getrangehash doesn't work with a bearer token created via cli #2541

evgeniiz321 · 2023-09-01T13:50:18Z

Related to nspcc-dev/neofs-testcases#621

Current Behavior

Create bearer token via cli with acl for all possible operations (including getrange and getrangehash)

COMMAND: neofs-cli --config /home/runner/work/neofs-node/neofs-node/neofs-testcases/wallet_config.yml acl extended create --cid 'HMVBh53JLaPF38Ztca3TQKfgjPwvFhBto1bSeREjfyiy' --out '/home/runner/work/neofs-node/neofs-node/neofs-testcases/TemporaryDir/TestFilesDir/eacl_table_82a063fd-c6af-4a9c-905f-979d1de560ec.json' --rule 'allow put  user' --rule 'allow get  user' --rule 'allow head  user' --rule 'allow getrange  user' --rule 'allow getrangehash  user' --rule 'allow search  user' --rule 'allow delete  user'
RETCODE: 0

STDOUT:

STDERR:

Start / End / Elapsed	 20:52:03.805656 / 20:52:03.819742 / 0:00:00.014086

COMMAND: neofs-cli --config /home/runner/work/neofs-node/neofs-node/neofs-testcases/wallet_config.yml bearer create --issued-at 1 --not-valid-before 1 --owner 'NhZpLSTpJpEaANA9xHSLRMmnWJKYWnR9z9' --out '/home/runner/work/neofs-node/neofs-node/neofs-testcases/TemporaryDir/TestFilesDir/bearer_token_e95282b4-3ab9-4db3-8f86-1dd8a64694d6' --rpc-endpoint 's01.neofs.devenv:8080' --eacl '/home/runner/work/neofs-node/neofs-node/neofs-testcases/TemporaryDir/TestFilesDir/eacl_table_82a063fd-c6af-4a9c-905f-979d1de560ec.json' --expire-at 9
RETCODE: 0

STDOUT:

STDERR:

Start / End / Elapsed	 20:52:03.820697 / 20:52:03.831152 / 0:00:00.010455

Try to issue getrangehash:

COMMAND: neofs-cli --config /home/runner/work/neofs-node/neofs-node/neofs-testcases/wallet_config.yml object hash --rpc-endpoint 's01.neofs.devenv:8080' --wallet '/home/runner/work/neofs-node/neofs-node/neofs-testcases/TemporaryDir/e768c827-812f-4a8c-9090-c52a3b7047ed.json' --cid 'HMVBh53JLaPF38Ztca3TQKfgjPwvFhBto1bSeREjfyiy' --oid '27wMEkckZ2VUAEtu3bLWymTabDn7Rw6BANvKss5jwt2r' --bearer '/home/runner/work/neofs-node/neofs-node/neofs-testcases/TemporaryDir/TestFilesDir/bearer_token_e95282b4-3ab9-4db3-8f86-1dd8a64694d6' --range '0:10'
RETCODE: 1

STDOUT:
rpc error: read payload hashes via client: status: code = 2049 message = object not found

STDERR:

Start / End / Elapsed	 20:52:08.234392 / 20:52:08.751591 / 0:00:00.517199

In logs there are the following entries at the time of the failure:

2023-08-30T20:51:54.306Z	debug	get/get.go:87	serving request...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.306Z	debug	get/local.go:25	local get failed	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "status: code = 2049 message = object not found"}
2023-08-30T20:51:54.306Z	debug	get/get.go:108	operation finished with error	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "status: code = 2049 message = object not found"}
2023-08-30T20:51:54.306Z	debug	get/container.go:18	trying to execute in container...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "netmap lookup depth": 0}
2023-08-30T20:51:54.306Z	debug	get/container.go:46	process epoch	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "number": 7}
2023-08-30T20:51:54.306Z	debug	get/remote.go:13	processing node...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.311Z	debug	get/container.go:87	completing the operation	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.311Z	debug	get/get.go:99	operation finished successfully	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.787Z	debug	get/get.go:87	serving request...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.787Z	debug	get/local.go:25	local get failed	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "status: code = 2049 message = object not found"}
2023-08-30T20:51:54.787Z	debug	get/get.go:108	operation finished with error	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "status: code = 2049 message = object not found"}
2023-08-30T20:51:54.787Z	debug	get/container.go:18	trying to execute in container...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "netmap lookup depth": 0}
2023-08-30T20:51:54.787Z	debug	get/container.go:46	process epoch	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "number": 7}
2023-08-30T20:51:54.787Z	debug	get/remote.go:13	processing node...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.792Z	debug	get/remote.go:29	remote call failed	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "init object reading: header: status: code = 2048 message = access to object operation denied"}
2023-08-30T20:51:54.792Z	debug	get/remote.go:13	processing node...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.826Z	debug	get/remote.go:29	remote call failed	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "init object reading: header: status: code = 2048 message = access to object operation denied"}
2023-08-30T20:51:54.826Z	debug	get/remote.go:13	processing node...	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.836Z	debug	get/remote.go:29	remote call failed	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "init object reading: header: status: code = 2048 message = access to object operation denied"}
2023-08-30T20:51:54.836Z	debug	get/container.go:63	no more nodes, abort placement iteration	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true}
2023-08-30T20:51:54.836Z	debug	get/get.go:108	operation finished with error	{"component": "Object.Get service", "request": "GET_RANGE", "address": "AT95KqvYRw3AC1cCmPJdxwYAcXDJGFLv89rZaZKsmJk3/CdrUYtHAuDDzFF8iw4mAgN2qqb8SDKPo8Gpyg12Ree2k", "raw": false, "local": false, "with session": false, "with bearer": true, "error": "status: code = 2049 message = object not found"}

Expected Behavior

The command should work with this bearer token. All other operations work ok.

Steps to Reproduce

Allure, test_bearer_token_expiration - allure.tar.gz

Regression

(No)

Your Environment

Run on current latest master of neofs-node - 9871712

The text was updated successfully, but these errors were encountered:

Do it as it is already done for GET, HEAD, GETRANGE. In the case of a container node that does not have an object locally, the node spawns GETRANGE request in order to hash it. That is not allowed operation in the NeoFS. Even with nspcc-dev#1884, GET may fail because the node may not be a container part. Moreover, attached bearer token is not allowed for the node's key usage so that is another way to get unexpected results. Forwarding requests is the only sane fix for the nspcc-dev#2541. The code smells but this is not this commit's responsibility: it is hard to fix that bug nicely without a get service refactor. Signed-off-by: Pavel Karpy <[email protected]>

Do it as it is already done for GET, HEAD, GETRANGE. In the case of a container node that does not have an object locally, the node spawns GETRANGE request in order to hash it. That is not allowed operation in the NeoFS. Even with nspcc-dev#1884, GET may fail because the node may not be a container part. Moreover, attached bearer token is not allowed for the node's key usage so that is another way to get unexpected results. Forwarding requests is the only sane fix for the nspcc-dev#2541. The code smells but this is not this commit's responsibility: it is hard to fix that bug nicely without a get service refactor. Closes nspcc-dev#2541. Signed-off-by: Pavel Karpy <[email protected]>

Closes #2541.

Do it as it is already done for GET, HEAD, GETRANGE. In the case of a container node that does not have an object locally, the node spawns GETRANGE request in order to hash it. That is not allowed operation in the NeoFS. Even with nspcc-dev#1884, GET may fail because the node may not be a container part. Moreover, attached bearer token is not allowed for the node's key usage so that is another way to get unexpected results. Forwarding requests is the only sane fix for the nspcc-dev#2541. The code smells but this is not this commit's responsibility: it is hard to fix that bug nicely without a get service refactor. Closes nspcc-dev#2541. Signed-off-by: Pavel Karpy <[email protected]>

evgeniiz321 added the triage label Sep 1, 2023

roman-khimov assigned carpawell Sep 1, 2023

roman-khimov added bug Something isn't working neofs-cli NeoFS CLI application issues and removed triage labels Sep 1, 2023

carpawell mentioned this issue Sep 7, 2023

fix/GETRANGEHASH to a node without an object #2557

Merged

carpawell mentioned this issue Sep 7, 2023

GETRANGE and GETRANGEHASH have the same requested length nspcc-dev/neofs-testcases#632

Closed

roman-khimov added this to the v0.39.0 milestone Sep 12, 2023

roman-khimov closed this as completed in #2557 Sep 21, 2023

roman-khimov added a commit that referenced this issue Sep 21, 2023

fix/GETRANGEHASH to a node without an object (#2557)

9207437

Closes #2541.

roman-khimov mentioned this issue Sep 21, 2023

Check/unblock getrangehash bearer test nspcc-dev/neofs-testcases#645

Closed

roman-khimov mentioned this issue Dec 21, 2023

[0.28.3]: neofs-cl object hash on system keys' behalf fails more often than usual #1512

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

getrangehash doesn't work with a bearer token created via cli #2541

getrangehash doesn't work with a bearer token created via cli #2541

evgeniiz321 commented Sep 1, 2023 •

edited

Loading

getrangehash doesn't work with a bearer token created via cli #2541

getrangehash doesn't work with a bearer token created via cli #2541

Comments

evgeniiz321 commented Sep 1, 2023 • edited Loading

Current Behavior

Expected Behavior

Steps to Reproduce

Regression

Your Environment

evgeniiz321 commented Sep 1, 2023 •

edited

Loading