cli/eacl: deprecate using public key targets in eACL tables

Refs #2922. Signed-off-by: Pavel Karpy <[email protected]>
nspcc-dev · Oct 10, 2024 · c49bf14 · c49bf14
1 parent 113da9a
commit c49bf14
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,10 @@ Increase default timeout for dialing connections in node: `morph.dial_timeout`,
 `morph.dial_timout`, `morph.consensus.p2p.dial_timout`, `mainnet.dial_timout`
 to 1 minute. Can be adjusted for fast networks.
 
+Using public keys as a rule target in eACL tables was deprecated and will not
+be supported in the next releases, use addresses instead. For more information
+call `neofs-cli acl extended create -h`.
+
 ## [0.43.0] - 2024-08-20 - Jukdo
 
 ### Added

diff --git a/cmd/neofs-cli/modules/acl/extended/create.go b/cmd/neofs-cli/modules/acl/extended/create.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/flynn-archive/go-shlex"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/util"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@@ -42,7 +43,7 @@ Target is
   'user' for container owner, 
   'system' for Storage nodes in container and Inner Ring nodes,
   'others' for all other request senders, 
-  'pubkey:<key1>,<key2>,...' for exact request sender, where <key> is a hex-encoded 33-byte public key,
+  'pubkey:<key1>,<key2>,...' for exact request sender, where <key> is a hex-encoded 33-byte public key, DEPRECATED,
   'address:<adr1>,<adr2>,...' for exact request sender, where <adr> is a base58 25-byte address. Example: NSiVJYZej4XsxG5CUpdwn7VRQk8iiiDMPM.
 
 When both '--rule' and '--file' arguments are used, '--rule' records will be placed higher in resulting extended ACL table.
@@ -86,6 +87,8 @@ func createEACL(cmd *cobra.Command, _ []string) error {
 		return errors.New("no extended ACL rules has been provided")
 	}
 
+	warnIfPubKeyTargetFound(cmd, rules)
+
 	var tb eacl.Table
 	if err := util.ParseEACLRules(&tb, rules); err != nil {
 		return fmt.Errorf("unable to parse provided rules: %w", err)
@@ -134,3 +137,23 @@ func getRulesFromFile(filename string) ([]string, error) {
 
 	return strings.Split(strings.TrimSpace(string(data)), "\n"), nil
 }
+
+func warnIfPubKeyTargetFound(cmd *cobra.Command, rules []string) {
+	for _, rule := range rules {
+		record, err := shlex.Split(rule)
+		if err != nil {
+			return
+		}
+
+		if len(record) < 2 {
+			return
+		}
+
+		for _, target := range record[2:] {
+			targetTokens := strings.SplitN(target, ":", 2)
+			if strings.ToLower(targetTokens[0]) == "pubkey" {
+				cmd.Println("WARN: using public keys as eACL table targets was deprecated and will be dropped in the next releases")
+			}
+		}
+	}
+}