satellite/metabase: bring back copy/move validation for key and nonce

Uplink is fixed and now we should always get both key and nonce or both empty. Fixes https://github.com/storj/storj/issues/4646 Change-Id: I65dca2d4d5a10787c2fecad39e301121f1ae242a
2022-03-30 13:12:08 +02:00 · 2022-03-30 13:12:08 +02:00 · 2014e4655a
commit 2014e4655a
parent 2b39df460c
8 changed files with 108 additions and 80 deletions
--- a/go.mod
+++ b/go.mod
@ -55,7 +55,7 @@ require (
 	storj.io/drpc v0.0.30
 	storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a
 	storj.io/private v0.0.0-20220323114243-08c4b5e752f4
-	storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232
+	storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df
 )

 require (
--- a/go.sum
+++ b/go.sum
@ -929,5 +929,5 @@ storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a h1:qads+aZlFKm5gUxobfF
 storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a/go.mod h1:DGEycSjvzE0JqcD3+6IjwPEK6x30oOus6AApXzl7t0s=
 storj.io/private v0.0.0-20220323114243-08c4b5e752f4 h1:szxLYr9Rdmx19unt47kafB3816JFI5esPlrzdMyZhvk=
 storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
-storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 h1:h7lN3rb0hSiXlWRpF/TImhxD6brPZOlIqYoGDw1ULUQ=
-storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
+storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df h1:MhKJYHYz5nyF5Y7ed0kyhyDCkIcqeAQq6z29YVVHHpo=
+storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
--- a/satellite/metabase/copy_object.go
+++ b/satellite/metabase/copy_object.go
@ -145,16 +145,14 @@ func (finishCopy FinishCopyObject) Verify() error {
 		} else if finishCopy.NewEncryptedMetadata != nil && (finishCopy.NewEncryptedMetadataKeyNonce.IsZero() || finishCopy.NewEncryptedMetadataKey == nil) {
 			return ErrInvalidRequest.New("EncryptedMetadataNonce and EncryptedMetadataEncryptedKey must be set if EncryptedMetadata is set")
 		}
+	} else {
+		switch {
+		case finishCopy.NewEncryptedMetadataKeyNonce.IsZero() && len(finishCopy.NewEncryptedMetadataKey) != 0:
+			return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
+		case len(finishCopy.NewEncryptedMetadataKey) == 0 && !finishCopy.NewEncryptedMetadataKeyNonce.IsZero():
+			return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
+		}
 	}
-	// TODO disable temporary until uplink is fixed
-	// else {
-	// switch {
-	// case finishCopy.NewEncryptedMetadataKeyNonce.IsZero() && len(finishCopy.NewEncryptedMetadataKey) != 0:
-	// 	return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
-	// case len(finishCopy.NewEncryptedMetadataKey) == 0 && !finishCopy.NewEncryptedMetadataKeyNonce.IsZero():
-	// 	return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
-	// }
-	// }

 	return nil
 }
--- a/satellite/metabase/copy_object_test.go
+++ b/satellite/metabase/copy_object_test.go
@ -213,42 +213,57 @@ func TestFinishCopyObject(t *testing.T) {
 			metabasetest.Verify{}.Check(ctx, t, db)
 		})

-		// TODO disable temporary until uplink is fixed
-		// t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
-		// 	defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+		t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)

-		// 	metabasetest.FinishCopyObject{
-		// 		Opts: metabase.FinishCopyObject{
-		// 			NewBucket:               newBucketName,
-		// 			ObjectStream:            obj,
-		// 			NewEncryptedObjectKey:   metabasetest.RandObjectKey(),
-		// 			NewStreamID:             newStreamID,
-		// 			NewEncryptedMetadataKey: []byte{0},
-		// 		},
-		// 		ErrClass: &metabase.ErrInvalidRequest,
-		// 		ErrText:  "EncryptedMetadataKeyNonce is missing",
-		// 	}.Check(ctx, t, db)
+			metabasetest.FinishCopyObject{
+				Opts: metabase.FinishCopyObject{
+					NewBucket:               newBucketName,
+					ObjectStream:            obj,
+					NewEncryptedObjectKey:   metabasetest.RandObjectKey(),
+					NewStreamID:             newStreamID,
+					NewEncryptedMetadataKey: []byte{0},
+				},
+				ErrClass: &metabase.ErrInvalidRequest,
+				ErrText:  "EncryptedMetadataKeyNonce is missing",
+			}.Check(ctx, t, db)

-		// 	metabasetest.Verify{}.Check(ctx, t, db)
-		// })
+			metabasetest.Verify{}.Check(ctx, t, db)
+		})

-		// t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
-		// 	defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+		t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)

-		// 	metabasetest.FinishCopyObject{
-		// 		Opts: metabase.FinishCopyObject{
-		// 			NewBucket:                    newBucketName,
-		// 			ObjectStream:                 obj,
-		// 			NewEncryptedObjectKey:        metabasetest.RandObjectKey(),
-		// 			NewEncryptedMetadataKeyNonce: testrand.Nonce(),
-		// 			NewStreamID:                  newStreamID,
-		// 		},
-		// 		ErrClass: &metabase.ErrInvalidRequest,
-		// 		ErrText:  "EncryptedMetadataKey is missing",
-		// 	}.Check(ctx, t, db)
+			metabasetest.FinishCopyObject{
+				Opts: metabase.FinishCopyObject{
+					NewBucket:                    newBucketName,
+					ObjectStream:                 obj,
+					NewEncryptedObjectKey:        metabasetest.RandObjectKey(),
+					NewEncryptedMetadataKeyNonce: testrand.Nonce(),
+					NewStreamID:                  newStreamID,
+				},
+				ErrClass: &metabase.ErrInvalidRequest,
+				ErrText:  "EncryptedMetadataKey is missing",
+			}.Check(ctx, t, db)

-		// 	metabasetest.Verify{}.Check(ctx, t, db)
-		// })
+			metabasetest.Verify{}.Check(ctx, t, db)
+		})
+
+		t.Run("empty EncryptedMetadataKey and EncryptedMetadataKeyNonce", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+
+			metabasetest.FinishCopyObject{
+				Opts: metabase.FinishCopyObject{
+					NewBucket:             newBucketName,
+					ObjectStream:          obj,
+					NewEncryptedObjectKey: metabasetest.RandObjectKey(),
+					NewStreamID:           newStreamID,
+				},
+				// validation pass without EncryptedMetadataKey and EncryptedMetadataKeyNonce
+				ErrClass: &storj.ErrObjectNotFound,
+				ErrText:  "metabase: sql: no rows in result set",
+			}.Check(ctx, t, db)
+		})

 		t.Run("empty EncryptedMetadata with OverrideMetadata=true", func(t *testing.T) {
 			defer metabasetest.DeleteAll{}.Check(ctx, t, db)
--- a/satellite/metabase/move_object.go
+++ b/satellite/metabase/move_object.go
@ -133,11 +133,10 @@ func (finishMove FinishMoveObject) Verify() error {
 		return ErrInvalidRequest.New("NewBucket is missing")
 	case len(finishMove.NewEncryptedObjectKey) == 0:
 		return ErrInvalidRequest.New("NewEncryptedObjectKey is missing")
-		// TODO disable temporary until uplink is fixed
-		// case finishMove.NewEncryptedMetadataKeyNonce.IsZero():
-		// 	return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
-		// case len(finishMove.NewEncryptedMetadataKey) == 0:
-		// 	return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
+	case finishMove.NewEncryptedMetadataKeyNonce.IsZero() && len(finishMove.NewEncryptedMetadataKey) != 0:
+		return ErrInvalidRequest.New("EncryptedMetadataKeyNonce is missing")
+	case len(finishMove.NewEncryptedMetadataKey) == 0 && !finishMove.NewEncryptedMetadataKeyNonce.IsZero():
+		return ErrInvalidRequest.New("EncryptedMetadataKey is missing")
 	}

 	return nil
--- a/satellite/metabase/move_object_test.go
+++ b/satellite/metabase/move_object_test.go
@ -157,40 +157,56 @@ func TestFinishMoveObject(t *testing.T) {
 			metabasetest.Verify{}.Check(ctx, t, db)
 		})

-		// TODO disable temporary until uplink is fixed
-		// t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
-		// 	defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+		t.Run("invalid EncryptedMetadataKeyNonce", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)

-		// 	metabasetest.FinishMoveObject{
-		// 		Opts: metabase.FinishMoveObject{
-		// 			NewBucket:               newBucketName,
-		// 			ObjectStream:            obj,
-		// 			NewEncryptedObjectKey:   []byte{0},
-		// 			NewEncryptedMetadataKey: []byte{0},
-		// 		},
-		// 		ErrClass: &metabase.ErrInvalidRequest,
-		// 		ErrText:  "EncryptedMetadataKeyNonce is missing",
-		// 	}.Check(ctx, t, db)
+			metabasetest.FinishMoveObject{
+				Opts: metabase.FinishMoveObject{
+					NewBucket:               newBucketName,
+					ObjectStream:            obj,
+					NewEncryptedObjectKey:   []byte{0},
+					NewEncryptedMetadataKey: []byte{0},
+				},
+				ErrClass: &metabase.ErrInvalidRequest,
+				ErrText:  "EncryptedMetadataKeyNonce is missing",
+			}.Check(ctx, t, db)

-		// 	metabasetest.Verify{}.Check(ctx, t, db)
-		// })
+			metabasetest.Verify{}.Check(ctx, t, db)
+		})

-		// t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
-		// 	defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+		t.Run("invalid EncryptedMetadataKey", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)

-		// 	metabasetest.FinishMoveObject{
-		// 		Opts: metabase.FinishMoveObject{
-		// 			NewBucket:                    newBucketName,
-		// 			ObjectStream:                 obj,
-		// 			NewEncryptedObjectKey:        []byte{0},
-		// 			NewEncryptedMetadataKeyNonce: testrand.Nonce(),
-		// 		},
-		// 		ErrClass: &metabase.ErrInvalidRequest,
-		// 		ErrText:  "EncryptedMetadataKey is missing",
-		// 	}.Check(ctx, t, db)
+			metabasetest.FinishMoveObject{
+				Opts: metabase.FinishMoveObject{
+					NewBucket:                    newBucketName,
+					ObjectStream:                 obj,
+					NewEncryptedObjectKey:        []byte{0},
+					NewEncryptedMetadataKeyNonce: testrand.Nonce(),
+				},
+				ErrClass: &metabase.ErrInvalidRequest,
+				ErrText:  "EncryptedMetadataKey is missing",
+			}.Check(ctx, t, db)

-		// 	metabasetest.Verify{}.Check(ctx, t, db)
-		// })
+			metabasetest.Verify{}.Check(ctx, t, db)
+		})
+
+		t.Run("empty EncryptedMetadataKey and EncryptedMetadataKeyNonce", func(t *testing.T) {
+			defer metabasetest.DeleteAll{}.Check(ctx, t, db)
+
+			metabasetest.FinishMoveObject{
+				Opts: metabase.FinishMoveObject{
+					NewBucket:             newBucketName,
+					ObjectStream:          obj,
+					NewEncryptedObjectKey: []byte{0},
+				},
+				// validation pass without EncryptedMetadataKey and EncryptedMetadataKeyNonce
+				ErrClass: &storj.ErrObjectNotFound,
+				ErrText:  "object not found",
+			}.Check(ctx, t, db)
+
+			metabasetest.Verify{}.Check(ctx, t, db)
+		})

 		t.Run("object already exists", func(t *testing.T) {
 			defer metabasetest.DeleteAll{}.Check(ctx, t, db)
--- a/testsuite/go.mod
+++ b/testsuite/go.mod
@ -220,5 +220,5 @@ require (
 	storj.io/gateway v1.4.1 // indirect
 	storj.io/minio v0.0.0-20211007171754-df6c27823c8a // indirect
 	storj.io/monkit-jaeger v0.0.0-20220131130547-dc4cb5a0d97a // indirect
-	storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 // indirect
+	storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df // indirect
 )
--- a/testsuite/go.sum
+++ b/testsuite/go.sum
@ -1477,5 +1477,5 @@ storj.io/private v0.0.0-20220323114243-08c4b5e752f4 h1:szxLYr9Rdmx19unt47kafB381
 storj.io/private v0.0.0-20220323114243-08c4b5e752f4/go.mod h1:fZ7FSXv/adIc79sF/5qm7zn0PI5+PWa5p+dbqrZQARM=
 storj.io/uplink v1.7.0/go.mod h1:zqj/LFDxa6RMaSRSHOmukg3mMgesOry0iHSjNldDMGo=
 storj.io/uplink v1.7.1-0.20211103104100-a785482780d8/go.mod h1:pKqsMpNMIAz//2TXzUGOR6tpu3iyabvXV4VWINj4jaY=
-storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232 h1:h7lN3rb0hSiXlWRpF/TImhxD6brPZOlIqYoGDw1ULUQ=
-storj.io/uplink v1.8.2-0.20220328201716-2ca4df442232/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=
+storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df h1:MhKJYHYz5nyF5Y7ed0kyhyDCkIcqeAQq6z29YVVHHpo=
+storj.io/uplink v1.8.2-0.20220329143354-9065e58fc5df/go.mod h1:wGaBfQPOAu55YwGOoe5D5jb0k+hyS/S1SPUxHCQpLE0=