52, 0xab, 0xdf, 0x07, 0x45, 0x34, 0x8e, 0x85, 0x81, 0xcf, 0x90, 0xde, - 0x81, 0xca, 0x20, 0xef, 0x99, 0x22, 0x8d, 0x26, 0x90, 0x95, 0x7c, 0xf4, 0x4f, 0x04, 0xfe, 0x1f, - 0xa2, 0x87, 0x1c, 0xb3, 0x56, 0xff, 0x59, 0x70, 0xe5, 0xf6, 0x6e, 0xc0, 0xb5, 0xac, 0xde, 0xd4, - 0xa1, 0xfe, 0x91, 0x00, 0x1c, 0x21, 0xff, 0x47, 0xea, 0x7f, 0x06, 0x8a, 0x28, 0x56, 0x5e, 0x4f, - 0x0f, 0xea, 0x83, 0xec, 0xdf, 0x12, 0x35, 0x2b, 0xbd, 0x7d, 0x23, 0xff, 0xdb, 0x8c, 0x9c, 0xb3, - 0x8a, 0x30, 0xfd, 0x0b, 0x01, 0xe5, 0x85, 0xcb, 0x72, 0xc7, 0xa5, 0x79, 0x26, 0x7f, 0x99, 0xe7, - 0xab, 0x76, 0xdf, 0x85, 0xbd, 0xb4, 0xf2, 0xcd, 0xe9, 0xac, 0x5c, 0x76, 0x59, 0xbd, 0x9f, 0x04, - 0x76, 0x5e, 0xa5, 0xc7, 0xd0, 0x43, 0xa8, 0x8c, 0x62, 0x4e, 0x1b, 0xa5, 0xee, 0x14, 0x0f, 0x84, - 0x76, 0x6b, 0x13, 0x96, 0x07, 0x3c, 0x81, 0x5a, 0x3a, 0x2e, 0x54, 0x2d, 0x45, 0xac, 0x4d, 0xbc, - 0x76, 0xfb, 0x12, 0x46, 0xca, 0x0f, 0xa1, 0x72, 0x84, 0xeb, 0x87, 0x16, 0xa3, 0xb6, 0x76, 0x68, - 0xf9, 0x52, 0x1f, 0x41, 0x35, 0x71, 0x49, 0xcb, 0x7c, 0xe9, 0xc2, 0xb4, 0x83, 0x0b, 0x78, 0x2a, - 0xec, 0x3f, 0x3d, 0x5b, 0x35, 0xc9, 0xf9, 0xaa, 0x49, 0xbe, 0xae, 0x9a, 0xe4, 0xfb, 0xaa, 0x49, - 0x3e, 0xfc, 0x68, 0x6e, 0xbd, 0xf9, 0xdd, 0x33, 0x1b, 0x4c, 0x58, 0x37, 0x7d, 0x38, 0xf3, 0x74, - 0xe3, 0x9a, 0x00, 0x1e, 0xfe, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x36, 0x72, 0xbd, 0x89, 0x00, 0x06, - 0x00, 0x00, + // 580 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x54, 0xcb, 0x6e, 0xd3, 0x40, + 0x14, 0xed, 0x34, 0xe9, 0x23, 0xd7, 0xe5, 0x35, 0x6a, 0x5a, 0x63, 0x89, 0x24, 0xf2, 0x2a, 0x20, + 0x62, 0x8b, 0x50, 0x09, 0x36, 0x48, 0x34, 0x89, 0x14, 0x2a, 0x51, 0x11, 0x19, 0x89, 0x05, 0x3b, + 0x67, 0x7a, 0x13, 0x2c, 0x25, 0xb6, 0xf1, 0x8c, 0x83, 0xf2, 0x27, 0xfc, 0x03, 0x12, 0x6b, 0x3e, + 0xa1, 0xcb, 0x2e, 0x11, 0x8b, 0x08, 0x85, 0x25, 0xe2, 0x1f, 0x90, 0xc7, 0xcf, 0xa4, 0x05, 0x96, + 0x15, 0x1b, 0x6b, 0xe6, 0x9c, 0x7b, 0xee, 0xdb, 0x03, 0x87, 0xcc, 0x73, 0x85, 0xed, 0xb8, 0x18, + 0x98, 0x1c, 0x83, 0x99, 0xc3, 0xd0, 0xf0, 0x03, 0x4f, 0x78, 0xb4, 0x92, 0x11, 0x1a, 0x4d, 0x18, + 0x73, 0x8a, 0xc2, 0x8e, 0x69, 0x6d, 0x3f, 0xc5, 0x66, 0x18, 0x38, 0xa3, 0x79, 0x82, 0x56, 0x73, + 0x6f, 0x62, 0xee, 0x23, 0x4f, 0xe0, 0x07, 0x63, 0x47, 0xbc, 0x0b, 0x87, 0x06, 0xf3, 0xa6, 0xa6, + 0xcb, 0x7d, 0xc6, 0x5a, 0x67, 0x38, 0x33, 0x5d, 0x14, 0x53, 0xdb, 0x37, 0x39, 0x4e, 0x90, 0x09, + 0x2f, 0x48, 0x6c, 0x5b, 0x05, 0xdb, 0xb1, 0x37, 0xf6, 0x4c, 0x09, 0x0f, 0xc3, 0x91, 0xbc, 0xc9, + 0x8b, 0x3c, 0xc5, 0xe6, 0xfa, 0xcf, 0x4d, 0x80, 0x41, 0x28, 0x2c, 0x7c, 0x1f, 0x22, 0x17, 0xd4, + 0x84, 0xca, 0x29, 0x72, 0x6e, 0x8f, 0xf1, 0xa4, 0xa7, 0x92, 0x06, 0x69, 0xee, 0x75, 0xee, 0x9c, + 0x2f, 0xea, 0x1b, 0xdf, 0x16, 0xf5, 0x9c, 0xb0, 0xf2, 0x23, 0xd5, 0x60, 0xb7, 0x6b, 0xfb, 0x36, + 0x73, 0xc4, 0x5c, 0xdd, 0x6c, 0x90, 0x66, 0xd9, 0xca, 0xee, 0xf4, 0x3e, 0xec, 0xbc, 0xfa, 0xe0, + 0x62, 0x70, 0xd2, 0x53, 0x4b, 0xd2, 0xd5, 0xad, 0xc4, 0x55, 0x0a, 0x5b, 0xe9, 0x81, 0x3e, 0x82, + 0xad, 0x20, 0x9c, 0x20, 0x57, 0xcb, 0x0d, 0xd2, 0x54, 0xda, 0x55, 0x23, 0x2e, 0xce, 0x18, 0x4c, + 0x6c, 0x86, 0x53, 0x74, 0x85, 0x15, 0x4e, 0xb0, 0x53, 0x8e, 0xf4, 0x56, 0x6c, 0x49, 0xdb, 0xb0, + 0xd5, 0x0f, 0xbc, 0xd0, 0x57, 0xb7, 0xa4, 0xe4, 0xc0, 0xc8, 0x7a, 0x67, 0x1c, 0x33, 0x86, 0x9c, + 0x4b, 0x36, 0xd5, 0xc8, 0x0b, 0x7d, 0x0a, 0xe5, 0x53, 0x14, 0xb6, 0x3a, 0x94, 0x12, 0xcd, 0x48, + 0x47, 0x96, 0x94, 0x1f, 0x71, 0x2f, 0xd0, 0x3e, 0xc3, 0xa0, 0xb3, 0x1b, 0xc9, 0x2e, 0x16, 0x75, + 0x62, 0x49, 0x05, 0xed, 0xc1, 0xf6, 0x1b, 0x39, 0x29, 0x95, 0x49, 0xad, 0xbe, 0xae, 0x95, 0xac, + 0xc3, 0x6c, 0xe1, 0x78, 0xee, 0x25, 0x1f, 0x89, 0x56, 0x7f, 0x08, 0x8a, 0x6c, 0x36, 0xf7, 0x3d, + 0x97, 0x23, 0xbd, 0x07, 0xa5, 0x6e, 0xd6, 0x67, 0x25, 0x69, 0x4e, 0x04, 0x59, 0xd1, 0x47, 0xff, + 0x4c, 0xe0, 0x46, 0x0f, 0x27, 0x28, 0x30, 0x1d, 0xcf, 0xdf, 0x05, 0xd7, 0x5e, 0xde, 0x6d, 0xb8, + 0x99, 0xe6, 0x1b, 0x57, 0xa8, 0x7f, 0x22, 0x00, 0x7d, 0x14, 0xff, 0x49, 0xfe, 0xc7, 0xa0, 0xc8, + 0x64, 0x93, 0xf1, 0xb4, 0xa1, 0xd2, 0x4d, 0x77, 0x4a, 0xe6, 0xac, 0xb4, 0xf7, 0x0b, 0x5b, 0x96, + 0x71, 0x56, 0x6e, 0xa6, 0x7f, 0x21, 0xa0, 0xbc, 0x74, 0x78, 0x56, 0x71, 0xe1, 0x1f, 0x20, 0xff, + 0xf8, 0x07, 0xae, 0xbb, 0xfa, 0x16, 0xec, 0xc5, 0x99, 0xaf, 0x6f, 0x67, 0xe9, 0xaa, 0x61, 0xb5, + 0x7f, 0x11, 0xd8, 0x79, 0x1d, 0x87, 0xa1, 0x47, 0x50, 0x1a, 0x84, 0x82, 0x56, 0x0b, 0xdd, 0xc9, + 0x1f, 0x15, 0xed, 0x60, 0x1d, 0x4e, 0x02, 0x3c, 0x83, 0xed, 0x78, 0x5d, 0xa8, 0x5a, 0xb0, 0x58, + 0xd9, 0x78, 0xed, 0xee, 0x15, 0x4c, 0x22, 0x3f, 0x82, 0x52, 0x1f, 0x57, 0x83, 0xe6, 0xab, 0xb6, + 0x12, 0xb4, 0x38, 0xd4, 0x27, 0x50, 0x8e, 0xaa, 0xa4, 0x45, 0xbe, 0x30, 0x30, 0xed, 0xf0, 0x12, + 0x1e, 0x0b, 0x3b, 0xcf, 0xcf, 0x97, 0x35, 0x72, 0xb1, 0xac, 0x91, 0xaf, 0xcb, 0x1a, 0xf9, 0xbe, + 0xac, 0x91, 0x8f, 0x3f, 0x6a, 0x1b, 0x6f, 0xff, 0xf4, 0x34, 0x7b, 0x23, 0xde, 0x8a, 0x1f, 0xdb, + 0xcc, 0xdd, 0x70, 0x5b, 0x02, 0x8f, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x31, 0xf8, 0x4f, 0x34, + 0x34, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -671,6 +681,16 @@ func (m *PutRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x6 i-- dAtA[i] = 0x92 + { + size, err := m.Group.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintService(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a { size, err := m.Rules.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1062,6 +1082,8 @@ func (m *PutRequest) Size() (n int) { n += 1 + l + sovService(uint64(l)) l = m.Rules.Size() n += 1 + l + sovService(uint64(l)) + l = m.Group.Size() + n += 1 + l + sovService(uint64(l)) l = m.RequestMetaHeader.Size() n += 2 + l + sovService(uint64(l)) l = m.RequestVerificationHeader.Size() @@ -1339,6 +1361,39 @@ func (m *PutRequest) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthService + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthService + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Group.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex case 98: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType) diff --git a/container/service.proto b/container/service.proto index 8a3f56c..9bd02c9 100644 --- a/container/service.proto +++ b/container/service.proto @@ -41,6 +41,9 @@ message PutRequest { // Rules define storage policy for the object inside the container. netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false]; + // Container ACL. + AccessGroup Group = 5 [(gogoproto.nullable) = false]; + // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) diff --git a/container/types.go b/container/types.go index 9269f30..d5d5a77 100644 --- a/container/types.go +++ b/container/types.go @@ -11,6 +11,19 @@ import ( "github.com/pkg/errors" ) +// AccessMode is a container access mode type. +type AccessMode uint32 + +const ( + // AccessModeRead is a read access mode. + AccessModeRead AccessMode = 1 << iota + // AccessModeWrite is a write access mode. + AccessModeWrite +) + +// AccessModeReadWrite is a read/write container access mode. +const AccessModeReadWrite = AccessModeRead | AccessModeWrite + var ( _ internal.Custom = (*Container)(nil) diff --git a/container/types.pb.go b/container/types.pb.go index 7bf9a03..6671670 100644 --- a/container/types.pb.go +++ b/container/types.pb.go @@ -33,10 +33,12 @@ type Container struct { // Capacity defines amount of data that can be stored in the container (doesn't used for now). Capacity uint64 `protobuf:"varint,3,opt,name=Capacity,proto3" json:"Capacity,omitempty"` // Rules define storage policy for the object inside the container. - Rules netmap.PlacementRule `protobuf:"bytes,4,opt,name=Rules,proto3" json:"Rules"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Rules netmap.PlacementRule `protobuf:"bytes,4,opt,name=Rules,proto3" json:"Rules"` + // Container ACL. + List AccessControlList `protobuf:"bytes,5,opt,name=List,proto3" json:"List"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Container) Reset() { *m = Container{} } @@ -82,32 +84,136 @@ func (m *Container) GetRules() netmap.PlacementRule { return netmap.PlacementRule{} } +func (m *Container) GetList() AccessControlList { + if m != nil { + return m.List + } + return AccessControlList{} +} + +type AccessGroup struct { + // Group access mode. + M uint32 `protobuf:"varint,1,opt,name=M,proto3" json:"M,omitempty"` + // Group members. + G []OwnerID `protobuf:"bytes,2,rep,name=G,proto3,customtype=OwnerID" json:"G"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AccessGroup) Reset() { *m = AccessGroup{} } +func (m *AccessGroup) String() string { return proto.CompactTextString(m) } +func (*AccessGroup) ProtoMessage() {} +func (*AccessGroup) Descriptor() ([]byte, []int) { + return fileDescriptor_1432e52ab0b53e3e, []int{1} +} +func (m *AccessGroup) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AccessGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *AccessGroup) XXX_Merge(src proto.Message) { + xxx_messageInfo_AccessGroup.Merge(m, src) +} +func (m *AccessGroup) XXX_Size() int { + return m.Size() +} +func (m *AccessGroup) XXX_DiscardUnknown() { + xxx_messageInfo_AccessGroup.DiscardUnknown(m) +} + +var xxx_messageInfo_AccessGroup proto.InternalMessageInfo + +func (m *AccessGroup) GetM() uint32 { + if m != nil { + return m.M + } + return 0 +} + +type AccessControlList struct { + // List of access groups. + List []AccessGroup `protobuf:"bytes,1,rep,name=List,proto3" json:"List"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AccessControlList) Reset() { *m = AccessControlList{} } +func (m *AccessControlList) String() string { return proto.CompactTextString(m) } +func (*AccessControlList) ProtoMessage() {} +func (*AccessControlList) Descriptor() ([]byte, []int) { + return fileDescriptor_1432e52ab0b53e3e, []int{2} +} +func (m *AccessControlList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AccessControlList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *AccessControlList) XXX_Merge(src proto.Message) { + xxx_messageInfo_AccessControlList.Merge(m, src) +} +func (m *AccessControlList) XXX_Size() int { + return m.Size() +} +func (m *AccessControlList) XXX_DiscardUnknown() { + xxx_messageInfo_AccessControlList.DiscardUnknown(m) +} + +var xxx_messageInfo_AccessControlList proto.InternalMessageInfo + +func (m *AccessControlList) GetList() []AccessGroup { + if m != nil { + return m.List + } + return nil +} + func init() { proto.RegisterType((*Container)(nil), "container.Container") + proto.RegisterType((*AccessGroup)(nil), "container.AccessGroup") + proto.RegisterType((*AccessControlList)(nil), "container.AccessControlList") } func init() { proto.RegisterFile("container/types.proto", fileDescriptor_1432e52ab0b53e3e) } var fileDescriptor_1432e52ab0b53e3e = []byte{ - // 275 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4d, 0xce, 0xcf, 0x2b, - 0x49, 0xcc, 0xcc, 0x4b, 0x2d, 0xd2, 0x2f, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2b, 0x28, 0xca, 0x2f, - 0xc9, 0x17, 0xe2, 0x84, 0x0b, 0x4b, 0x69, 0xa5, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, - 0xe7, 0xea, 0xe7, 0x15, 0x17, 0x24, 0x27, 0xeb, 0xa6, 0xa4, 0x96, 0xe9, 0xe7, 0xa5, 0x96, 0xe4, - 0x26, 0x16, 0xe8, 0x17, 0xa7, 0xe6, 0xa4, 0x26, 0x97, 0xe4, 0x17, 0x41, 0xb4, 0x49, 0xe9, 0x22, - 0xa9, 0x4d, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0x0b, 0x27, 0x95, 0xa6, 0x81, 0x79, 0x60, 0x0e, 0x98, - 0x05, 0x51, 0xae, 0xb4, 0x9c, 0x91, 0x8b, 0xd3, 0x19, 0x66, 0x91, 0x90, 0x26, 0x17, 0xbb, 0x7f, - 0x79, 0x5e, 0x6a, 0x91, 0xa7, 0x8b, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x8f, 0x13, 0xff, 0x89, 0x7b, - 0xf2, 0x0c, 0xb7, 0xee, 0xc9, 0xc3, 0x84, 0x83, 0x60, 0x0c, 0x21, 0x05, 0x2e, 0x96, 0xe0, 0xc4, - 0x9c, 0x12, 0x09, 0x26, 0xb0, 0x3a, 0x1e, 0xa8, 0x3a, 0x96, 0xd0, 0x50, 0x4f, 0x97, 0x20, 0xb0, - 0x8c, 0x90, 0x14, 0x17, 0x87, 0x73, 0x62, 0x41, 0x62, 0x72, 0x66, 0x49, 0xa5, 0x04, 0xb3, 0x02, - 0xa3, 0x06, 0x4b, 0x10, 0x9c, 0x2f, 0x64, 0xc8, 0xc5, 0x1a, 0x54, 0x9a, 0x93, 0x5a, 0x2c, 0xc1, - 0xa2, 0xc0, 0xa8, 0xc1, 0x6d, 0x24, 0xaa, 0x07, 0xf1, 0x8c, 0x5e, 0x40, 0x4e, 0x62, 0x72, 0x6a, - 0x6e, 0x6a, 0x5e, 0x09, 0x48, 0xd6, 0x89, 0x05, 0x64, 0x6a, 0x10, 0x44, 0xa5, 0x93, 0xc3, 0x89, - 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0xde, 0x78, 0x24, 0xc7, 0xf8, 0xe0, 0x91, 0x1c, 0xe3, - 0x8c, 0xc7, 0x72, 0x0c, 0x51, 0xb8, 0x82, 0x26, 0x3f, 0xad, 0x58, 0x17, 0xe2, 0x59, 0x78, 0x30, - 0x26, 0xb1, 0x81, 0x05, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0x29, 0x6b, 0x4d, 0x08, 0x71, - 0x01, 0x00, 0x00, + // 361 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xcf, 0x4e, 0xc2, 0x40, + 0x10, 0xc6, 0x19, 0x28, 0x2a, 0x0b, 0xc6, 0xb8, 0x09, 0xa6, 0x21, 0x5a, 0x1a, 0x4e, 0xd5, 0x84, + 0x56, 0x31, 0xf1, 0xe0, 0x49, 0x01, 0x43, 0x48, 0x24, 0x9a, 0x1a, 0x2e, 0xde, 0xca, 0xba, 0x60, + 0x93, 0xd2, 0x6d, 0xba, 0x5b, 0x0d, 0x6f, 0xe2, 0x23, 0x71, 0xf4, 0x68, 0x3c, 0xa0, 0xa9, 0x2f, + 0x62, 0xba, 0x85, 0x86, 0x04, 0xbd, 0xed, 0x7c, 0xf3, 0x9b, 0x3f, 0xdf, 0x0e, 0xaa, 0x12, 0xe6, + 0x0b, 0xc7, 0xf5, 0x69, 0x68, 0x89, 0x59, 0x40, 0xb9, 0x19, 0x84, 0x4c, 0x30, 0x5c, 0xca, 0xe4, + 0xda, 0xc9, 0xc4, 0x15, 0xcf, 0xd1, 0xc8, 0x24, 0x6c, 0x6a, 0xf9, 0x3c, 0x20, 0xa4, 0xf9, 0x44, + 0x5f, 0x2c, 0x9f, 0x8a, 0xa9, 0x13, 0x58, 0x9c, 0x7a, 0x94, 0x08, 0x16, 0xa6, 0x65, 0xb5, 0xe6, + 0x1a, 0x3b, 0x61, 0x13, 0x66, 0x49, 0x79, 0x14, 0x8d, 0x65, 0x24, 0x03, 0xf9, 0x4a, 0xf1, 0xc6, + 0x17, 0xa0, 0x52, 0x67, 0x35, 0x08, 0x1f, 0xa3, 0xed, 0xbb, 0x57, 0x9f, 0x86, 0xfd, 0xae, 0x0a, + 0x3a, 0x18, 0x95, 0xf6, 0xde, 0x7c, 0x51, 0xcf, 0x7d, 0x2e, 0xea, 0x2b, 0xd9, 0x5e, 0x3d, 0xb0, + 0x8e, 0x94, 0x07, 0xc7, 0x13, 0x6a, 0x5e, 0x72, 0x95, 0x25, 0xa7, 0x0c, 0x87, 0xfd, 0xae, 0x2d, + 0x33, 0xb8, 0x86, 0x76, 0x3a, 0x4e, 0xe0, 0x10, 0x57, 0xcc, 0xd4, 0x82, 0x0e, 0x86, 0x62, 0x67, + 0x31, 0x3e, 0x43, 0x45, 0x3b, 0xf2, 0x28, 0x57, 0x15, 0x1d, 0x8c, 0x72, 0xab, 0x6a, 0xa6, 0x66, + 0xcc, 0x7b, 0xcf, 0x21, 0x74, 0x4a, 0x7d, 0x91, 0x64, 0xdb, 0x4a, 0xd2, 0xd5, 0x4e, 0x49, 0x7c, + 0x81, 0x94, 0x5b, 0x97, 0x0b, 0xb5, 0x28, 0x2b, 0x0e, 0xcd, 0xec, 0x7b, 0xcc, 0x6b, 0x42, 0x28, + 0xe7, 0x89, 0x8b, 0x90, 0x79, 0x09, 0xb3, 0x2c, 0x94, 0x7c, 0xe3, 0x12, 0x95, 0x53, 0xa0, 0x17, + 0xb2, 0x28, 0xc0, 0x15, 0x04, 0x03, 0x69, 0x6e, 0xd7, 0x86, 0x01, 0x3e, 0x42, 0xd0, 0x53, 0xf3, + 0x7a, 0xe1, 0x2f, 0xab, 0xd0, 0x6b, 0xdc, 0xa0, 0xfd, 0x8d, 0xe6, 0xf8, 0x74, 0xb9, 0x08, 0xe8, + 0x05, 0xa3, 0xdc, 0x3a, 0xd8, 0x58, 0x44, 0xce, 0x59, 0x5f, 0xa1, 0x7d, 0x35, 0x8f, 0x35, 0x78, + 0x8f, 0x35, 0xf8, 0x88, 0x35, 0xf8, 0x8e, 0x35, 0x78, 0xfb, 0xd1, 0x72, 0x8f, 0xff, 0x5d, 0x95, + 0x8d, 0x79, 0x33, 0xbd, 0x53, 0xd6, 0x79, 0xb4, 0x25, 0x85, 0xf3, 0xdf, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xb4, 0x12, 0x2d, 0xb0, 0x2c, 0x02, 0x00, 0x00, } func (m *Container) Marshal() (dAtA []byte, err error) { @@ -134,6 +240,16 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + { + size, err := m.List.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a { size, err := m.Rules.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -172,6 +288,93 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *AccessGroup) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AccessGroup) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AccessGroup) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.G) > 0 { + for iNdEx := len(m.G) - 1; iNdEx >= 0; iNdEx-- { + { + size := m.G[iNdEx].Size() + i -= size + if _, err := m.G[iNdEx].MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if m.M != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.M)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *AccessControlList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AccessControlList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AccessControlList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.List) > 0 { + for iNdEx := len(m.List) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.List[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTypes(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func encodeVarintTypes(dAtA []byte, offset int, v uint64) int { offset -= sovTypes(v) base := offset @@ -198,6 +401,47 @@ func (m *Container) Size() (n int) { } l = m.Rules.Size() n += 1 + l + sovTypes(uint64(l)) + l = m.List.Size() + n += 1 + l + sovTypes(uint64(l)) + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AccessGroup) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.M != 0 { + n += 1 + sovTypes(uint64(m.M)) + } + if len(m.G) > 0 { + for _, e := range m.G { + l = e.Size() + n += 1 + l + sovTypes(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AccessControlList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.List) > 0 { + for _, e := range m.List { + l = e.Size() + n += 1 + l + sovTypes(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -357,6 +601,235 @@ func (m *Container) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field List", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.List.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AccessGroup) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AccessGroup: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AccessGroup: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field M", wireType) + } + m.M = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.M |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field G", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var v OwnerID + m.G = append(m.G, v) + if err := m.G[len(m.G)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AccessControlList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AccessControlList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AccessControlList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field List", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.List = append(m.List, AccessGroup{}) + if err := m.List[len(m.List)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) diff --git a/container/types.proto b/container/types.proto index a601edd..a1429ce 100644 --- a/container/types.proto +++ b/container/types.proto @@ -17,4 +17,18 @@ message Container { uint64 Capacity = 3; // Rules define storage policy for the object inside the container. netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false]; + // Container ACL. + AccessControlList List = 5 [(gogoproto.nullable) = false]; +} + +message AccessGroup { + // Group access mode. + uint32 M = 1; + // Group members. + repeated bytes G = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; +} + +message AccessControlList { + // List of access groups. + repeated AccessGroup List = 1 [(gogoproto.nullable) = false]; } From 7e6e30b85024a669111f46dfa48da626d0802f5a Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Tue, 17 Dec 2019 16:15:51 +0300 Subject: [PATCH 2/5] Add unit tests for container access modes --- container/types_test.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/container/types_test.go b/container/types_test.go index c7dbbf8..cfd5f52 100644 --- a/container/types_test.go +++ b/container/types_test.go @@ -55,3 +55,23 @@ func TestCID(t *testing.T) { require.Equal(t, cid1, cid2) }) } + +func TestAccessMode(t *testing.T) { + t.Run("read access to read/write mode", func(t *testing.T) { + require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead) + }) + + t.Run("write access to read/write mode", func(t *testing.T) { + require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite) + }) + + t.Run("read(write) access to write(read) mode", func(t *testing.T) { + require.Zero(t, AccessModeRead&AccessModeWrite) + }) + + t.Run("access to same mode", func(t *testing.T) { + require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite) + require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead) + require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite) + }) +} From 6ad23612c99f2c1a84e3bbb0e28bf416746bf1e4 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Tue, 17 Dec 2019 19:48:44 +0300 Subject: [PATCH 3/5] Use expanded field naming in AccessGroup structure --- container/types.pb.go | 88 +++++++++++++++++++++---------------------- container/types.proto | 4 +- 2 files changed, 46 insertions(+), 46 deletions(-) diff --git a/container/types.pb.go b/container/types.pb.go index 6671670..7a454de 100644 --- a/container/types.pb.go +++ b/container/types.pb.go @@ -93,9 +93,9 @@ func (m *Container) GetList() AccessControlList { type AccessGroup struct { // Group access mode. - M uint32 `protobuf:"varint,1,opt,name=M,proto3" json:"M,omitempty"` + AccessMode uint32 `protobuf:"varint,1,opt,name=AccessMode,proto3" json:"AccessMode,omitempty"` // Group members. - G []OwnerID `protobuf:"bytes,2,rep,name=G,proto3,customtype=OwnerID" json:"G"` + UserGroup []OwnerID `protobuf:"bytes,2,rep,name=UserGroup,proto3,customtype=OwnerID" json:"UserGroup"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -130,9 +130,9 @@ func (m *AccessGroup) XXX_DiscardUnknown() { var xxx_messageInfo_AccessGroup proto.InternalMessageInfo -func (m *AccessGroup) GetM() uint32 { +func (m *AccessGroup) GetAccessMode() uint32 { if m != nil { - return m.M + return m.AccessMode } return 0 } @@ -190,30 +190,30 @@ func init() { func init() { proto.RegisterFile("container/types.proto", fileDescriptor_1432e52ab0b53e3e) } var fileDescriptor_1432e52ab0b53e3e = []byte{ - // 361 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0xcf, 0x4e, 0xc2, 0x40, - 0x10, 0xc6, 0x19, 0x28, 0x2a, 0x0b, 0xc6, 0xb8, 0x09, 0xa6, 0x21, 0x5a, 0x1a, 0x4e, 0xd5, 0x84, - 0x56, 0x31, 0xf1, 0xe0, 0x49, 0x01, 0x43, 0x48, 0x24, 0x9a, 0x1a, 0x2e, 0xde, 0xca, 0xba, 0x60, - 0x93, 0xd2, 0x6d, 0xba, 0x5b, 0x0d, 0x6f, 0xe2, 0x23, 0x71, 0xf4, 0x68, 0x3c, 0xa0, 0xa9, 0x2f, - 0x62, 0xba, 0x85, 0x86, 0x04, 0xbd, 0xed, 0x7c, 0xf3, 0x9b, 0x3f, 0xdf, 0x0e, 0xaa, 0x12, 0xe6, - 0x0b, 0xc7, 0xf5, 0x69, 0x68, 0x89, 0x59, 0x40, 0xb9, 0x19, 0x84, 0x4c, 0x30, 0x5c, 0xca, 0xe4, - 0xda, 0xc9, 0xc4, 0x15, 0xcf, 0xd1, 0xc8, 0x24, 0x6c, 0x6a, 0xf9, 0x3c, 0x20, 0xa4, 0xf9, 0x44, - 0x5f, 0x2c, 0x9f, 0x8a, 0xa9, 0x13, 0x58, 0x9c, 0x7a, 0x94, 0x08, 0x16, 0xa6, 0x65, 0xb5, 0xe6, - 0x1a, 0x3b, 0x61, 0x13, 0x66, 0x49, 0x79, 0x14, 0x8d, 0x65, 0x24, 0x03, 0xf9, 0x4a, 0xf1, 0xc6, - 0x17, 0xa0, 0x52, 0x67, 0x35, 0x08, 0x1f, 0xa3, 0xed, 0xbb, 0x57, 0x9f, 0x86, 0xfd, 0xae, 0x0a, - 0x3a, 0x18, 0x95, 0xf6, 0xde, 0x7c, 0x51, 0xcf, 0x7d, 0x2e, 0xea, 0x2b, 0xd9, 0x5e, 0x3d, 0xb0, - 0x8e, 0x94, 0x07, 0xc7, 0x13, 0x6a, 0x5e, 0x72, 0x95, 0x25, 0xa7, 0x0c, 0x87, 0xfd, 0xae, 0x2d, - 0x33, 0xb8, 0x86, 0x76, 0x3a, 0x4e, 0xe0, 0x10, 0x57, 0xcc, 0xd4, 0x82, 0x0e, 0x86, 0x62, 0x67, - 0x31, 0x3e, 0x43, 0x45, 0x3b, 0xf2, 0x28, 0x57, 0x15, 0x1d, 0x8c, 0x72, 0xab, 0x6a, 0xa6, 0x66, - 0xcc, 0x7b, 0xcf, 0x21, 0x74, 0x4a, 0x7d, 0x91, 0x64, 0xdb, 0x4a, 0xd2, 0xd5, 0x4e, 0x49, 0x7c, - 0x81, 0x94, 0x5b, 0x97, 0x0b, 0xb5, 0x28, 0x2b, 0x0e, 0xcd, 0xec, 0x7b, 0xcc, 0x6b, 0x42, 0x28, - 0xe7, 0x89, 0x8b, 0x90, 0x79, 0x09, 0xb3, 0x2c, 0x94, 0x7c, 0xe3, 0x12, 0x95, 0x53, 0xa0, 0x17, - 0xb2, 0x28, 0xc0, 0x15, 0x04, 0x03, 0x69, 0x6e, 0xd7, 0x86, 0x01, 0x3e, 0x42, 0xd0, 0x53, 0xf3, - 0x7a, 0xe1, 0x2f, 0xab, 0xd0, 0x6b, 0xdc, 0xa0, 0xfd, 0x8d, 0xe6, 0xf8, 0x74, 0xb9, 0x08, 0xe8, - 0x05, 0xa3, 0xdc, 0x3a, 0xd8, 0x58, 0x44, 0xce, 0x59, 0x5f, 0xa1, 0x7d, 0x35, 0x8f, 0x35, 0x78, - 0x8f, 0x35, 0xf8, 0x88, 0x35, 0xf8, 0x8e, 0x35, 0x78, 0xfb, 0xd1, 0x72, 0x8f, 0xff, 0x5d, 0x95, - 0x8d, 0x79, 0x33, 0xbd, 0x53, 0xd6, 0x79, 0xb4, 0x25, 0x85, 0xf3, 0xdf, 0x00, 0x00, 0x00, 0xff, - 0xff, 0xb4, 0x12, 0x2d, 0xb0, 0x2c, 0x02, 0x00, 0x00, + // 368 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0x4f, 0x4b, 0xfb, 0x30, + 0x1c, 0xc6, 0x97, 0xad, 0xfb, 0xfd, 0x5c, 0x36, 0x11, 0x03, 0x93, 0x32, 0xa4, 0x2b, 0x3b, 0x55, + 0xa1, 0xad, 0x4e, 0xf0, 0xac, 0xdb, 0x44, 0x06, 0x8a, 0x52, 0xd9, 0x45, 0xbc, 0x74, 0x59, 0x36, + 0x0b, 0x5d, 0x53, 0x92, 0x54, 0xd9, 0x3b, 0xf1, 0x25, 0xed, 0xe8, 0x51, 0x3c, 0x4c, 0xa9, 0x6f, + 0x44, 0x9a, 0x6c, 0x75, 0x30, 0xbd, 0xe5, 0x79, 0xf2, 0x79, 0x92, 0xef, 0x1f, 0x58, 0xc7, 0x34, + 0x12, 0x7e, 0x10, 0x11, 0xe6, 0x8a, 0x59, 0x4c, 0xb8, 0x13, 0x33, 0x2a, 0x28, 0xaa, 0xe4, 0x76, + 0xe3, 0x70, 0x12, 0x88, 0xc7, 0x64, 0xe8, 0x60, 0x3a, 0x75, 0x23, 0x1e, 0x63, 0x6c, 0x8f, 0xc8, + 0x93, 0x1b, 0x11, 0x31, 0xf5, 0x63, 0x97, 0x93, 0x90, 0x60, 0x41, 0x99, 0x8a, 0x35, 0xec, 0x35, + 0x76, 0x42, 0x27, 0xd4, 0x95, 0xf6, 0x30, 0x19, 0x4b, 0x25, 0x85, 0x3c, 0x29, 0xbc, 0xf5, 0x01, + 0x60, 0xa5, 0xbb, 0xfa, 0x08, 0x1d, 0xc0, 0xff, 0x37, 0xcf, 0x11, 0x61, 0xfd, 0x9e, 0x0e, 0x4c, + 0x60, 0xd5, 0x3a, 0x3b, 0xf3, 0x45, 0xb3, 0xf0, 0xbe, 0x68, 0xae, 0x6c, 0x6f, 0x75, 0x40, 0x26, + 0xd4, 0xee, 0xfc, 0x50, 0xe8, 0x45, 0xc9, 0xd5, 0x96, 0x9c, 0x36, 0x18, 0xf4, 0x7b, 0x9e, 0xbc, + 0x41, 0x0d, 0xb8, 0xd5, 0xf5, 0x63, 0x1f, 0x07, 0x62, 0xa6, 0x97, 0x4c, 0x60, 0x69, 0x5e, 0xae, + 0xd1, 0x31, 0x2c, 0x7b, 0x49, 0x48, 0xb8, 0xae, 0x99, 0xc0, 0xaa, 0xb6, 0xeb, 0x8e, 0x6a, 0xc6, + 0xb9, 0x0d, 0x7d, 0x4c, 0xa6, 0x24, 0x12, 0xd9, 0x6d, 0x47, 0xcb, 0x5e, 0xf5, 0x14, 0x89, 0x4e, + 0xa1, 0x76, 0x15, 0x70, 0xa1, 0x97, 0x65, 0x62, 0xdf, 0xc9, 0xc7, 0xe3, 0x9c, 0x63, 0x4c, 0x38, + 0xcf, 0xba, 0x60, 0x34, 0xcc, 0x98, 0x65, 0x50, 0xf2, 0xad, 0x07, 0x58, 0x55, 0xc0, 0x25, 0xa3, + 0x49, 0x8c, 0x0c, 0x08, 0x95, 0xbc, 0xa6, 0x23, 0x22, 0xbb, 0xdc, 0xf6, 0xd6, 0x1c, 0x64, 0xc3, + 0xca, 0x80, 0x13, 0x26, 0x61, 0xbd, 0x68, 0x96, 0x7e, 0x1b, 0xc2, 0x0f, 0xd1, 0xba, 0x80, 0xbb, + 0x1b, 0xdf, 0xa3, 0xa3, 0x65, 0xa9, 0xc0, 0x2c, 0x59, 0xd5, 0xf6, 0xde, 0x46, 0xa9, 0x32, 0xba, + 0x5e, 0x64, 0xe7, 0x6c, 0x9e, 0x1a, 0xe0, 0x35, 0x35, 0xc0, 0x5b, 0x6a, 0x80, 0xcf, 0xd4, 0x00, + 0x2f, 0x5f, 0x46, 0xe1, 0xfe, 0xaf, 0xbd, 0xd3, 0x31, 0xb7, 0xd5, 0x26, 0xf3, 0x97, 0x87, 0xff, + 0xa4, 0x71, 0xf2, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x13, 0x1b, 0x01, 0x24, 0x4e, 0x02, 0x00, 0x00, } func (m *Container) Marshal() (dAtA []byte, err error) { @@ -312,12 +312,12 @@ func (m *AccessGroup) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.G) > 0 { - for iNdEx := len(m.G) - 1; iNdEx >= 0; iNdEx-- { + if len(m.UserGroup) > 0 { + for iNdEx := len(m.UserGroup) - 1; iNdEx >= 0; iNdEx-- { { - size := m.G[iNdEx].Size() + size := m.UserGroup[iNdEx].Size() i -= size - if _, err := m.G[iNdEx].MarshalTo(dAtA[i:]); err != nil { + if _, err := m.UserGroup[iNdEx].MarshalTo(dAtA[i:]); err != nil { return 0, err } i = encodeVarintTypes(dAtA, i, uint64(size)) @@ -326,8 +326,8 @@ func (m *AccessGroup) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x12 } } - if m.M != 0 { - i = encodeVarintTypes(dAtA, i, uint64(m.M)) + if m.AccessMode != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.AccessMode)) i-- dAtA[i] = 0x8 } @@ -415,11 +415,11 @@ func (m *AccessGroup) Size() (n int) { } var l int _ = l - if m.M != 0 { - n += 1 + sovTypes(uint64(m.M)) + if m.AccessMode != 0 { + n += 1 + sovTypes(uint64(m.AccessMode)) } - if len(m.G) > 0 { - for _, e := range m.G { + if len(m.UserGroup) > 0 { + for _, e := range m.UserGroup { l = e.Size() n += 1 + l + sovTypes(uint64(l)) } @@ -690,9 +690,9 @@ func (m *AccessGroup) Unmarshal(dAtA []byte) error { switch fieldNum { case 1: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field M", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AccessMode", wireType) } - m.M = 0 + m.AccessMode = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypes @@ -702,14 +702,14 @@ func (m *AccessGroup) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.M |= uint32(b&0x7F) << shift + m.AccessMode |= uint32(b&0x7F) << shift if b < 0x80 { break } } case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field G", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field UserGroup", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { @@ -737,8 +737,8 @@ func (m *AccessGroup) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } var v OwnerID - m.G = append(m.G, v) - if err := m.G[len(m.G)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.UserGroup = append(m.UserGroup, v) + if err := m.UserGroup[len(m.UserGroup)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex diff --git a/container/types.proto b/container/types.proto index a1429ce..4600046 100644 --- a/container/types.proto +++ b/container/types.proto @@ -23,9 +23,9 @@ message Container { message AccessGroup { // Group access mode. - uint32 M = 1; + uint32 AccessMode = 1; // Group members. - repeated bytes G = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; + repeated bytes UserGroup = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; } message AccessControlList { From 8d028100e948f0bb68a34d7a04b4363e92462527 Mon Sep 17 00:00:00 2001 From: Evgeniy Kulikov Date: Fri, 20 Dec 2019 10:13:16 +0300 Subject: [PATCH 4/5] service: Use sync pool for Sign/Verify request headers ``` // Before BenchmarkSignRequestHeader-8 146 8070375 ns/op 4210607 B/op 48 allocs/op BenchmarkVerifyRequestHeader-8 14 83058325 ns/op 42085955 B/op 1601 allocs/op // After BenchmarkSignRequestHeader-8 156 7709172 ns/op 33902 B/op 45 allocs/op BenchmarkVerifyRequestHeader-8 15 76910232 ns/op 54368 B/op 1563 allocs/op // Summary: benchmark old ns/op new ns/op delta BenchmarkSignRequestHeader-8 8070375 7709172 -4.48% BenchmarkVerifyRequestHeader-8 83058325 76910232 -7.40% benchmark old allocs new allocs delta BenchmarkSignRequestHeader-8 48 45 -6.25% BenchmarkVerifyRequestHeader-8 1601 1563 -2.37% benchmark old bytes new bytes delta BenchmarkSignRequestHeader-8 4210607 33902 -99.19% BenchmarkVerifyRequestHeader-8 42085955 54368 -99.87% ``` --- go.mod | 3 +++ service/verify.go | 35 ++++++++++++++++++++++++----- service/verify_test.go | 51 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index fd114d3..bb8c4ff 100644 --- a/go.mod +++ b/go.mod @@ -18,3 +18,6 @@ require ( golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 google.golang.org/grpc v1.24.0 ) + +// Used for debug reasons +// replace github.com/nspcc-dev/neofs-crypto => ../neofs-crypto diff --git a/service/verify.go b/service/verify.go index 8571459..2bd1661 100644 --- a/service/verify.go +++ b/service/verify.go @@ -2,6 +2,7 @@ package service import ( "crypto/ecdsa" + "sync" crypto "github.com/nspcc-dev/neofs-crypto" "github.com/nspcc-dev/neofs-proto/internal" @@ -12,7 +13,8 @@ import ( type ( // VerifiableRequest adds possibility to sign and verify request header. VerifiableRequest interface { - Marshal() ([]byte, error) + Size() int + MarshalTo([]byte) (int, error) AddSignature(*RequestVerificationHeader_Signature) GetSignatures() []*RequestVerificationHeader_Signature SetSignatures([]*RequestVerificationHeader_Signature) @@ -133,6 +135,10 @@ func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeade }, nil } +var bytesPool = sync.Pool{New: func() interface{} { + return make([]byte, 4.5*1024*1024) // 4.5MB +}} + // SignRequestHeader receives private key and request with RequestVerificationHeader, // tries to marshal and sign request with passed PrivateKey, after that adds // new signature to headers. If something went wrong, returns error. @@ -146,12 +152,23 @@ func SignRequestHeader(key *ecdsa.PrivateKey, msg VerifiableRequest) error { }() } - data, err := msg.Marshal() + data := bytesPool.Get().([]byte) + defer func() { + bytesPool.Put(data) + }() + + if size := msg.Size(); size <= cap(data) { + data = data[:size] + } else { + data = make([]byte, size) + } + + size, err := msg.MarshalTo(data) if err != nil { return err } - signature, err := newSignature(key, data) + signature, err := newSignature(key, data[:size]) if err != nil { return err } @@ -174,8 +191,10 @@ func VerifyRequestHeader(msg VerifiableRequest) error { }() } + data := bytesPool.Get().([]byte) signatures := msg.GetSignatures() defer func() { + bytesPool.Put(data) msg.SetSignatures(signatures) }() @@ -189,9 +208,15 @@ func VerifyRequestHeader(msg VerifiableRequest) error { return errors.Wrapf(ErrCannotLoadPublicKey, "%d: %02x", i, peer) } - if data, err := msg.Marshal(); err != nil { + if size := msg.Size(); size <= cap(data) { + data = data[:size] + } else { + data = make([]byte, size) + } + + if size, err := msg.MarshalTo(data); err != nil { return errors.Wrapf(err, "%d: %02x", i, peer) - } else if err := crypto.Verify(key, data, sign); err != nil { + } else if err := crypto.Verify(key, data[:size], sign); err != nil { return errors.Wrapf(err, "%d: %02x", i, peer) } } diff --git a/service/verify_test.go b/service/verify_test.go index 237e362..44542c4 100644 --- a/service/verify_test.go +++ b/service/verify_test.go @@ -14,6 +14,57 @@ import ( "github.com/stretchr/testify/require" ) +func BenchmarkSignRequestHeader(b *testing.B) { + key := test.DecodeKey(0) + + custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8} + + some := &TestRequest{ + IntField: math.MaxInt32, + StringField: "TestRequestStringField", + BytesField: make([]byte, 1<<22), + CustomField: &custom, + RequestMetaHeader: RequestMetaHeader{ + TTL: math.MaxInt32 - 8, + Epoch: math.MaxInt64 - 12, + }, + } + + b.ResetTimer() + b.ReportAllocs() + + for i := 0; i < b.N; i++ { + require.NoError(b, SignRequestHeader(key, some)) + } +} + +func BenchmarkVerifyRequestHeader(b *testing.B) { + custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8} + + some := &TestRequest{ + IntField: math.MaxInt32, + StringField: "TestRequestStringField", + BytesField: make([]byte, 1<<22), + CustomField: &custom, + RequestMetaHeader: RequestMetaHeader{ + TTL: math.MaxInt32 - 8, + Epoch: math.MaxInt64 - 12, + }, + } + + for i := 0; i < 10; i++ { + key := test.DecodeKey(i) + require.NoError(b, SignRequestHeader(key, some)) + } + + b.ResetTimer() + b.ReportAllocs() + + for i := 0; i < b.N; i++ { + require.NoError(b, VerifyRequestHeader(some)) + } +} + func TestSignRequestHeader(t *testing.T) { req := &TestRequest{ IntField: math.MaxInt32, From e1b7d0a7a6db4784390a72bca3e227612cbd0fe5 Mon Sep 17 00:00:00 2001 From: Evgeniy Kulikov Date: Sat, 21 Dec 2019 12:25:35 +0300 Subject: [PATCH 5/5] CHANGELOG --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b46745..b76c77e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog This is the changelog for NeoFS Proto +## [0.2.8] - 2019-12-21 + +### Added +- Container access control type definitions + +### Changed +- Used sync.Pool for Sign/VerifyRequestHeader +- VerifiableRequest.Marshal method replace with MarshalTo and Size + ## [0.2.7] - 2019-12-17 ### Fixed @@ -78,3 +87,4 @@ Initial public release [0.2.5]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.4...v0.2.5 [0.2.6]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.5...v0.2.6 [0.2.7]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.6...v0.2.7 +[0.2.8]: https://github.com/nspcc-dev/neofs-proto/compare/v0.2.7...v0.2.8