fix/Child objects ACL #2716
fix/Child objects ACL #2716
Conversation
carpawell
force-pushed
the
fix/child-object-acl
branch
2 times, most recently
from
9a60f81 to
960fe98
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2716 +/- ##
==========================================
- Coverage 22.04% 22.00% -0.04%
==========================================
Files 787 789 +2
Lines 46738 47212 +474
==========================================
+ Hits 10304 10390 +86
- Misses 35552 35930 +378
- Partials 882 892 +10 ☔ View full report in Codecov by Sentry. |
carpawell
force-pushed
the
fix/child-object-acl
branch
4 times, most recently
from
daa352f to
e20f436
Compare
|
Well, I need Go 1.20 now. Otherwise, I am ready. |
carpawell
force-pushed
the
fix/child-object-acl
branch
from
e20f436 to
770824a
Compare
|
Not sure what is wrong with the tests: it creates |
carpawell
force-pushed
the
fix/child-object-acl
branch
from
770824a to
c7e7137
Compare
There was a problem hiding this comment.
@cthulhu-rider, join the party. We need to merge this ASAP to unblock SDK updates.
| } | ||
|
|
||
| func (h headerSource) Head(address oid.Address) (*objectSDK.Object, error) { | ||
| if h.cache != nil { |
There was a problem hiding this comment.
cacheSize may be zero so no caching is done then. hardcoded for now but may be useful in the future
There was a problem hiding this comment.
Seems very artificial to me (likely cache can have zero size and still be instantiated), but OK.
There was a problem hiding this comment.
we have a config param that explicitly says "no caching, please" (but for morph values mostly)
cacheSize may be zero
i meant you can change one const and it is not caching anymore, you may make it configurable and just init it with a value you read and zero value is already supported. i agree, it may look strange without a real use-case and config param but since it is already done, why not?
| @@ -57,6 +57,10 @@ Numbers stand for a single byte value. | |||
| - Name: container ID + `9` | |||
| - Key: object ID | |||
| - Value: marshaled object | |||
| - Buckets containing object or LINK type | |||
| - Name: container ID + `18` | |||
There was a problem hiding this comment.
I thought they're sorted here.
There was a problem hiding this comment.
they have a logical title (Unique index buckets) so i decided them to be together
pkg/services/object/split/verify.go
Outdated
| } | ||
|
|
||
| var err error | ||
| receivedObjects[iCopy], err = v.verifySinglePart(ctx, cnr, shouldHaveFirstObject, childrenFromLink[iCopy]) |
There was a problem hiding this comment.
how child objects may be 16K? optimizations may be presented here but not sure they changes smth for now (64mb are required for the most optimal part of the object storing if NO get-check-drop is implemented and all the objects are fetched before any validation is being done)
There was a problem hiding this comment.
Fetch and verify group by group, headers are headers and can be up to 16KB.
There was a problem hiding this comment.
This is still a problem, but can be left for another issue.
There was a problem hiding this comment.
in fact just missed that comment. done in this PR
|
@roman-khimov affirmative @carpawell wt readiness? PR is still draft |
carpawell
force-pushed
the
fix/child-object-acl
branch
from
c7e7137 to
d674736
Compare
Basically can be reviewed since the push that allowed building. Some fixes are done (and will be done but are based on my work with int test cases) and after the review (when the base code is fixed), I would add some missing unit tests. |
carpawell
force-pushed
the
fix/child-object-acl
branch
2 times, most recently
from
98e3aa3 to
4278283
Compare
carpawell
force-pushed
the
fix/child-object-acl
branch
4 times, most recently
from
3edac98 to
40ffda7
Compare
| } | ||
|
|
||
| func (h headerSource) Head(address oid.Address) (*objectSDK.Object, error) { | ||
| if h.cache != nil { |
There was a problem hiding this comment.
Seems very artificial to me (likely cache can have zero size and still be instantiated), but OK.
pkg/core/object/fmt.go
Outdated
| if splitID != nil { | ||
| // V1 split | ||
| if firstSet { | ||
| return errors.New("v1 split: first ID object is set") |
pkg/services/object/util/chain.go
Outdated
| } | ||
|
|
||
| for i := len(leaves) - 1; i >= 0; i-- { | ||
| if h(leaves[i]) { | ||
| return errors.New("nor link, nor last object ID is found") |
pkg/services/object/split/verify.go
Outdated
| } | ||
|
|
||
| var err error | ||
| receivedObjects[iCopy], err = v.verifySinglePart(ctx, cnr, shouldHaveFirstObject, childrenFromLink[iCopy]) |
There was a problem hiding this comment.
This is still a problem, but can be left for another issue.
pkg/services/object/util/chain.go
Outdated
| for i := len(idBuff) - 1; i >= 0; i-- { | ||
| addr.SetObject(idBuff[i]) | ||
|
|
||
| childObj, err := headFromInformer(r, addr) |
There was a problem hiding this comment.
didnt we do this in the previous loop?
There was a problem hiding this comment.
agree, looks ugly. but what if we have 1M 16K children as @roman-khimov loves? saving 1M 32-bytes IDs would be better than storing so many headers. not sure what is worse: duplicating RPCs or having 16GB memory for simple SG object put
also, this case is not expected since link object are always preferable
also, we are not expecting IDs to be in the right order in SGs as i remember
There was a problem hiding this comment.
also, we are not expecting to have ID in the right order in SG as i remember
carpawell
force-pushed
the
fix/child-object-acl
branch
2 times, most recently
from
9d0c2dd to
37e3949
Compare
For the updated object split API mainly. Signed-off-by: Pavel Karpy <[email protected]>
This buckets may be missing on if no objects of a certain type have been put yet. Signed-off-by: Pavel Karpy <[email protected]>
Signed-off-by: Pavel Karpy <[email protected]>
carpawell
force-pushed
the
fix/child-object-acl
branch
2 times, most recently
from
0d489a2 to
fb9b4e7
Compare
On reading: Support both split chain versions a new and an old one. On writing: Split objects only with the V2 version: 1. Link objects do not have child objects in their headers, payload is used instead 2. Link objects contain child objects' sizes along with the IDs 3. SplitID is not attached to the objects anymore 4. The First part's ID of a big object is attached to every split part (a link has it too, but obviously the first part itself does not have its ID in its split header) 5. Receiving link object triggers verification of its children: they should have the same first object and have the same payload size as the link declares 6. The First object part now has an original object's paylaod (without payload-dependent fields set). Closes #2667. Signed-off-by: Pavel Karpy <[email protected]>
Search for child in link object's payload, not its header. Signed-off-by: Pavel Karpy <[email protected]>
They are used for session tokens. Sessions may be reconsidered in the future, but for now big objects need to be sessioned part by part. Signed-off-by: Pavel Karpy <[email protected]>
…nough Signed-off-by: Pavel Karpy <[email protected]>
It was easier to implement it from scratch than to try to understand callbacks and recursion. Signed-off-by: Pavel Karpy <[email protected]>
carpawell
force-pushed
the
fix/child-object-acl
branch
from
fb9b4e7 to
d309b9d
Compare
No description provided.