Documentation ¶
Overview ¶
Package trust handles rules for accepting and denying connections from satellites.
Index ¶
- Variables
- func SaveCacheData(path string, data *CacheData) error
- func URLMatchesHTTPSourceHost(urlHost, sourceHost string) bool
- type Cache
- type CacheData
- type Config
- type Entry
- type Exclusions
- type FileSource
- type HTTPSource
- type HostExcluder
- type IDExcluder
- type IdentityResolver
- type IdentityResolverFunc
- type List
- type Pool
- func (pool *Pool) DeleteSatellite(ctx context.Context, id storj.NodeID) error
- func (pool *Pool) GetNodeURL(ctx context.Context, id storj.NodeID) (_ storj.NodeURL, err error)
- func (pool *Pool) GetSatellites(ctx context.Context) (satellites []storj.NodeID)
- func (pool *Pool) GetSignee(ctx context.Context, id storj.NodeID) (_ signing.Signee, err error)
- func (pool *Pool) IsTrusted(ctx context.Context, id storj.NodeID) bool
- func (pool *Pool) Refresh(ctx context.Context) error
- func (pool *Pool) Run(ctx context.Context) error
- func (pool *Pool) VerifySatelliteID(ctx context.Context, id storj.NodeID) (err error)
- type Rule
- type Rules
- type SatelliteURL
- type Source
- type Sources
- type StaticURLSource
- type URLExcluder
Constants ¶
This section is empty.
Variables ¶
var ( Error = errs.Class("trust") ErrUntrusted = Error.New("satellite is untrusted") )
Error is the default error class.
var ( // ErrExclusion is an error class for exclusion related errors. ErrExclusion = errs.Class("exclusion") )
var ( // ErrFileSource is an error class for file source errors. ErrFileSource = errs.Class("file source") )
var ( // ErrHTTPSource is an error class for HTTP source errors. ErrHTTPSource = errs.Class("HTTP source") )
var ( // ErrSatelliteURL is an error class for satellite URL related errors. ErrSatelliteURL = errs.Class("invalid satellite URL") )
var ( // ErrStaticSource is an error class for static source errors. ErrStaticSource = errs.Class("static source") )
Functions ¶
func SaveCacheData ¶ added in v0.28.0
SaveCacheData persists the cache data to the given path.
func URLMatchesHTTPSourceHost ¶ added in v0.27.0
URLMatchesHTTPSourceHost takes the Satellite URL host and the host of the HTTPSource URL and determines if the SatelliteURL matches or is in the same domain as the HTTPSource URL.
Types ¶
type Cache ¶ added in v0.28.0
type Cache struct {
// contains filtered or unexported fields
}
Cache caches source information about trusted satellites.
func LoadCache ¶ added in v0.28.0
LoadCache loads a cache from a file on disk. If the file is not present, the cache is still loaded. If the file cannot be read for any other reason, the function will return an error. LoadCache ensures the containing directory exists.
func (*Cache) DeleteSatelliteEntry ¶ added in v1.88.2
DeleteSatelliteEntry searches the cache for the provided satellite ID and removes it if found.
func (*Cache) Lookup ¶ added in v0.28.0
Lookup takes a cache key and returns entries associated with that key. If the key is unset in the cache, false is returned for ok. Otherwise the entries are returned with ok returned as true.
func (*Cache) Path ¶ added in v0.28.0
Path returns the path on disk to the file containing the cache.
type CacheData ¶ added in v0.28.0
CacheData represents the data stored in the cache.
func LoadCacheData ¶ added in v0.28.0
LoadCacheData loads the cache data from the given path.
func NewCacheData ¶ added in v0.28.0
func NewCacheData() *CacheData
NewCacheData returns an new CacheData.
type Config ¶ added in v0.28.0
type Config struct { Sources Sources `help:"list of trust sources" devDefault:"" releaseDefault:"https://static.storj.io/dcs-satellites"` Exclusions Exclusions `help:"list of trust exclusions" devDefault:"" releaseDefault:""` RefreshInterval time.Duration `help:"how often the trust pool should be refreshed" default:"6h"` CachePath string `help:"file path where trust lists should be cached" default:"${CONFDIR}/trust-cache.json"` }
Config is the trust configuration.
type Entry ¶ added in v0.27.0
type Entry struct { // SatelliteURL is the URL of the satellite SatelliteURL SatelliteURL // Authoritative indicates whether this entry came from an authoritative // source. This impacts how URLS are aggregated. Authoritative bool `json:"authoritative"` }
Entry represents a trust entry.
type Exclusions ¶ added in v0.28.0
type Exclusions struct {
Rules Rules
}
Exclusions is a list of excluding rules that implements pflag.Value.
func (*Exclusions) Set ¶ added in v0.28.0
func (exclusions *Exclusions) Set(value string) error
Set implements pflag.Value by parsing a comma separated list of exclusions.
func (*Exclusions) String ¶ added in v0.28.0
func (exclusions *Exclusions) String() string
String returns the string representation of the config.
func (Exclusions) Type ¶ added in v0.28.0
func (exclusions Exclusions) Type() string
Type returns the type of the pflag.Value.
type FileSource ¶ added in v0.27.0
type FileSource struct {
// contains filtered or unexported fields
}
FileSource represents a trust source contained in a file on disk.
func NewFileSource ¶ added in v0.27.0
func NewFileSource(path string) *FileSource
NewFileSource creates a new FileSource that loads a trust list from the given path.
func (*FileSource) FetchEntries ¶ added in v0.27.0
func (source *FileSource) FetchEntries(ctx context.Context) (_ []Entry, err error)
FetchEntries implements the Source interface and returns entries from a the file source on disk. The entries returned are authoritative.
func (*FileSource) Static ¶ added in v0.27.0
func (source *FileSource) Static() bool
Static implements the Source interface. It returns true.
func (*FileSource) String ¶ added in v0.27.0
func (source *FileSource) String() string
String implements the Source interface and returns the FileSource URL.
type HTTPSource ¶ added in v0.27.0
type HTTPSource struct {
// contains filtered or unexported fields
}
HTTPSource represents a trust source at a http:// or https:// URL.
func NewHTTPSource ¶ added in v0.27.0
func NewHTTPSource(httpURL string) (*HTTPSource, error)
NewHTTPSource constructs a new HTTPSource from a URL. The URL must be an http:// or https:// URL. The fragment cannot be set.
func (*HTTPSource) FetchEntries ¶ added in v0.27.0
func (source *HTTPSource) FetchEntries(ctx context.Context) (_ []Entry, err error)
FetchEntries implements the Source interface and returns entries parsed from the list retrieved over HTTP(S). The entries returned are only authoritative if the entry URL has a host that matches or is a subdomain of the source URL.
func (*HTTPSource) Static ¶ added in v0.27.0
func (source *HTTPSource) Static() bool
Static implements the Source interface. It returns false for this source.
func (*HTTPSource) String ¶ added in v0.27.0
func (source *HTTPSource) String() string
String implements the Source interface and returns the URL.
type HostExcluder ¶ added in v0.28.0
type HostExcluder struct {
// contains filtered or unexported fields
}
HostExcluder excludes URLs that match a given host. If the host is a domain name then URLs in a subdomain of that domain are excluded as well.
func NewHostExcluder ¶ added in v0.28.0
func NewHostExcluder(host string) *HostExcluder
NewHostExcluder returns a new HostExcluder.
func (*HostExcluder) IsTrusted ¶ added in v0.28.0
func (excluder *HostExcluder) IsTrusted(url SatelliteURL) bool
IsTrusted returns true if the given Satellite is trusted and false otherwise.
func (*HostExcluder) String ¶ added in v0.28.0
func (excluder *HostExcluder) String() string
String returns a string representation of the excluder.
type IDExcluder ¶ added in v0.28.0
type IDExcluder struct {
// contains filtered or unexported fields
}
IDExcluder excludes URLs matching a given URL.
func NewIDExcluder ¶ added in v0.28.0
func NewIDExcluder(id storj.NodeID) *IDExcluder
NewIDExcluder returns a new IDExcluder.
func (*IDExcluder) IsTrusted ¶ added in v0.28.0
func (excluder *IDExcluder) IsTrusted(url SatelliteURL) bool
IsTrusted returns true if the given Satellite is trusted and false otherwise.
func (*IDExcluder) String ¶ added in v0.28.0
func (excluder *IDExcluder) String() string
String returns a string representation of the excluder.
type IdentityResolver ¶ added in v0.28.0
type IdentityResolver interface { // ResolveIdentity returns the peer identity of the peer located at the Node URL ResolveIdentity(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error) }
IdentityResolver resolves peer identities from a node URL.
func Dialer ¶ added in v0.28.0
func Dialer(dialer rpc.Dialer) IdentityResolver
Dialer implements an IdentityResolver using an RPC dialer.
type IdentityResolverFunc ¶ added in v0.28.0
type IdentityResolverFunc func(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error)
IdentityResolverFunc is a convenience type for implementing IdentityResolver using a function literal.
func (IdentityResolverFunc) ResolveIdentity ¶ added in v0.28.0
func (fn IdentityResolverFunc) ResolveIdentity(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error)
ResolveIdentity returns the peer identity of the peer located at the Node URL.
type List ¶ added in v0.28.0
type List struct {
// contains filtered or unexported fields
}
List represents a dynamic trust list.
func NewList ¶ added in v0.28.0
NewList takes one or more sources, optional rules, and a cache and returns a new List.
func (*List) FetchURLs ¶ added in v0.28.0
FetchURLs returns a list of Node URLS for trusted Satellites. It queries all of the configured sources for trust entries. Entries from non-fixed sources are cached. If entries cannot be retrieved from a source, a cached copy is used, if available. Otherwise, if there are no cached entries available, the call will fail. The URLS are filtered before being returned.
type Pool ¶
type Pool struct {
// contains filtered or unexported fields
}
Pool implements different peer verifications.
architecture: Service
func NewPool ¶
func NewPool(log *zap.Logger, resolver IdentityResolver, config Config, satellitesDB satellites.DB) (*Pool, error)
NewPool creates a new trust pool of the specified list of trusted satellites.
func (*Pool) DeleteSatellite ¶ added in v1.90.1
DeleteSatellite deletes a satellite from the pool and marks it as untrusted in the database.
func (*Pool) GetNodeURL ¶ added in v1.6.1
GetNodeURL returns the node url of a satellite in the trusted list.
func (*Pool) GetSatellites ¶ added in v0.14.0
GetSatellites returns a slice containing all trusted satellites.
func (*Pool) GetSignee ¶
GetSignee gets the corresponding signee for verifying signatures. It ignores passed in ctx cancellation to avoid miscaching between concurrent requests.
func (*Pool) Refresh ¶ added in v0.28.0
Refresh refreshes the set of trusted satellites in the pool. Concurrent callers will be synchronized so only one proceeds at a time.
type Rule ¶ added in v0.28.0
type Rule interface { // IsTrusted returns true if the given Satellite is trusted and false otherwise IsTrusted(url SatelliteURL) bool // String returns a string representation of the rule String() string }
Rule indicates whether or not a Satellite URL is trusted.
func NewExcluder ¶ added in v0.28.0
NewExcluder takes a configuration string and returns an excluding Rule. Accepted forms are 1) a Satellite ID followed by '@', 2) a hostname or IP address, 3) a full Satellite URL.
type Rules ¶ added in v0.28.0
type Rules []Rule
Rules is a collection of rules.
func (Rules) IsTrusted ¶ added in v0.28.0
func (rules Rules) IsTrusted(url SatelliteURL) bool
IsTrusted returns true if the given Satellite is trusted and false otherwise.
type SatelliteURL ¶ added in v0.27.0
type SatelliteURL struct { ID storj.NodeID `json:"id"` Host string `json:"host"` Port int `json:"port"` }
SatelliteURL represents a Satellite URL.
func LoadSatelliteURLList ¶ added in v0.27.0
func LoadSatelliteURLList(ctx context.Context, path string) (_ []SatelliteURL, err error)
LoadSatelliteURLList loads a list of Satellite URLs from a path on disk.
func ParseSatelliteURL ¶ added in v0.27.0
func ParseSatelliteURL(s string) (SatelliteURL, error)
ParseSatelliteURL parses a Satellite URL. For the purposes of the trust list, the Satellite URL MUST contain both an ID and port designation.
func ParseSatelliteURLList ¶ added in v0.27.0
ParseSatelliteURLList parses a newline separated list of Satellite URLs. Empty lines or lines starting with '#' (comments) are ignored.
func (*SatelliteURL) Address ¶ added in v0.27.0
func (u *SatelliteURL) Address() string
Address returns the address (i.e. host:port) of the Satellite.
func (*SatelliteURL) NodeURL ¶ added in v0.27.0
func (u *SatelliteURL) NodeURL() storj.NodeURL
NodeURL returns a full Node URL to the Satellite.
func (*SatelliteURL) String ¶ added in v0.27.0
func (u *SatelliteURL) String() string
String returns a string representation of the Satellite URL.
type Source ¶ added in v0.27.0
type Source interface { // String is the string representation of the source. It is used as a key // into the cache. String() string // Static returns true if the source is static. Static sources are not cached. Static() bool // FetchEntries returns the list of trust entries from the source. FetchEntries(context.Context) ([]Entry, error) }
Source is a trust source for trusted Satellites.
type Sources ¶ added in v0.28.0
type Sources []Source
Sources is a list of sources that implements pflag.Value.
func (*Sources) Set ¶ added in v0.28.0
Set implements pflag.Value by parsing a comma separated list of sources.
type StaticURLSource ¶ added in v0.28.0
type StaticURLSource struct {
URL SatelliteURL
}
StaticURLSource is a trust source that returns an explicitly trusted URL.
func NewStaticURLSource ¶ added in v0.28.0
func NewStaticURLSource(satelliteURL string) (*StaticURLSource, error)
NewStaticURLSource takes an explicitly trusted URL and returns a new StaticURLSource.
func (*StaticURLSource) FetchEntries ¶ added in v0.28.0
func (source *StaticURLSource) FetchEntries(ctx context.Context) ([]Entry, error)
FetchEntries returns a trust entry for the explicitly trusted Satellite URL. The entry is authoritative.
func (*StaticURLSource) Static ¶ added in v0.28.0
func (source *StaticURLSource) Static() bool
Static implements the Source interface. It returns true.
func (*StaticURLSource) String ¶ added in v0.28.0
func (source *StaticURLSource) String() string
String implements the Source interface and returns the static trusted URL.
type URLExcluder ¶ added in v0.28.0
type URLExcluder struct {
// contains filtered or unexported fields
}
URLExcluder excludes matching URLs.
func NewURLExcluder ¶ added in v0.28.0
func NewURLExcluder(url SatelliteURL) *URLExcluder
NewURLExcluder returns a new URLExcluder.
func (*URLExcluder) IsTrusted ¶ added in v0.28.0
func (excluder *URLExcluder) IsTrusted(url SatelliteURL) bool
IsTrusted returns true if the given Satellite is trusted and false otherwise.
func (*URLExcluder) String ¶ added in v0.28.0
func (excluder *URLExcluder) String() string
String returns a string representation of the excluder.