forked from TrueCloudLab/frostfs-node
[#1348] go.mod: Update api-go and sdk-go
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
This commit is contained in:
parent
a685fcdc96
commit
a4fb7f085b
14 changed files with 6 additions and 302 deletions
|
@ -17,7 +17,6 @@ import (
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
||||||
containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
|
containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
|
||||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
||||||
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
||||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||||
|
@ -192,31 +191,6 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// EACLPrm groups parameters of EACL operation.
|
|
||||||
type EACLPrm struct {
|
|
||||||
Client *client.Client
|
|
||||||
ClientParams client.PrmContainerEACL
|
|
||||||
}
|
|
||||||
|
|
||||||
// EACLRes groups the resulting values of EACL operation.
|
|
||||||
type EACLRes struct {
|
|
||||||
cliRes *client.ResContainerEACL
|
|
||||||
}
|
|
||||||
|
|
||||||
// EACL returns requested eACL table.
|
|
||||||
func (x EACLRes) EACL() eacl.Table {
|
|
||||||
return x.cliRes.Table()
|
|
||||||
}
|
|
||||||
|
|
||||||
// EACL reads eACL table from FrostFS by container ID.
|
|
||||||
//
|
|
||||||
// Returns any error which prevented the operation from completing correctly in error return.
|
|
||||||
func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
|
|
||||||
res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// NetworkInfoPrm groups parameters of NetworkInfo operation.
|
// NetworkInfoPrm groups parameters of NetworkInfo operation.
|
||||||
type NetworkInfoPrm struct {
|
type NetworkInfoPrm struct {
|
||||||
Client *client.Client
|
Client *client.Client
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
package container
|
|
||||||
|
|
||||||
import (
|
|
||||||
"os"
|
|
||||||
|
|
||||||
internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
|
|
||||||
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
|
||||||
"github.com/spf13/cobra"
|
|
||||||
)
|
|
||||||
|
|
||||||
var getExtendedACLCmd = &cobra.Command{
|
|
||||||
Use: "get-eacl",
|
|
||||||
Short: "Get extended ACL table of container",
|
|
||||||
Long: `Get extended ACL table of container`,
|
|
||||||
Run: func(cmd *cobra.Command, _ []string) {
|
|
||||||
id := parseContainerID(cmd)
|
|
||||||
pk := key.GetOrGenerate(cmd)
|
|
||||||
cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
|
|
||||||
|
|
||||||
eaclPrm := internalclient.EACLPrm{
|
|
||||||
Client: cli,
|
|
||||||
ClientParams: client.PrmContainerEACL{
|
|
||||||
ContainerID: &id,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
res, err := internalclient.EACL(cmd.Context(), eaclPrm)
|
|
||||||
commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
|
|
||||||
|
|
||||||
eaclTable := res.EACL()
|
|
||||||
|
|
||||||
if containerPathTo == "" {
|
|
||||||
cmd.Println("eACL: ")
|
|
||||||
common.PrettyPrintJSON(cmd, &eaclTable, "eACL")
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var data []byte
|
|
||||||
|
|
||||||
if containerJSON {
|
|
||||||
data, err = eaclTable.MarshalJSON()
|
|
||||||
commonCmd.ExitOnErr(cmd, "can't encode to JSON: %w", err)
|
|
||||||
} else {
|
|
||||||
data, err = eaclTable.Marshal()
|
|
||||||
commonCmd.ExitOnErr(cmd, "can't encode to binary: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
cmd.Println("dumping data to file:", containerPathTo)
|
|
||||||
|
|
||||||
err = os.WriteFile(containerPathTo, data, 0o644)
|
|
||||||
commonCmd.ExitOnErr(cmd, "could not write eACL to file: %w", err)
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
func initContainerGetEACLCmd() {
|
|
||||||
commonflags.Init(getExtendedACLCmd)
|
|
||||||
|
|
||||||
flags := getExtendedACLCmd.Flags()
|
|
||||||
|
|
||||||
flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
|
|
||||||
flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container (default: binary encoded)")
|
|
||||||
flags.BoolVar(&containerJSON, commonflags.JSON, false, "Encode EACL table in json format")
|
|
||||||
}
|
|
|
@ -25,7 +25,6 @@ func init() {
|
||||||
deleteContainerCmd,
|
deleteContainerCmd,
|
||||||
listContainerObjectsCmd,
|
listContainerObjectsCmd,
|
||||||
getContainerInfoCmd,
|
getContainerInfoCmd,
|
||||||
getExtendedACLCmd,
|
|
||||||
containerNodesCmd,
|
containerNodesCmd,
|
||||||
policyPlaygroundCmd,
|
policyPlaygroundCmd,
|
||||||
}
|
}
|
||||||
|
@ -37,7 +36,6 @@ func init() {
|
||||||
initContainerDeleteCmd()
|
initContainerDeleteCmd()
|
||||||
initContainerListObjectsCmd()
|
initContainerListObjectsCmd()
|
||||||
initContainerInfoCmd()
|
initContainerInfoCmd()
|
||||||
initContainerGetEACLCmd()
|
|
||||||
initContainerNodesCmd()
|
initContainerNodesCmd()
|
||||||
initContainerPolicyPlaygroundCmd()
|
initContainerPolicyPlaygroundCmd()
|
||||||
|
|
||||||
|
|
|
@ -258,10 +258,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
|
||||||
return []string{nativeschema.MethodDeleteContainer}, false, nil
|
return []string{nativeschema.MethodDeleteContainer}, false, nil
|
||||||
case "container.get":
|
case "container.get":
|
||||||
return []string{nativeschema.MethodGetContainer}, false, nil
|
return []string{nativeschema.MethodGetContainer}, false, nil
|
||||||
case "container.setcontainereacl":
|
|
||||||
return []string{nativeschema.MethodSetContainerEACL}, false, nil
|
|
||||||
case "container.getcontainereacl":
|
|
||||||
return []string{nativeschema.MethodGetContainerEACL}, false, nil
|
|
||||||
case "container.list":
|
case "container.list":
|
||||||
return []string{nativeschema.MethodListContainers}, false, nil
|
return []string{nativeschema.MethodListContainers}, false, nil
|
||||||
case "container.*":
|
case "container.*":
|
||||||
|
@ -269,8 +265,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
|
||||||
nativeschema.MethodPutContainer,
|
nativeschema.MethodPutContainer,
|
||||||
nativeschema.MethodDeleteContainer,
|
nativeschema.MethodDeleteContainer,
|
||||||
nativeschema.MethodGetContainer,
|
nativeschema.MethodGetContainer,
|
||||||
nativeschema.MethodSetContainerEACL,
|
|
||||||
nativeschema.MethodGetContainerEACL,
|
|
||||||
nativeschema.MethodListContainers,
|
nativeschema.MethodListContainers,
|
||||||
}, false, nil
|
}, false, nil
|
||||||
default:
|
default:
|
||||||
|
|
4
go.mod
4
go.mod
|
@ -4,12 +4,12 @@ go 1.22
|
||||||
|
|
||||||
require (
|
require (
|
||||||
code.gitea.io/sdk/gitea v0.17.1
|
code.gitea.io/sdk/gitea v0.17.1
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240828085308-5e1c6a908f61
|
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240902111049-c11f50efeccb
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
|
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
|
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240827083309-f0b9493ce3f7
|
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
||||||
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
|
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
|
||||||
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
||||||
|
|
8
go.sum
8
go.sum
|
@ -1,7 +1,7 @@
|
||||||
code.gitea.io/sdk/gitea v0.17.1 h1:3jCPOG2ojbl8AcfaUCRYLT5MUcBMFwS0OSK2mA5Zok8=
|
code.gitea.io/sdk/gitea v0.17.1 h1:3jCPOG2ojbl8AcfaUCRYLT5MUcBMFwS0OSK2mA5Zok8=
|
||||||
code.gitea.io/sdk/gitea v0.17.1/go.mod h1:aCnBqhHpoEWA180gMbaCtdX9Pl6BWBAuuP2miadoTNM=
|
code.gitea.io/sdk/gitea v0.17.1/go.mod h1:aCnBqhHpoEWA180gMbaCtdX9Pl6BWBAuuP2miadoTNM=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240828085308-5e1c6a908f61 h1:bw9EVGWnfY9awFb5XYR52AGbzgg3o04gZF66yHob48c=
|
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240902111049-c11f50efeccb h1:p9ByDsw+H6p6LyYSx8LKFtAG/oPKQpDVMNfjPqdevTw=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240828085308-5e1c6a908f61/go.mod h1:BDnEpkKMykCS8u1nLzR6SgNzCv6885RWlo5TnravQuI=
|
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240902111049-c11f50efeccb/go.mod h1:BDnEpkKMykCS8u1nLzR6SgNzCv6885RWlo5TnravQuI=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
|
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
|
||||||
|
@ -10,8 +10,8 @@ git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d/go.mod h1:7ZZq8iguY7qFsXajdHGmZd2AW4QbucyrJwhbsRfOfek=
|
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d/go.mod h1:7ZZq8iguY7qFsXajdHGmZd2AW4QbucyrJwhbsRfOfek=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 h1:PaZ8GpnUoXxUoNsc1qp36bT2u7FU+neU4Jn9cl8AWqI=
|
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 h1:PaZ8GpnUoXxUoNsc1qp36bT2u7FU+neU4Jn9cl8AWqI=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65/go.mod h1:6aAX80dvJ3r5fjN9CzzPglRptoiPgIC9KFGGsUA+1Hw=
|
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65/go.mod h1:6aAX80dvJ3r5fjN9CzzPglRptoiPgIC9KFGGsUA+1Hw=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240827083309-f0b9493ce3f7 h1:9eZidZMT4tHOdc6GZRPlZR12IToKqHhUd5wzevdDUqo=
|
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad h1:cJGK/bXSF/0KMr6zkIy06qekQhQRU7eYzh+lWdQ0U8w=
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240827083309-f0b9493ce3f7/go.mod h1:VzVYcwo/eXjkdo5ktPdZeAE4fsnZX6zEun3g+5E2weo=
|
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad/go.mod h1:I4GzeEnftO++N2JHQn9QR88eV0rjQkGqlUCNMnCz1CY=
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
|
git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
|
git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
|
||||||
git.frostfs.info/TrueCloudLab/neoneo-go v0.106.1-0.20240726093631-5481339d6928 h1:LK3mCkNZkY48eBA9jnk1N0eQZLsZhOG+XYw4EBoKUjM=
|
git.frostfs.info/TrueCloudLab/neoneo-go v0.106.1-0.20240726093631-5481339d6928 h1:LK3mCkNZkY48eBA9jnk1N0eQZLsZhOG+XYw4EBoKUjM=
|
||||||
|
|
|
@ -80,18 +80,3 @@ func (s *Server) List(ctx context.Context, req *containerGRPC.ListRequest) (*con
|
||||||
|
|
||||||
return resp.ToGRPCMessage().(*containerGRPC.ListResponse), nil
|
return resp.ToGRPCMessage().(*containerGRPC.ListResponse), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetExtendedACL converts gRPC GetExtendedACLRequest message and passes it to internal Container service.
|
|
||||||
func (s *Server) GetExtendedACL(ctx context.Context, req *containerGRPC.GetExtendedACLRequest) (*containerGRPC.GetExtendedACLResponse, error) {
|
|
||||||
getEACLReq := new(container.GetExtendedACLRequest)
|
|
||||||
if err := getEACLReq.FromGRPCMessage(req); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, err := s.srv.GetExtendedACL(ctx, getEACLReq)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return resp.ToGRPCMessage().(*containerGRPC.GetExtendedACLResponse), nil
|
|
||||||
}
|
|
||||||
|
|
|
@ -102,18 +102,6 @@ func (ac *apeChecker) Get(ctx context.Context, req *container.GetRequest) (*cont
|
||||||
return ac.next.Get(ctx, req)
|
return ac.next.Get(ctx, req)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ac *apeChecker) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
|
||||||
ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.GetExtendedACL")
|
|
||||||
defer span.End()
|
|
||||||
|
|
||||||
if err := ac.validateContainerBoundedOperation(ctx, req.GetBody().GetContainerID(), req.GetMetaHeader(), req.GetVerificationHeader(),
|
|
||||||
nativeschema.MethodGetContainerEACL); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return ac.next.GetExtendedACL(ctx, req)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (ac *apeChecker) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
func (ac *apeChecker) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
||||||
ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.List")
|
ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.List")
|
||||||
defer span.End()
|
defer span.End()
|
||||||
|
|
|
@ -49,7 +49,6 @@ func TestAPE(t *testing.T) {
|
||||||
t.Run("deny get container by user claim tag", testDenyGetContainerByUserClaimTag)
|
t.Run("deny get container by user claim tag", testDenyGetContainerByUserClaimTag)
|
||||||
t.Run("deny get container by IP", testDenyGetContainerByIP)
|
t.Run("deny get container by IP", testDenyGetContainerByIP)
|
||||||
t.Run("deny get container by group id", testDenyGetContainerByGroupID)
|
t.Run("deny get container by group id", testDenyGetContainerByGroupID)
|
||||||
t.Run("deny get container eACL for IR with session token", testDenyGetContainerEACLForIRSessionToken)
|
|
||||||
t.Run("deny put container for others with session token", testDenyPutContainerForOthersSessionToken)
|
t.Run("deny put container for others with session token", testDenyPutContainerForOthersSessionToken)
|
||||||
t.Run("deny put container, read namespace from frostfsID", testDenyPutContainerReadNamespaceFromFrostfsID)
|
t.Run("deny put container, read namespace from frostfsID", testDenyPutContainerReadNamespaceFromFrostfsID)
|
||||||
t.Run("deny put container with invlaid namespace", testDenyPutContainerInvalidNamespace)
|
t.Run("deny put container with invlaid namespace", testDenyPutContainerInvalidNamespace)
|
||||||
|
@ -663,95 +662,6 @@ func testDenyGetContainerByGroupID(t *testing.T) {
|
||||||
require.ErrorAs(t, err, &errAccessDenied)
|
require.ErrorAs(t, err, &errAccessDenied)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testDenyGetContainerEACLForIRSessionToken(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
srv := &srvStub{
|
|
||||||
calls: map[string]int{},
|
|
||||||
}
|
|
||||||
router := inmemory.NewInMemory()
|
|
||||||
contRdr := &containerStub{
|
|
||||||
c: map[cid.ID]*containercore.Container{},
|
|
||||||
}
|
|
||||||
ir := &irStub{
|
|
||||||
keys: [][]byte{},
|
|
||||||
}
|
|
||||||
nm := &netmapStub{}
|
|
||||||
frostfsIDSubjectReader := &frostfsidStub{
|
|
||||||
subjects: map[util.Uint160]*client.Subject{},
|
|
||||||
}
|
|
||||||
apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)
|
|
||||||
|
|
||||||
contID := cidtest.ID()
|
|
||||||
testContainer := containertest.Container()
|
|
||||||
pp := netmap.PlacementPolicy{}
|
|
||||||
require.NoError(t, pp.DecodeString("REP 1"))
|
|
||||||
testContainer.SetPlacementPolicy(pp)
|
|
||||||
contRdr.c[contID] = &containercore.Container{Value: testContainer}
|
|
||||||
|
|
||||||
nm.currentEpoch = 100
|
|
||||||
nm.netmaps = map[uint64]*netmap.NetMap{}
|
|
||||||
var testNetmap netmap.NetMap
|
|
||||||
testNetmap.SetEpoch(nm.currentEpoch)
|
|
||||||
testNetmap.SetNodes([]netmap.NodeInfo{{}})
|
|
||||||
nm.netmaps[nm.currentEpoch] = &testNetmap
|
|
||||||
nm.netmaps[nm.currentEpoch-1] = &testNetmap
|
|
||||||
|
|
||||||
_, _, err := router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.ContainerTarget(contID.EncodeToString()), &chain.Chain{
|
|
||||||
Rules: []chain.Rule{
|
|
||||||
{
|
|
||||||
Status: chain.AccessDenied,
|
|
||||||
Actions: chain.Actions{
|
|
||||||
Names: []string{
|
|
||||||
nativeschema.MethodGetContainerEACL,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
Resources: chain.Resources{
|
|
||||||
Names: []string{
|
|
||||||
fmt.Sprintf(nativeschema.ResourceFormatRootContainer, contID.EncodeToString()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
Condition: []chain.Condition{
|
|
||||||
{
|
|
||||||
Kind: chain.KindRequest,
|
|
||||||
Key: nativeschema.PropertyKeyActorRole,
|
|
||||||
Value: nativeschema.PropertyValueContainerRoleIR,
|
|
||||||
Op: chain.CondStringEquals,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
req := &container.GetExtendedACLRequest{}
|
|
||||||
req.SetBody(&container.GetExtendedACLRequestBody{})
|
|
||||||
var refContID refs.ContainerID
|
|
||||||
contID.WriteToV2(&refContID)
|
|
||||||
req.GetBody().SetContainerID(&refContID)
|
|
||||||
|
|
||||||
pk, err := keys.NewPrivateKey()
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.NoError(t, signature.SignServiceMessage(&pk.PrivateKey, req))
|
|
||||||
|
|
||||||
sessionPK, err := keys.NewPrivateKey()
|
|
||||||
require.NoError(t, err)
|
|
||||||
sToken := sessiontest.ContainerSigned()
|
|
||||||
sToken.ApplyOnlyTo(contID)
|
|
||||||
require.NoError(t, sToken.Sign(sessionPK.PrivateKey))
|
|
||||||
var sTokenV2 session.Token
|
|
||||||
sToken.WriteToV2(&sTokenV2)
|
|
||||||
metaHeader := new(session.RequestMetaHeader)
|
|
||||||
metaHeader.SetSessionToken(&sTokenV2)
|
|
||||||
req.SetMetaHeader(metaHeader)
|
|
||||||
|
|
||||||
ir.keys = append(ir.keys, sessionPK.PublicKey().Bytes())
|
|
||||||
|
|
||||||
resp, err := apeSrv.GetExtendedACL(context.Background(), req)
|
|
||||||
require.Nil(t, resp)
|
|
||||||
var errAccessDenied *apistatus.ObjectAccessDenied
|
|
||||||
require.ErrorAs(t, err, &errAccessDenied)
|
|
||||||
}
|
|
||||||
|
|
||||||
func testDenyPutContainerForOthersSessionToken(t *testing.T) {
|
func testDenyPutContainerForOthersSessionToken(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
srv := &srvStub{
|
srv := &srvStub{
|
||||||
|
@ -1164,11 +1074,6 @@ func (s *srvStub) Get(context.Context, *container.GetRequest) (*container.GetRes
|
||||||
return &container.GetResponse{}, nil
|
return &container.GetResponse{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *srvStub) GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
|
||||||
s.calls["GetExtendedACL"]++
|
|
||||||
return &container.GetExtendedACLResponse{}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *srvStub) List(context.Context, *container.ListRequest) (*container.ListResponse, error) {
|
func (s *srvStub) List(context.Context, *container.ListRequest) (*container.ListResponse, error) {
|
||||||
s.calls["List"]++
|
s.calls["List"]++
|
||||||
return &container.ListResponse{}, nil
|
return &container.ListResponse{}, nil
|
||||||
|
|
|
@ -52,17 +52,6 @@ func (a *auditService) Get(ctx context.Context, req *container.GetRequest) (*con
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetExtendedACL implements Server.
|
|
||||||
func (a *auditService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
|
||||||
res, err := a.next.GetExtendedACL(ctx, req)
|
|
||||||
if !a.enabled.Load() {
|
|
||||||
return res, err
|
|
||||||
}
|
|
||||||
audit.LogRequest(a.log, container_grpc.ContainerService_GetExtendedACL_FullMethodName, req,
|
|
||||||
audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil)
|
|
||||||
return res, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// List implements Server.
|
// List implements Server.
|
||||||
func (a *auditService) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
func (a *auditService) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) {
|
||||||
res, err := a.next.List(ctx, req)
|
res, err := a.next.List(ctx, req)
|
||||||
|
|
|
@ -14,7 +14,6 @@ type ServiceExecutor interface {
|
||||||
Delete(context.Context, *session.Token, *container.DeleteRequestBody) (*container.DeleteResponseBody, error)
|
Delete(context.Context, *session.Token, *container.DeleteRequestBody) (*container.DeleteResponseBody, error)
|
||||||
Get(context.Context, *container.GetRequestBody) (*container.GetResponseBody, error)
|
Get(context.Context, *container.GetRequestBody) (*container.GetResponseBody, error)
|
||||||
List(context.Context, *container.ListRequestBody) (*container.ListResponseBody, error)
|
List(context.Context, *container.ListRequestBody) (*container.ListResponseBody, error)
|
||||||
GetExtendedACL(context.Context, *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type executorSvc struct {
|
type executorSvc struct {
|
||||||
|
@ -94,16 +93,3 @@ func (s *executorSvc) List(ctx context.Context, req *container.ListRequest) (*co
|
||||||
s.respSvc.SetMeta(resp)
|
s.respSvc.SetMeta(resp)
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *executorSvc) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
|
||||||
respBody, err := s.exec.GetExtendedACL(ctx, req.GetBody())
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("could not execute GetEACL request: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
resp := new(container.GetExtendedACLResponse)
|
|
||||||
resp.SetBody(respBody)
|
|
||||||
|
|
||||||
s.respSvc.SetMeta(resp)
|
|
||||||
return resp, nil
|
|
||||||
}
|
|
||||||
|
|
|
@ -201,40 +201,3 @@ func (s *morphExecutor) List(_ context.Context, body *container.ListRequestBody)
|
||||||
|
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *morphExecutor) GetExtendedACL(_ context.Context, body *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error) {
|
|
||||||
idV2 := body.GetContainerID()
|
|
||||||
if idV2 == nil {
|
|
||||||
return nil, errors.New("missing container ID")
|
|
||||||
}
|
|
||||||
|
|
||||||
var id cid.ID
|
|
||||||
|
|
||||||
err := id.ReadFromV2(*idV2)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
eaclInfo, err := s.rdr.GetEACL(id)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
var sigV2 refs.Signature
|
|
||||||
eaclInfo.Signature.WriteToV2(&sigV2)
|
|
||||||
|
|
||||||
var tokV2 *sessionV2.Token
|
|
||||||
|
|
||||||
if eaclInfo.Session != nil {
|
|
||||||
tokV2 = new(sessionV2.Token)
|
|
||||||
|
|
||||||
eaclInfo.Session.WriteToV2(tokV2)
|
|
||||||
}
|
|
||||||
|
|
||||||
res := new(container.GetExtendedACLResponseBody)
|
|
||||||
res.SetEACL(eaclInfo.Value.ToV2())
|
|
||||||
res.SetSignature(&sigV2)
|
|
||||||
res.SetSessionToken(tokV2)
|
|
||||||
|
|
||||||
return res, nil
|
|
||||||
}
|
|
||||||
|
|
|
@ -12,5 +12,4 @@ type Server interface {
|
||||||
Get(context.Context, *container.GetRequest) (*container.GetResponse, error)
|
Get(context.Context, *container.GetRequest) (*container.GetResponse, error)
|
||||||
Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error)
|
Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error)
|
||||||
List(context.Context, *container.ListRequest) (*container.ListResponse, error)
|
List(context.Context, *container.ListRequest) (*container.ListResponse, error)
|
||||||
GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error)
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,12 +56,3 @@ func (s *signService) List(ctx context.Context, req *container.ListRequest) (*co
|
||||||
resp, err := util.EnsureNonNilResponse(s.svc.List(ctx, req))
|
resp, err := util.EnsureNonNilResponse(s.svc.List(ctx, req))
|
||||||
return resp, s.sigSvc.SignResponse(resp, err)
|
return resp, s.sigSvc.SignResponse(resp, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *signService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
|
|
||||||
if err := s.sigSvc.VerifyRequest(req); err != nil {
|
|
||||||
resp := new(container.GetExtendedACLResponse)
|
|
||||||
return resp, s.sigSvc.SignResponse(resp, err)
|
|
||||||
}
|
|
||||||
resp, err := util.EnsureNonNilResponse(s.svc.GetExtendedACL(ctx, req))
|
|
||||||
return resp, s.sigSvc.SignResponse(resp, err)
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue