-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce private attributes of the storage nodes #2580
Conversation
cthulhu-rider
commented
Sep 14, 2023
•
edited
Loading
edited
- based on and blocked by https://github.com/nspcc-dev/neofs-contract/milestone/31
- closes Verifiable attributes #2280
Codecov Report
@@ Coverage Diff @@
## master #2580 +/- ##
==========================================
- Coverage 29.74% 29.71% -0.03%
==========================================
Files 408 411 +3
Lines 31215 31431 +216
==========================================
+ Hits 9284 9341 +57
- Misses 21119 21279 +160
+ Partials 812 811 -1
... and 1 file with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
871b6f9
to
3e2169b
Compare
e9c205e
to
3b0d613
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please adjust the scheme to have a fixed key that contains arbitrary NeoFS NNS domain (that can be registered by anyone and that's the key). This domain then should have a list of TXT records with addresses derived from node keys. IR will check for presence in this list.
d087255
to
bb00094
Compare
bb00094
to
3fc9e32
Compare
changes are done https://github.com/nspcc-dev/neofs-contract/releases/tag/v0.18.0 is now available, but it pulls https://github.com/nspcc-dev/neo-go/releases/tag/v0.102.0 along. So, lets wait for #2587 first |
d747829
to
5562ada
Compare
|
||
### Domain record format | ||
|
||
For each public key, a record is created - a structure with at least 3 fields: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But why talking about structures when in fact it's just https://pkg.go.dev/github.com/nspcc-dev/neofs-contract/rpc/nns#Contract.AddRecord ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AddRecord
only creates the record, then we read the structures. This may be useful for alternative integrations
docs/verified-node-domains.md
Outdated
For each public key, a record is created - a structure with at least 3 fields: | ||
1. `ByteString` with name of the corresponding domain | ||
2. `Integer` that should be `16` (TXT records) | ||
3. `ByteString` with Neo address of the storage node's public key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
address=
as in NEP-18? https://github.com/neo-project/proposals/pull/133/files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
23f9c70
to
50401cf
Compare
de115ad
to
cc4add1
Compare
Signed-off-by: Leonard Lyubich <[email protected]>
cc4add1
to
be4c57d
Compare
From now, the Inner Ring checks any incoming node for permission to associate itself with optional private node group (kind of subnet). Access lists are stored in the NeoFS NNS. Closes #2280. Signed-off-by: Leonard Lyubich <[email protected]>
Add commands to get and set list of the storage nodes allowed to use domain of the private node group. Refs #2280. Signed-off-by: Leonard Lyubich <[email protected]>
Previously, Inner Ring called `getAllRecords` method to lookup for the particular entry. In particular, this method was used during validation of verified nodes' domains. Implementation was pretty complex due to low-levelness. The `resolve` method is much simpler, but it returns all records on each call. Taking into account that each domain can have no more than 255 records, this drawback is considered insignificant. From now, Inner Ring calls `resolve` method to check domain record existence. This is done as simple as possible through RPC interface provided by NeoFS Contracts lib. Refs #2280. Signed-off-by: Leonard Lyubich <[email protected]>
Similar motivation as in 8b0e5ed. Refs #2280. Signed-off-by: Leonard Lyubich <[email protected]>
From now verified nodes' domain records are prefixed with `address=` in order to comply the Neo specification. Signed-off-by: Leonard Lyubich <[email protected]>
be4c57d
to
b87545a
Compare