From d8e37a827f5361596d6e4262c3864d745de590aa Mon Sep 17 00:00:00 2001
From: Dmitrii Stepanov <d.stepanov@yadro.com>
Date: Wed, 12 Jul 2023 15:37:35 +0300
Subject: [PATCH] [#497] config: Add examples and unit tests

Add examples and unit tests for tree.authorized_keys section.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
---
 cmd/frostfs-node/config/tree/config_test.go | 11 +++++++++++
 config/example/node.env                     |  1 +
 config/example/node.json                    |  6 +++++-
 config/example/node.yaml                    |  3 +++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/cmd/frostfs-node/config/tree/config_test.go b/cmd/frostfs-node/config/tree/config_test.go
index a39aa4553..898f7e715 100644
--- a/cmd/frostfs-node/config/tree/config_test.go
+++ b/cmd/frostfs-node/config/tree/config_test.go
@@ -7,6 +7,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
 	configtest "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/test"
 	treeconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/tree"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 )
 
@@ -21,10 +22,19 @@ func TestTreeSection(t *testing.T) {
 		require.Equal(t, 0, treeSec.ReplicationChannelCapacity())
 		require.Equal(t, 0, treeSec.ReplicationWorkerCount())
 		require.Equal(t, time.Duration(0), treeSec.ReplicationTimeout())
+		require.Equal(t, 0, len(treeSec.AuthorizedKeys()))
 	})
 
 	const path = "../../../../config/example/node"
 
+	var expectedKeys keys.PublicKeys
+	key, err := keys.NewPublicKeyFromString("0397d207ea77909f7d66fa6f36d08daae22ace672be7ea4f53513484dde8a142a0")
+	require.NoError(t, err)
+	expectedKeys = append(expectedKeys, key)
+	key, err = keys.NewPublicKeyFromString("02053819235c20d784132deba10bb3061629e3a5c819a039ef091841d9d35dad56")
+	require.NoError(t, err)
+	expectedKeys = append(expectedKeys, key)
+
 	var fileConfigTest = func(c *config.Config) {
 		treeSec := treeconfig.Tree(c)
 
@@ -34,6 +44,7 @@ func TestTreeSection(t *testing.T) {
 		require.Equal(t, 32, treeSec.ReplicationWorkerCount())
 		require.Equal(t, 5*time.Second, treeSec.ReplicationTimeout())
 		require.Equal(t, time.Hour, treeSec.SyncInterval())
+		require.Equal(t, expectedKeys, treeSec.AuthorizedKeys())
 	}
 
 	configtest.ForEachFileType(path, fileConfigTest)
diff --git a/config/example/node.env b/config/example/node.env
index 143bf0388..089021767 100644
--- a/config/example/node.env
+++ b/config/example/node.env
@@ -36,6 +36,7 @@ FROSTFS_TREE_REPLICATION_CHANNEL_CAPACITY=32
 FROSTFS_TREE_REPLICATION_WORKER_COUNT=32
 FROSTFS_TREE_REPLICATION_TIMEOUT=5s
 FROSTFS_TREE_SYNC_INTERVAL=1h
+FROSTFS_TREE_AUTHORIZED_KEYS="0397d207ea77909f7d66fa6f36d08daae22ace672be7ea4f53513484dde8a142a0 02053819235c20d784132deba10bb3061629e3a5c819a039ef091841d9d35dad56"
 
 # gRPC section
 ## 0 server
diff --git a/config/example/node.json b/config/example/node.json
index 04aabdd42..e4b85bc81 100644
--- a/config/example/node.json
+++ b/config/example/node.json
@@ -75,7 +75,11 @@
     "replication_channel_capacity": 32,
     "replication_worker_count": 32,
     "replication_timeout": "5s",
-    "sync_interval": "1h"
+    "sync_interval": "1h",
+    "authorized_keys": [
+      "0397d207ea77909f7d66fa6f36d08daae22ace672be7ea4f53513484dde8a142a0",
+      "02053819235c20d784132deba10bb3061629e3a5c819a039ef091841d9d35dad56"
+    ]
   },
   "control": {
     "authorized_keys": [
diff --git a/config/example/node.yaml b/config/example/node.yaml
index bc665a688..897f4e15b 100644
--- a/config/example/node.yaml
+++ b/config/example/node.yaml
@@ -62,6 +62,9 @@ tree:
   replication_channel_capacity: 32
   replication_timeout: 5s
   sync_interval: 1h
+  authorized_keys:  # list of hex-encoded public keys that have rights to use the Tree Service with frostfs-cli
+    - 0397d207ea77909f7d66fa6f36d08daae22ace672be7ea4f53513484dde8a142a0
+    - 02053819235c20d784132deba10bb3061629e3a5c819a039ef091841d9d35dad56
 
 control:
   authorized_keys:  # list of hex-encoded public keys that have rights to use the Control Service