satellite/metabase: bring back copy/move validation for key and nonce
Uplink is fixed and now we should always get both key and nonce or both empty. Fixes https://github.com/storj/storj/issues/4646 Change-Id: I65dca2d4d5a10787c2fecad39e301121f1ae242a
This commit is contained in:
Michał Niewrzał
Michal Niewrzal
parent
2b39df460c
commit
2014e4655a
2
go.mod
2
go.mod
@ -55,7 +55,7 @@ require (
|
|||||||
storj.io/drpc v0.0.30
|
storj.io/drpc v0.0.30
|
||||||
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a
|
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a
|
||||||
storj.io/private v0.0.0-20220323114243-08c4b5e752f4
|
storj.io/private v0.0.0-20220323114243-08c4b5e752f4
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
|||||||
4
go.sum
4
go.sum
@ -929,5 +929,5 @@ storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a h1:qads+aZlFKm5gUxobfF
|
|||||||
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a/go.mod h1:DGEycSjvzE0JqcD3+6IjwPEK6x30oOus6AApXzl7t0s=
|
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a/go.mod h1:DGEycSjvzE0JqcD3+6IjwPEK6x30oOus6AApXzl7t0s=
|
||||||
storj.io/private v0.0.0-20220323114243-08c4b5e752f4 h1:szxLYr9Rdmx19unt47kafB3816JFI5esPlrzdMyZhvk=
|
storj.io/private v0.0.0-20220323114243-08c4b5e752f4 h1:szxLYr9Rdmx19unt47kafB3816JFI5esPlrzdMyZhvk=
|
||||||
storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
|
storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 h1:h7lN3rb0hSiXlWRpF/TImhxD6brPZOlIqYoGDw1ULUQ=
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df h1:MhKJYHYz5nyF5Y7ed0kyhyDCkIcqeAQq6z29YVVHHpo=
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
|
||||||
|
|||||||
@ -145,16 +145,14 @@ func (finishCopy FinishCopyObject) Verify() error {
|
|||||||
} else if finishCopy.NewEncryptedMetadata != nil && (finishCopy.NewEncryptedMetadataKeyNonce.IsZero() || finishCopy.NewEncryptedMetadataKey == nil) {
|
} else if finishCopy.NewEncryptedMetadata != nil && (finishCopy.NewEncryptedMetadataKeyNonce.IsZero() || finishCopy.NewEncryptedMetadataKey == nil) {
|
||||||
return ErrInvalidRequest.New("EncryptedMetadataNonce and EncryptedMetadataEncryptedKey must be set if EncryptedMetadata is set")
|
return ErrInvalidRequest.New("EncryptedMetadataNonce and EncryptedMetadataEncryptedKey must be set if EncryptedMetadata is set")
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
switch {
|
||||||
|
case finishCopy.NewEncryptedMetadataKeyNonce.IsZero() && len(finishCopy.NewEncryptedMetadataKey) != 0:
|
||||||
|
return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
|
||||||
|
case len(finishCopy.NewEncryptedMetadataKey) == 0 && !finishCopy.NewEncryptedMetadataKeyNonce.IsZero():
|
||||||
|
return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// TODO disable temporary until uplink is fixed
|
|
||||||
// else {
|
|
||||||
// switch {
|
|
||||||
// case finishCopy.NewEncryptedMetadataKeyNonce.IsZero() && len(finishCopy.NewEncryptedMetadataKey) != 0:
|
|
||||||
// return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
|
|
||||||
// case len(finishCopy.NewEncryptedMetadataKey) == 0 && !finishCopy.NewEncryptedMetadataKeyNonce.IsZero():
|
|
||||||
// return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -213,42 +213,57 @@ func TestFinishCopyObject(t *testing.T) {
|
|||||||
metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
})
|
})
|
||||||
|
|
||||||
// TODO disable temporary until uplink is fixed
|
t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
|
||||||
// t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
// defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
|
||||||
|
|
||||||
// metabasetest.FinishCopyObject{
|
metabasetest.FinishCopyObject{
|
||||||
// Opts: metabase.FinishCopyObject{
|
Opts: metabase.FinishCopyObject{
|
||||||
// NewBucket: newBucketName,
|
NewBucket: newBucketName,
|
||||||
// ObjectStream: obj,
|
ObjectStream: obj,
|
||||||
// NewEncryptedObjectKey: metabasetest.RandObjectKey(),
|
NewEncryptedObjectKey: metabasetest.RandObjectKey(),
|
||||||
// NewStreamID: newStreamID,
|
NewStreamID: newStreamID,
|
||||||
// NewEncryptedMetadataKey: []byte{0},
|
NewEncryptedMetadataKey: []byte{0},
|
||||||
// },
|
},
|
||||||
// ErrClass: &metabase.ErrInvalidRequest,
|
ErrClass: &metabase.ErrInvalidRequest,
|
||||||
// ErrText: "EncryptedMetadataKeyNonce is missing",
|
ErrText: "EncryptedMetadataKeyNonce is missing",
|
||||||
// }.Check(ctx, t, db)
|
}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
// })
|
})
|
||||||
|
|
||||||
// t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
|
t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
|
||||||
// defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.FinishCopyObject{
|
metabasetest.FinishCopyObject{
|
||||||
// Opts: metabase.FinishCopyObject{
|
Opts: metabase.FinishCopyObject{
|
||||||
// NewBucket: newBucketName,
|
NewBucket: newBucketName,
|
||||||
// ObjectStream: obj,
|
ObjectStream: obj,
|
||||||
// NewEncryptedObjectKey: metabasetest.RandObjectKey(),
|
NewEncryptedObjectKey: metabasetest.RandObjectKey(),
|
||||||
// NewEncryptedMetadataKeyNonce: testrand.Nonce(),
|
NewEncryptedMetadataKeyNonce: testrand.Nonce(),
|
||||||
// NewStreamID: newStreamID,
|
NewStreamID: newStreamID,
|
||||||
// },
|
},
|
||||||
// ErrClass: &metabase.ErrInvalidRequest,
|
ErrClass: &metabase.ErrInvalidRequest,
|
||||||
// ErrText: "EncryptedMetadataKey is missing",
|
ErrText: "EncryptedMetadataKey is missing",
|
||||||
// }.Check(ctx, t, db)
|
}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
// })
|
})
|
||||||
|
|
||||||
|
t.Run("empty EncryptedMetadataKey and EncryptedMetadataKeyNonce", func(t *testing.T) {
|
||||||
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|
||||||
|
metabasetest.FinishCopyObject{
|
||||||
|
Opts: metabase.FinishCopyObject{
|
||||||
|
NewBucket: newBucketName,
|
||||||
|
ObjectStream: obj,
|
||||||
|
NewEncryptedObjectKey: metabasetest.RandObjectKey(),
|
||||||
|
NewStreamID: newStreamID,
|
||||||
|
},
|
||||||
|
// validation pass without EncryptedMetadataKey and EncryptedMetadataKeyNonce
|
||||||
|
ErrClass: &storj.ErrObjectNotFound,
|
||||||
|
ErrText: "metabase: sql: no rows in result set",
|
||||||
|
}.Check(ctx, t, db)
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("empty EncryptedMetadata with OverrideMetadata=true", func(t *testing.T) {
|
t.Run("empty EncryptedMetadata with OverrideMetadata=true", func(t *testing.T) {
|
||||||
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|||||||
@ -133,11 +133,10 @@ func (finishMove FinishMoveObject) Verify() error {
|
|||||||
return ErrInvalidRequest.New("NewBucket is missing")
|
return ErrInvalidRequest.New("NewBucket is missing")
|
||||||
case len(finishMove.NewEncryptedObjectKey) == 0:
|
case len(finishMove.NewEncryptedObjectKey) == 0:
|
||||||
return ErrInvalidRequest.New("NewEncryptedObjectKey is missing")
|
return ErrInvalidRequest.New("NewEncryptedObjectKey is missing")
|
||||||
// TODO disable temporary until uplink is fixed
|
case finishMove.NewEncryptedMetadataKeyNonce.IsZero() && len(finishMove.NewEncryptedMetadataKey) != 0:
|
||||||
// case finishMove.NewEncryptedMetadataKeyNonce.IsZero():
|
return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
|
||||||
// return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
|
case len(finishMove.NewEncryptedMetadataKey) == 0 && !finishMove.NewEncryptedMetadataKeyNonce.IsZero():
|
||||||
// case len(finishMove.NewEncryptedMetadataKey) == 0:
|
return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
|
||||||
// return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
@ -157,40 +157,56 @@ func TestFinishMoveObject(t *testing.T) {
|
|||||||
metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
})
|
})
|
||||||
|
|
||||||
// TODO disable temporary until uplink is fixed
|
t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
|
||||||
// t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
// defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
|
||||||
|
|
||||||
// metabasetest.FinishMoveObject{
|
metabasetest.FinishMoveObject{
|
||||||
// Opts: metabase.FinishMoveObject{
|
Opts: metabase.FinishMoveObject{
|
||||||
// NewBucket: newBucketName,
|
NewBucket: newBucketName,
|
||||||
// ObjectStream: obj,
|
ObjectStream: obj,
|
||||||
// NewEncryptedObjectKey: []byte{0},
|
NewEncryptedObjectKey: []byte{0},
|
||||||
// NewEncryptedMetadataKey: []byte{0},
|
NewEncryptedMetadataKey: []byte{0},
|
||||||
// },
|
},
|
||||||
// ErrClass: &metabase.ErrInvalidRequest,
|
ErrClass: &metabase.ErrInvalidRequest,
|
||||||
// ErrText: "EncryptedMetadataKeyNonce is missing",
|
ErrText: "EncryptedMetadataKeyNonce is missing",
|
||||||
// }.Check(ctx, t, db)
|
}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
// })
|
})
|
||||||
|
|
||||||
// t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
|
t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
|
||||||
// defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.FinishMoveObject{
|
metabasetest.FinishMoveObject{
|
||||||
// Opts: metabase.FinishMoveObject{
|
Opts: metabase.FinishMoveObject{
|
||||||
// NewBucket: newBucketName,
|
NewBucket: newBucketName,
|
||||||
// ObjectStream: obj,
|
ObjectStream: obj,
|
||||||
// NewEncryptedObjectKey: []byte{0},
|
NewEncryptedObjectKey: []byte{0},
|
||||||
// NewEncryptedMetadataKeyNonce: testrand.Nonce(),
|
NewEncryptedMetadataKeyNonce: testrand.Nonce(),
|
||||||
// },
|
},
|
||||||
// ErrClass: &metabase.ErrInvalidRequest,
|
ErrClass: &metabase.ErrInvalidRequest,
|
||||||
// ErrText: "EncryptedMetadataKey is missing",
|
ErrText: "EncryptedMetadataKey is missing",
|
||||||
// }.Check(ctx, t, db)
|
}.Check(ctx, t, db)
|
||||||
|
|
||||||
// metabasetest.Verify{}.Check(ctx, t, db)
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
// })
|
})
|
||||||
|
|
||||||
|
t.Run("empty EncryptedMetadataKey and EncryptedMetadataKeyNonce", func(t *testing.T) {
|
||||||
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|
||||||
|
metabasetest.FinishMoveObject{
|
||||||
|
Opts: metabase.FinishMoveObject{
|
||||||
|
NewBucket: newBucketName,
|
||||||
|
ObjectStream: obj,
|
||||||
|
NewEncryptedObjectKey: []byte{0},
|
||||||
|
},
|
||||||
|
// validation pass without EncryptedMetadataKey and EncryptedMetadataKeyNonce
|
||||||
|
ErrClass: &storj.ErrObjectNotFound,
|
||||||
|
ErrText: "object not found",
|
||||||
|
}.Check(ctx, t, db)
|
||||||
|
|
||||||
|
metabasetest.Verify{}.Check(ctx, t, db)
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("object already exists", func(t *testing.T) {
|
t.Run("object already exists", func(t *testing.T) {
|
||||||
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
defer metabasetest.DeleteAll{}.Check(ctx, t, db)
|
||||||
|
|||||||
@ -220,5 +220,5 @@ require (
|
|||||||
storj.io/gateway v1.4.1 // indirect
|
storj.io/gateway v1.4.1 // indirect
|
||||||
storj.io/minio v0.0.0-20211007171754-df6c27823c8a // indirect
|
storj.io/minio v0.0.0-20211007171754-df6c27823c8a // indirect
|
||||||
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a // indirect
|
storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a // indirect
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 // indirect
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df // indirect
|
||||||
)
|
)
|
||||||
|
|||||||
@ -1477,5 +1477,5 @@ storj.io/private v0.0.0-20220323114243-08c4b5e752f4 h1:szxLYr9Rdmx19unt47kafB381
|
|||||||
storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
|
storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
|
||||||
storj.io/uplink v1.7.0/go.mod h1:zqj/LFDxa6RMaSRSHOmukg3mMgesOry0iHSjNldDMGo=
|
storj.io/uplink v1.7.0/go.mod h1:zqj/LFDxa6RMaSRSHOmukg3mMgesOry0iHSjNldDMGo=
|
||||||
storj.io/uplink v1.7.1-0.20211103104100-a785482780d8/go.mod h1:pKqsMpNMIAz//2TXzUGOR6tpu3iyabvXV4VWINj4jaY=
|
storj.io/uplink v1.7.1-0.20211103104100-a785482780d8/go.mod h1:pKqsMpNMIAz//2TXzUGOR6tpu3iyabvXV4VWINj4jaY=
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 h1:h7lN3rb0hSiXlWRpF/TImhxD6brPZOlIqYoGDw1ULUQ=
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df h1:MhKJYHYz5nyF5Y7ed0kyhyDCkIcqeAQq6z29YVVHHpo=
|
||||||
storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
|
storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user