Storage policy limits (#3174)

roman-khimov · web-flow · commit fc63648e8d32 · 2025-02-26T16:05:56.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,7 @@ Changelog for NeoFS Node
 - More efficient block header subscription is used now instead of block-based one (#3163)
 - `ObjectService.GetRange(Hash)` ops now handle zero ranges as full payload (#3071)
 - Add some GAS to system fee of notary transactions (#3176)
+- IR now applies sane limits to containers' storage policies recently added to the protocol (#3075)
 
 ### Removed
 - Drop creating new eacl tables with public keys (#3096)
diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/nspcc-dev/neo-go v0.108.0
 	github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea
 	github.com/nspcc-dev/neofs-contract v0.21.0
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250224145523-bf4a81ef7d79
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250225182134-37f733e9af21
 	github.com/nspcc-dev/tzhash v1.8.2
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/panjf2000/ants/v2 v2.9.0
diff --git a/go.sum b/go.sum
@@ -190,8 +190,9 @@ github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea h1:mK
 github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea/go.mod h1:YzhD4EZmC9Z/PNyd7ysC7WXgIgURc9uCG1UWDeV027Y=
 github.com/nspcc-dev/neofs-contract v0.21.0 h1:dJkrZr7C8ngMiShwdUl27nbLCGez1KD7W1l7RRXFoN8=
 github.com/nspcc-dev/neofs-contract v0.21.0/go.mod h1:TKR2DJiZCdzq9CPljI101c9S3uK5CsVK5WQrX4C+Y7A=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250224145523-bf4a81ef7d79 h1:iJYbi1e7rx1Ga6fjcwH4bQMjuR/cD0VGeTM8wmqmjuM=
 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250224145523-bf4a81ef7d79/go.mod h1:Hd0zRo7mfGDf/S+yGPnRi9eWipxJNhec2Oik1w7lwQo=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250225182134-37f733e9af21 h1:TFGaR7uCgV4RMY6htwvMFYZSVnumyhaUbuuV6BzWmew=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12.0.20250225182134-37f733e9af21/go.mod h1:Hd0zRo7mfGDf/S+yGPnRi9eWipxJNhec2Oik1w7lwQo=
 github.com/nspcc-dev/rfc6979 v0.2.3 h1:QNVykGZ3XjFwM/88rGfV3oj4rKNBy+nYI6jM7q19hDI=
 github.com/nspcc-dev/rfc6979 v0.2.3/go.mod h1:q3sCL1Ed7homjqYK8KmFSzEmm+7Ngyo7PePbZanhaDE=
 github.com/nspcc-dev/tzhash v1.8.2 h1:ebRCbPoEuoqrhC6sSZmrT/jI3h1SzCWakxxV6gp5QAg=
diff --git a/pkg/innerring/processors/container/process_container.go b/pkg/innerring/processors/container/process_container.go
@@ -106,6 +106,10 @@ func (cp *Processor) checkPutContainer(ctx *putContainerContext) error {
 		return fmt.Errorf("auth container creation: %w", err)
 	}
 
+	if err = ctx.cnr.PlacementPolicy().Verify(); err != nil {
+		return fmt.Errorf("invalid storage policy: %w", err)
+	}
+
 	// check homomorphic hashing setting
 	err = checkHomomorphicHashing(cp.netState, ctx.cnr)
 	if err != nil {
diff --git a/pkg/services/container/server.go b/pkg/services/container/server.go
@@ -5,6 +5,7 @@ import (
 	"crypto/ecdsa"
 	"errors"
 	"fmt"
+	"slices"
 
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
 	"github.com/nspcc-dev/neofs-node/pkg/services/util"
@@ -15,6 +16,7 @@ import (
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	protocontainer "github.com/nspcc-dev/neofs-sdk-go/proto/container"
+	protonetmap "github.com/nspcc-dev/neofs-sdk-go/proto/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/proto/refs"
 	protosession "github.com/nspcc-dev/neofs-sdk-go/proto/session"
 	protostatus "github.com/nspcc-dev/neofs-sdk-go/proto/status"
@@ -182,6 +184,54 @@ func (s *server) makeFailedPutResponse(err error) (*protocontainer.PutResponse,
 	return s.makePutResponse(nil, util.ToStatus(err))
 }
 
+const (
+	maxObjectReplicasPerSet = 8
+	maxContainerNodesInSet  = 64
+	maxContainerNodeSets    = 256
+	maxContainerNodes       = 512
+)
+
+const defaultBackupFactor = 3
+
+var errInvalidNodeSetDesc = errors.New("invalid node set descriptor")
+
+func verifyStoragePolicy(policy *protonetmap.PlacementPolicy) error {
+	if len(policy.Replicas) > maxContainerNodeSets {
+		return fmt.Errorf("more than %d node sets", maxContainerNodeSets)
+	}
+	bf := policy.ContainerBackupFactor
+	if bf == 0 {
+		bf = defaultBackupFactor
+	}
+	var cnrNodeCount uint32
+	for i := range policy.Replicas {
+		if policy.Replicas[i] == nil {
+			return fmt.Errorf("nil replica #%d", i)
+		}
+		if policy.Replicas[i].Count > maxObjectReplicasPerSet {
+			return fmt.Errorf("%w #%d: more than %d object replicas", errInvalidNodeSetDesc, i, maxObjectReplicasPerSet)
+		}
+		var sNum uint32
+		if policy.Replicas[i].Selector != "" {
+			si := slices.IndexFunc(policy.Selectors, func(s *protonetmap.Selector) bool { return s != nil && s.Name == policy.Replicas[i].Selector })
+			if si < 0 {
+				return fmt.Errorf("%w #%d: missing selector %q", errInvalidNodeSetDesc, i, policy.Replicas[i].Selector)
+			}
+			sNum = policy.Selectors[si].Count
+		} else {
+			sNum = policy.Replicas[i].Count
+		}
+		nodesInSet := bf * sNum
+		if nodesInSet > maxContainerNodesInSet {
+			return fmt.Errorf("%w #%d: more than %d nodes", errInvalidNodeSetDesc, i, maxContainerNodesInSet)
+		}
+		if cnrNodeCount += nodesInSet; cnrNodeCount > maxContainerNodes {
+			return fmt.Errorf("more than %d nodes in total", maxContainerNodes)
+		}
+	}
+	return nil
+}
+
 // Put forwards container creation request to the underlying [Contract] for
 // further processing. If session token is attached, it's verified. Returns ID
 // to check request status in the response.
@@ -200,6 +250,13 @@ func (s *server) Put(_ context.Context, req *protocontainer.PutRequest) (*protoc
 		return s.makeFailedPutResponse(errors.New("missing container"))
 	}
 
+	if mCnr.PlacementPolicy == nil {
+		return s.makeFailedPutResponse(errors.New("missing storage policy"))
+	}
+	if err := verifyStoragePolicy(mCnr.PlacementPolicy); err != nil {
+		return s.makeFailedPutResponse(fmt.Errorf("invalid storage policy: %w", err))
+	}
+
 	var cnr container.Container
 	if err := cnr.FromProtoMessage(mCnr); err != nil {
 		return s.makeFailedPutResponse(fmt.Errorf("invalid container: %w", err))
