satellite/metainfo: change ListSegments required permission to
Read/Download We should treat listing segments as a part of download process, not listing. Change-Id: Iae72c97c77976c427f668a96486af613d58da3b9
This commit is contained in:
Michal Niewrzal
parent
dad36179c6
commit
46102c1942
2
go.mod
2
go.mod
@ -46,5 +46,5 @@ require (
|
||||
storj.io/drpc v0.0.16
|
||||
storj.io/monkit-jaeger v0.0.0-20200518165323-80778fc3f91b
|
||||
storj.io/private v0.0.0-20201026143115-bc926bfa3bca
|
||||
storj.io/uplink v1.3.2-0.20201109124414-ccb0c91f4a8c
|
||||
storj.io/uplink v1.3.2-0.20201124092040-5a7d9fd28037
|
||||
)
|
||||
|
||||
6
go.sum
6
go.sum
@ -904,8 +904,6 @@ sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2
|
||||
sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
|
||||
storj.io/common v0.0.0-20200424175742-65ac59022f4f/go.mod h1:pZyXiIE7bGETIRXtfs0nICqMwp7PM8HqnDuyUeldNA0=
|
||||
storj.io/common v0.0.0-20201026135900-1aaeec90670b/go.mod h1:GqdmNf3fLm2UZX/7Zr0BLFCJ4gFjgm6eHrk/fnmr5jQ=
|
||||
storj.io/common v0.0.0-20201106104920-372a344bdd45 h1:pv552R7MiRA8VLQC4qXczLjbl2Qb/MNyus2E9NBSXgI=
|
||||
storj.io/common v0.0.0-20201106104920-372a344bdd45/go.mod h1:ZkQZup2jpFZvvTgz+yPc7K4Vr4bBHM8AA66P57MZkjk=
|
||||
storj.io/common v0.0.0-20201119173627-1cdb53f04fad h1:DTQYc1yH+XwOFx8Dy6CBhLG9eCmYJ5YuK/eRIOxX03A=
|
||||
storj.io/common v0.0.0-20201119173627-1cdb53f04fad/go.mod h1:Cl1rpX3ZfVpOLw0Al6nRGwPbw2DwwXFF5J/63Nf4Sd8=
|
||||
storj.io/drpc v0.0.11/go.mod h1:TiFc2obNjL9/3isMW1Rpxjy8V9uE0B2HMeMFGiiI7Iw=
|
||||
@ -918,5 +916,5 @@ storj.io/monkit-jaeger v0.0.0-20200518165323-80778fc3f91b h1:Bbg9JCtY6l3HrDxs3BX
|
||||
storj.io/monkit-jaeger v0.0.0-20200518165323-80778fc3f91b/go.mod h1:gj4vuCeyCRjRmH8LIrgoyU9Dc9uR6H+/GcDUXmTbf80=
|
||||
storj.io/private v0.0.0-20201026143115-bc926bfa3bca h1:ekR7vtUYC5+cDyim0ZJaSZeXidyzQqDYsnFPYXgTozc=
|
||||
storj.io/private v0.0.0-20201026143115-bc926bfa3bca/go.mod h1:EaLnIyNyqWQUJB+7+KWVez0In9czl0nHHlm2WobebuA=
|
||||
storj.io/uplink v1.3.2-0.20201109124414-ccb0c91f4a8c h1:o+bxDRF7QvNCOM7lZI8EBV6xridymSt6Lljy/kmmPeA=
|
||||
storj.io/uplink v1.3.2-0.20201109124414-ccb0c91f4a8c/go.mod h1:mrdt4I4EhPRC7cnvCD5490IBm423pgKrVoUiC9a5Srg=
|
||||
storj.io/uplink v1.3.2-0.20201124092040-5a7d9fd28037 h1:eLghzivdM7EL9hCbu8/67j8DPQRMCo05Ip1uxFqSQC4=
|
||||
storj.io/uplink v1.3.2-0.20201124092040-5a7d9fd28037/go.mod h1:Q1fZcoghFLoCFYa/E9gyhezTVRwXFNVVfMysExQokVY=
|
||||
|
||||
@ -1587,7 +1587,7 @@ func (endpoint *Endpoint) ListSegments(ctx context.Context, req *pb.SegmentListR
|
||||
}
|
||||
|
||||
_, err = endpoint.validateAuth(ctx, req.Header, macaroon.Action{
|
||||
Op: macaroon.ActionList,
|
||||
Op: macaroon.ActionRead,
|
||||
Bucket: streamID.Bucket,
|
||||
EncryptedPath: streamID.EncryptedPath,
|
||||
Time: time.Now(),
|
||||
|
||||
@ -179,7 +179,7 @@ func TestRevokeMacaroon(t *testing.T) {
|
||||
err = client.CommitObject(ctx, metainfo.CommitObjectParams{StreamID: encodedStreamID})
|
||||
assert.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
|
||||
|
||||
_, _, _, err = client.BeginSegment(ctx, metainfo.BeginSegmentParams{StreamID: encodedStreamID})
|
||||
_, err = client.BeginSegment(ctx, metainfo.BeginSegmentParams{StreamID: encodedStreamID})
|
||||
assert.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
|
||||
|
||||
err = client.MakeInlineSegment(ctx, metainfo.MakeInlineSegmentParams{StreamID: encodedStreamID})
|
||||
@ -188,6 +188,9 @@ func TestRevokeMacaroon(t *testing.T) {
|
||||
_, _, err = client.DownloadSegment(ctx, metainfo.DownloadSegmentParams{StreamID: encodedStreamID})
|
||||
assert.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
|
||||
|
||||
_, err = client.ListSegments(ctx, metainfo.ListSegmentsParams{StreamID: encodedStreamID})
|
||||
assert.True(t, errs2.IsRPC(err, rpcstatus.PermissionDenied))
|
||||
|
||||
// these methods needs SegmentID
|
||||
|
||||
signedSegmentID, err := satMetainfo.SignSegmentID(ctx, signer, &internalpb.SegmentID{
|
||||
@ -270,7 +273,7 @@ func TestInvalidAPIKey(t *testing.T) {
|
||||
err = client.CommitObject(ctx, metainfo.CommitObjectParams{StreamID: streamID})
|
||||
assertInvalidArgument(t, err, false)
|
||||
|
||||
_, _, _, err = client.BeginSegment(ctx, metainfo.BeginSegmentParams{StreamID: streamID})
|
||||
_, err = client.BeginSegment(ctx, metainfo.BeginSegmentParams{StreamID: streamID})
|
||||
assertInvalidArgument(t, err, false)
|
||||
|
||||
err = client.MakeInlineSegment(ctx, metainfo.MakeInlineSegmentParams{StreamID: streamID})
|
||||
@ -279,6 +282,9 @@ func TestInvalidAPIKey(t *testing.T) {
|
||||
_, _, err = client.DownloadSegment(ctx, metainfo.DownloadSegmentParams{StreamID: streamID})
|
||||
assertInvalidArgument(t, err, false)
|
||||
|
||||
_, err = client.ListSegments(ctx, metainfo.ListSegmentsParams{StreamID: streamID})
|
||||
assertInvalidArgument(t, err, false)
|
||||
|
||||
// these methods needs SegmentID
|
||||
|
||||
signedSegmentID, err := satMetainfo.SignSegmentID(ctx, signer, &internalpb.SegmentID{
|
||||
@ -639,7 +645,7 @@ func TestBeginCommit(t *testing.T) {
|
||||
beginObjectResponse, err := metainfoClient.BeginObject(ctx, params)
|
||||
require.NoError(t, err)
|
||||
|
||||
segmentID, limits, _, err := metainfoClient.BeginSegment(ctx, metainfo.BeginSegmentParams{
|
||||
response, err := metainfoClient.BeginSegment(ctx, metainfo.BeginSegmentParams{
|
||||
StreamID: beginObjectResponse.StreamID,
|
||||
Position: storj.SegmentPosition{
|
||||
Index: 0,
|
||||
@ -654,9 +660,9 @@ func TestBeginCommit(t *testing.T) {
|
||||
}
|
||||
|
||||
makeResult := func(num int32) *pb.SegmentPieceUploadResult {
|
||||
nodeID := limits[num].Limit.StorageNodeId
|
||||
nodeID := response.Limits[num].Limit.StorageNodeId
|
||||
hash := &pb.PieceHash{
|
||||
PieceId: limits[num].Limit.PieceId,
|
||||
PieceId: response.Limits[num].Limit.PieceId,
|
||||
PieceSize: 1048832,
|
||||
Timestamp: time.Now(),
|
||||
}
|
||||
@ -674,7 +680,7 @@ func TestBeginCommit(t *testing.T) {
|
||||
}
|
||||
}
|
||||
err = metainfoClient.CommitSegment(ctx, metainfo.CommitSegmentParams{
|
||||
SegmentID: segmentID,
|
||||
SegmentID: response.SegmentID,
|
||||
|
||||
SizeEncryptedData: memory.MiB.Int64(),
|
||||
UploadResult: []*pb.SegmentPieceUploadResult{
|
||||
@ -1521,7 +1527,7 @@ func TestCommitObjectMetadataSize(t *testing.T) {
|
||||
beginObjectResponse, err := metainfoClient.BeginObject(ctx, params)
|
||||
require.NoError(t, err)
|
||||
|
||||
segmentID, limits, _, err := metainfoClient.BeginSegment(ctx, metainfo.BeginSegmentParams{
|
||||
response, err := metainfoClient.BeginSegment(ctx, metainfo.BeginSegmentParams{
|
||||
StreamID: beginObjectResponse.StreamID,
|
||||
Position: storj.SegmentPosition{
|
||||
Index: 0,
|
||||
@ -1536,9 +1542,9 @@ func TestCommitObjectMetadataSize(t *testing.T) {
|
||||
}
|
||||
|
||||
makeResult := func(num int32) *pb.SegmentPieceUploadResult {
|
||||
nodeID := limits[num].Limit.StorageNodeId
|
||||
nodeID := response.Limits[num].Limit.StorageNodeId
|
||||
hash := &pb.PieceHash{
|
||||
PieceId: limits[num].Limit.PieceId,
|
||||
PieceId: response.Limits[num].Limit.PieceId,
|
||||
PieceSize: 1048832,
|
||||
Timestamp: time.Now(),
|
||||
}
|
||||
@ -1556,7 +1562,7 @@ func TestCommitObjectMetadataSize(t *testing.T) {
|
||||
}
|
||||
}
|
||||
err = metainfoClient.CommitSegment(ctx, metainfo.CommitSegmentParams{
|
||||
SegmentID: segmentID,
|
||||
SegmentID: response.SegmentID,
|
||||
Encryption: storj.SegmentEncryption{
|
||||
EncryptedKey: []byte{1},
|
||||
},
|
||||
|
||||
Loading…
Reference in New Issue
Block a user