* Sign service wraps an error with status and sign a response even
if error occurs from `CloseAndRecv` in `Put` and `Patch` methods.
Close#1710
Change-Id: I7e1d8fe00db53607fa6e04ebec9a29b87349f8a1
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* When sign service calls `SignResponse`, it tries to set v2 status
to response by unwrapping an error to the possible depth. This wasn't
applicable for `errIncompletePut` so far as it didn't implement
`Unwrap()`. Thus, it wasn't able to find a correct status set in error.
Change-Id: I280c1806a008176854c55f13bf8688e5736ef941
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
* Move some helpers from `acl/v2` package to `ape`. Also move errors;
* Introduce `Metadata`, `RequestInfo` types;
* Introduce `RequestInfoExtractor` interface and its implementation.
The extractor's purpose is to extract request info based on request
metadata. It also validates session token;
* Refactor ape service - each handler forms request info and pass
necessary fields to checker.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
When we do `object patch` with audit enabled we get several
duplicated entries in logs.
`object patch` request is logged in 2 places:
1. `(*auditPatchStream) CloseAndRecv()` - when the client closes
the request stream or when stream gets aborted.
2. `(*auditPatchStream) Send()` - when stream was NOT aborted.
`Send()` doesn't check if `err != nil` before logging.
It led to to logging on every `Send()` call.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
When we do `object put` with audit enabled we get several entries
in logs: with and without object id.
`object put` request is logged in 2 places:
1. `(*auditPutStream) CloseAndRecv()` - when the client closes the
request stream or when stream gets aborted.
2. `(*auditPutStream) Send()` - when stream was NOT aborted.
`Send()` does error check for `ErrAbortStream` because if there
is any other error - CloseAndRecv will not be called and there
won't be any audit log about failed request.
It led to logging on every object chunck put, even if `err == nil`.
Added check for `err != nil` in `Send()` to fix it.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
* A client may open stream to server, not send anything and close
the open stream immediatly. This shouldn't cause a panic;
* Return the error if `s.patcher` is uninitialized. Uninitialized
patcher cannot be closed, this causes a panic.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Constant string `testOwnerID` for these tests has an invalid
format. It has 11 bytes instead of required 25 for `user.ID`.
It worked because:
1. `user.ID` was a byte slice and didn't check length
and format of byte slices decoded from strings.
2. in these tests `testOwnerID` was used only to decode
container owner id and to compare it with owner id encoded
back to string.
Since `user.ID implementation has changed`, the problem arised.
Now `testOwnerID` is valid.
Signed-off-by: Ekaterina Lebedeva <ekaterina.lebedeva@yadro.com>
* X-Headers can be found in `origin` field of `MetaHeader` if the request
has been forwarded from non-container node.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Previously, `ln` was only set once, so search has really worked for
small number of objects.
Fix panic:
```
panic: runtime error: slice bounds out of range [:43690] with capacity 21238
goroutine 6859775 [running]:
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object.(*searchStreamMsgSizeCtrl).Send(0xc001eec8d0, 0xc005734000)
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/transport_splitter.go:173 +0x1f0
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search/v2.(*streamWriter).WriteIDs(0xc000520320, {0xc00eb1a000, 0x4fd9c, 0x7fd6475a9a68?})
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search/v2/streamer.go:28 +0x155
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search.(*uniqueIDWriter).WriteIDs(0xc001386420, {0xc00eb1a000?, 0xc0013ea9c0?, 0x113eef3?})
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search/util.go:62 +0x202
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search.(*execCtx).writeIDList(0xc00011aa38?, {0xc00eb1a000?, 0xc001eec9f0?, 0xc0008f4380?})
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search/exec.go:68 +0x91
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search.(*execCtx).executeLocal(0xc0008f4380, {0x176c538, 0xc001eec9f0})
git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/search/local.go:18 +0x16b
```
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
Use `zap.Error` instead of `zap.String` for logging errors: change all expressions like
`zap.String("error", err.Error())` or `zap.String("err", err.Error())` to `zap.Error(err)`.
Leave similar expressions with other messages unchanged, for example,
`zap.String("last_error", lastErr.Error())` or `zap.String("reason", ctx.Err().Error())`.
This change was made by applying the following patch:
```diff
@@
var err expression
@@
-zap.String("error", err.Error())
+zap.Error(err)
@@
var err expression
@@
-zap.String("err", err.Error())
+zap.Error(err)
```
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
Those errors are fired when it is enough chunks retrieved and error group
cancels other requests.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
Previous release was EACL-compatible.
Starting from now all EACL should've been migrated to APE chains.
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
* Update version within go.mod;
* Fix deprecated frostfs-api-go/v2 package and use frostfs-sdk-go/api
instead.
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
Initially, this test was a check that only the container node can
assemble an EC object. But the implementation of this test was wrong.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
As EC put request may be processed only by container node, so sign requests
with current node private to not to perform APE checks.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
