[#306] Use session token for container read operations

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-01 17:11:07 +03:00 · 2024-03-01 17:11:07 +03:00 · 8050ca2d51
commit 8050ca2d51
parent c12e264697
12 changed files with 116 additions and 41 deletions
--- a/api/layer/container.go
+++ b/api/layer/container.go
@ -32,20 +32,21 @@ const (
 	AttributeLockEnabled        = "LockEnabled"
 )

-func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketInfo, error) {
+func (n *layer) containerInfo(ctx context.Context, prm PrmContainer) (*data.BucketInfo, error) {
 	var (
 		err error
 		res *container.Container
-		log = n.reqLogger(ctx).With(zap.Stringer("cid", idCnr))
+		log = n.reqLogger(ctx).With(zap.Stringer("cid", prm.ContainerID))

 		info = &data.BucketInfo{
-			CID:  idCnr,
-			Name: idCnr.EncodeToString(),
+			CID:  prm.ContainerID,
+			Name: prm.ContainerID.EncodeToString(),
 		}

 		reqInfo = middleware.GetReqInfo(ctx)
 	)
-	res, err = n.frostFS.Container(ctx, idCnr)
+
+	res, err = n.frostFS.Container(ctx, prm)
 	if err != nil {
 		if client.IsErrContainerNotFound(err) {
 			return nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchBucket), err.Error())
@ -78,7 +79,7 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn

 	zone, _ := n.features.FormContainerZone(reqInfo.Namespace)
 	if zone != info.Zone {
-		return nil, fmt.Errorf("ns '%s' and zone '%s' are mismatched for container '%s'", zone, info.Zone, idCnr)
+		return nil, fmt.Errorf("ns '%s' and zone '%s' are mismatched for container '%s'", zone, info.Zone, prm.ContainerID)
 	}

 	n.cache.PutBucket(info)
@ -87,7 +88,14 @@ func (n *layer) containerInfo(ctx context.Context, idCnr cid.ID) (*data.BucketIn
 }

 func (n *layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {
-	res, err := n.frostFS.UserContainers(ctx, n.BearerOwner(ctx))
+	stoken := n.SessionTokenForRead(ctx)
+
+	prm := PrmUserContainers{
+		UserID:       n.BearerOwner(ctx),
+		SessionToken: stoken,
+	}
+
+	res, err := n.frostFS.UserContainers(ctx, prm)
 	if err != nil {
 		n.reqLogger(ctx).Error(logs.CouldNotListUserContainers, zap.Error(err))
 		return nil, err
@ -95,7 +103,11 @@ func (n *layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {

 	list := make([]*data.BucketInfo, 0, len(res))
 	for i := range res {
-		info, err := n.containerInfo(ctx, res[i])
+		getPrm := PrmContainer{
+			ContainerID:  res[i],
+			SessionToken: stoken,
+		}
+		info, err := n.containerInfo(ctx, getPrm)
 		if err != nil {
 			n.reqLogger(ctx).Error(logs.CouldNotFetchContainerInfo, zap.Error(err))
 			continue
@ -167,6 +179,10 @@ func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *
 	return n.frostFS.SetContainerEACL(ctx, *table, sessionToken)
 }

-func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) {
-	return n.frostFS.ContainerEACL(ctx, idCnr)
+func (n *layer) GetContainerEACL(ctx context.Context, cnrID cid.ID) (*eacl.Table, error) {
+	prm := PrmContainerEACL{
+		ContainerID:  cnrID,
+		SessionToken: n.SessionTokenForRead(ctx),
+	}
+	return n.frostFS.ContainerEACL(ctx, prm)
 }