From c1ec6e33b45ee8f45636fb16020d0937aa718723 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Mon, 13 Nov 2023 12:41:40 +0300 Subject: [PATCH] [#793] adm: Always use committee as FrostFS ID owner Committee should be able to authorize everything, there are no other usecases for the frostfs-adm currently. Also, it somewhat eases configuration, because committee hash depends on the protocol configuration. Signed-off-by: Evgenii Stratonikov --- .../internal/modules/morph/frostfsid_util.go | 3 ++- .../internal/modules/morph/frostfsid_util_test.go | 14 +++++++++----- .../internal/modules/morph/initialize_deploy.go | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go index 54a64a67a..248ad76b0 100644 --- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go +++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util.go @@ -13,8 +13,9 @@ import ( // neo-go doesn't support []util.Uint160 type: // https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/smartcontract/parameter.go#L262 // Thus, return []smartcontract.Parameter. -func getFrostfsIDAuthorizedKeys(v *viper.Viper) ([]smartcontract.Parameter, error) { +func getFrostfsIDAuthorizedKeys(v *viper.Viper, defaultOwner util.Uint160) ([]smartcontract.Parameter, error) { var res []smartcontract.Parameter + res = append(res, smartcontract.Parameter{Type: smartcontract.Hash160Type, Value: defaultOwner}) ks := v.GetStringSlice(frostfsIDAuthorizedKeysConfigKey) for i := range ks { diff --git a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go index 9982c0815..f4b6a66f6 100644 --- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go +++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go @@ -7,6 +7,7 @@ import ( "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/encoding/address" "github.com/nspcc-dev/neo-go/pkg/smartcontract" + "github.com/nspcc-dev/neo-go/pkg/util" "github.com/spf13/viper" "github.com/stretchr/testify/require" ) @@ -27,19 +28,22 @@ func TestFrostfsIDConfig(t *testing.T) { hex.EncodeToString(pks[3].PublicKey().Bytes()), }) - actual, err := getFrostfsIDAuthorizedKeys(v) + comm := util.Uint160{1, 2, 3} + actual, err := getFrostfsIDAuthorizedKeys(v, comm) require.NoError(t, err) - require.Equal(t, len(pks), len(actual)) + require.Equal(t, len(pks)+1, len(actual)) + require.Equal(t, smartcontract.Hash160Type, actual[0].Type) + require.Equal(t, comm, actual[0].Value) for i := range pks { - require.Equal(t, smartcontract.Hash160Type, actual[i].Type) - require.Equal(t, pks[i].GetScriptHash(), actual[i].Value) + require.Equal(t, smartcontract.Hash160Type, actual[i+1].Type) + require.Equal(t, pks[i].GetScriptHash(), actual[i+1].Value) } t.Run("bad key", func(t *testing.T) { v := viper.New() v.Set("frostfsid.authorized_keys", []string{"abc"}) - _, err := getFrostfsIDAuthorizedKeys(v) + _, err := getFrostfsIDAuthorizedKeys(v, comm) require.Error(t, err) }) } diff --git a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go index 34475fe8b..5183114f9 100644 --- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go +++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go @@ -538,7 +538,7 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []an nnsCs.Hash, "container") case frostfsIDContract: - hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper()) + hs, err := getFrostfsIDAuthorizedKeys(viper.GetViper(), c.CommitteeAcc.PublicKey().GetScriptHash()) if err != nil { panic(err) }