forked from TrueCloudLab/frostfs-node
[#1184] node: Add audit middleware for grpc services
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
parent
ac1f014747
commit
ecd1ed7a5e
16 changed files with 967 additions and 36 deletions
|
|
@ -20,15 +20,16 @@ func initAccountingService(ctx context.Context, c *cfg) {
|
|||
balanceMorphWrapper, err := balance.NewFromMorph(c.cfgMorph.client, c.cfgAccounting.scriptHash, 0)
|
||||
fatalOnErr(err)
|
||||
|
||||
server := accountingTransportGRPC.New(
|
||||
accountingService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
accountingService.NewExecutionService(
|
||||
accounting.NewExecutor(balanceMorphWrapper),
|
||||
c.respSvc,
|
||||
),
|
||||
service := accountingService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
accountingService.NewExecutionService(
|
||||
accounting.NewExecutor(balanceMorphWrapper),
|
||||
c.respSvc,
|
||||
),
|
||||
)
|
||||
service = accountingService.NewAuditService(service, c.log, c.audit)
|
||||
|
||||
server := accountingTransportGRPC.New(service)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
accountingGRPC.RegisterAccountingServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -21,7 +21,8 @@ func initAPEManagerService(c *cfg) {
|
|||
execsvc := apemanager.New(c.cfgObject.cnrSource, contractStorage,
|
||||
apemanager.WithLogger(c.log))
|
||||
sigsvc := apemanager.NewSignService(&c.key.PrivateKey, execsvc)
|
||||
server := apemanager_transport.New(sigsvc)
|
||||
auditSvc := apemanager.NewAuditService(sigsvc, c.log, c.audit)
|
||||
server := apemanager_transport.New(auditSvc)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
apemanager_grpc.RegisterAPEManagerServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -46,15 +46,15 @@ func initContainerService(_ context.Context, c *cfg) {
|
|||
|
||||
c.shared.frostfsidClient = frostfsIDSubjectProvider
|
||||
|
||||
server := containerTransportGRPC.New(
|
||||
containerService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
containerService.NewAPEServer(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine, cnrRdr,
|
||||
newCachedIRFetcher(createInnerRingFetcher(c)), c.netMapSource, c.shared.frostfsidClient,
|
||||
containerService.NewExecutionService(containerMorph.NewExecutor(cnrRdr, cnrWrt), c.respSvc),
|
||||
),
|
||||
service := containerService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
containerService.NewAPEServer(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine, cnrRdr,
|
||||
newCachedIRFetcher(createInnerRingFetcher(c)), c.netMapSource, c.shared.frostfsidClient,
|
||||
containerService.NewExecutionService(containerMorph.NewExecutor(cnrRdr, cnrWrt), c.respSvc),
|
||||
),
|
||||
)
|
||||
service = containerService.NewAuditService(service, c.log, c.audit)
|
||||
server := containerTransportGRPC.New(service)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
containerGRPC.RegisterContainerServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -30,8 +30,8 @@ func initControlService(c *cfg) {
|
|||
for i := range pubs {
|
||||
rawPubs = append(rawPubs, pubs[i].Bytes())
|
||||
}
|
||||
|
||||
ctlSvc := controlSvc.New(
|
||||
var ctlSvc control.ControlServiceServer
|
||||
ctlSvc = controlSvc.New(
|
||||
controlSvc.WithKey(&c.key.PrivateKey),
|
||||
controlSvc.WithAuthorizedKeys(rawPubs),
|
||||
controlSvc.WithHealthChecker(c),
|
||||
|
|
@ -43,6 +43,7 @@ func initControlService(c *cfg) {
|
|||
controlSvc.WithTreeService(c.treeService),
|
||||
controlSvc.WithLocalOverrideStorage(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine),
|
||||
)
|
||||
ctlSvc = controlSvc.NewAuditService(ctlSvc, c.log, c.audit)
|
||||
|
||||
lis, err := net.Listen("tcp", endpoint)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -147,22 +147,22 @@ func initNetmapService(ctx context.Context, c *cfg) {
|
|||
|
||||
initNetmapState(c)
|
||||
|
||||
server := netmapTransportGRPC.New(
|
||||
netmapService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
netmapService.NewExecutionService(
|
||||
c,
|
||||
c.apiVersion,
|
||||
&netInfo{
|
||||
netState: c.cfgNetmap.state,
|
||||
magic: c.cfgMorph.client,
|
||||
morphClientNetMap: c.cfgNetmap.wrapper,
|
||||
msPerBlockRdr: c.cfgMorph.client.MsPerBlock,
|
||||
},
|
||||
c.respSvc,
|
||||
),
|
||||
svc := netmapService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
netmapService.NewExecutionService(
|
||||
c,
|
||||
c.apiVersion,
|
||||
&netInfo{
|
||||
netState: c.cfgNetmap.state,
|
||||
magic: c.cfgMorph.client,
|
||||
morphClientNetMap: c.cfgNetmap.wrapper,
|
||||
msPerBlockRdr: c.cfgMorph.client.MsPerBlock,
|
||||
},
|
||||
c.respSvc,
|
||||
),
|
||||
)
|
||||
svc = netmapService.NewAuditService(svc, c.log, c.audit)
|
||||
server := netmapTransportGRPC.New(svc)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
netmapGRPC.RegisterNetmapServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -182,7 +182,7 @@ func initObjectService(c *cfg) {
|
|||
sDeleteV2 := createDeleteServiceV2(sDelete)
|
||||
|
||||
// build service pipeline
|
||||
// grpc | <metrics> | signature | response | acl | ape | split
|
||||
// grpc | audit | <metrics> | signature | response | acl | ape | split
|
||||
|
||||
splitSvc := createSplitService(c, sPutV2, sGetV2, sSearchV2, sDeleteV2)
|
||||
|
||||
|
|
@ -205,7 +205,8 @@ func initObjectService(c *cfg) {
|
|||
|
||||
c.shared.metricsSvc = objectService.NewMetricCollector(
|
||||
signSvc, c.metricsCollector.ObjectService(), metricsconfig.Enabled(c.appCfg))
|
||||
server := objectTransportGRPC.New(c.shared.metricsSvc)
|
||||
auditSvc := objectService.NewAuditService(c.shared.metricsSvc, c.log, c.audit)
|
||||
server := objectTransportGRPC.New(auditSvc)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
objectGRPC.RegisterObjectServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -52,12 +52,13 @@ func initSessionService(c *cfg) {
|
|||
c.privateTokenStore.RemoveOld(ev.(netmap.NewEpoch).EpochNumber())
|
||||
})
|
||||
|
||||
server := sessionTransportGRPC.New(
|
||||
svc := sessionSvc.NewAuditService(
|
||||
sessionSvc.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
sessionSvc.NewExecutionService(c.privateTokenStore, c.respSvc, c.log),
|
||||
),
|
||||
)
|
||||
c.log, c.audit)
|
||||
server := sessionTransportGRPC.New(svc)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
sessionGRPC.RegisterSessionServiceServer(s, server)
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ func initTreeService(c *cfg) {
|
|||
)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
tree.RegisterTreeServiceServer(s, c.treeService)
|
||||
tree.RegisterTreeServiceServer(s, tree.NewAuditService(c.treeService, c.log, c.audit))
|
||||
})
|
||||
|
||||
c.workers = append(c.workers, newWorkerFromFunc(func(ctx context.Context) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue