Skip to content

Cli session token v2 #3750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
roman-khimov merged 2 commits into from
Dec 25, 2025
Merged

Cli session token v2 #3750

roman-khimov merged 2 commits into from
Dec 25, 2025

Conversation

@End-rey
Copy link
Contributor

@End-rey End-rey commented Dec 22, 2025

Part of #3671.

@End-rey End-rey self-assigned this Dec 22, 2025
@codecov
Copy link

codecov bot commented Dec 22, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 437 lines in your changes missing coverage. Please review.
✅ Project coverage is 26.24%. Comparing base (9613f57) to head (37a032a).
⚠️ Report is 11 commits behind head on master.

Files with missing lines Patch % Lines
cmd/neofs-cli/modules/session/create_v2.go 0.00% 203 Missing ⚠️
cmd/neofs-cli/modules/object/util.go 0.00% 83 Missing ⚠️
cmd/neofs-cli/modules/object/util_session_v2.go 0.00% 64 Missing ⚠️
cmd/neofs-cli/modules/container/util_session_v2.go 0.00% 34 Missing ⚠️
cmd/neofs-cli/modules/container/delete.go 0.00% 18 Missing ⚠️
cmd/neofs-cli/modules/container/create.go 0.00% 17 Missing ⚠️
cmd/neofs-cli/modules/container/set_eacl.go 0.00% 17 Missing ⚠️
cmd/neofs-cli/modules/session/root.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3750      +/-   ##
==========================================
- Coverage   26.51%   26.24%   -0.28%     
==========================================
  Files         655      658       +3     
  Lines       41400    41823     +423     
==========================================
- Hits        10979    10976       -3     
- Misses      29416    29841     +425     
- Partials     1005     1006       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@End-rey End-rey force-pushed the cli-session-token-v2 branch from 3ec6321 to 3f4dd85 Compare December 23, 2025 09:05
@End-rey
Copy link
Contributor Author

End-rey commented Dec 23, 2025

Currently, by default, I am creating new v2 tokens for requests in the CLI, which is causing errors in the tests. Perhaps I should leave the v1 tokens in this PR and create v2 tokens in the PR with node and IR processing?

@roman-khimov
Copy link
Member

roman-khimov commented Dec 23, 2025

Yes, tests should still pass.

@End-rey End-rey force-pushed the cli-session-token-v2 branch from 3f4dd85 to a61e781 Compare December 23, 2025 13:36
carpawell
carpawell reviewed Dec 23, 2025
View reviewed changes
cmd/neofs-cli/modules/container/util_session_v2.go Outdated
}

if !tok.AssertContainer(verb, cnrID) {
return fmt.Errorf("v2 session token does not authorize %v for container %s", verb, cnrID.String())
Copy link
Member

@carpawell carpawell Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm, i believe, we need session.Verb to implement fmt.Stringer, otherwise it prints digits from SDK

Copy link
Contributor Author

@End-rey End-rey Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about it, but looked at the previous ObjectVerb and ContainerVerb, which did not have a String method, so I did not create one for the new one.

@roman-khimov Do we need it?

Copy link
Member

@roman-khimov roman-khimov Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's very convenient to have one.

@End-rey End-rey force-pushed the cli-session-token-v2 branch from a61e781 to 1857a2d Compare December 23, 2025 16:00
@End-rey End-rey requested a review from carpawell December 23, 2025 16:05
roman-khimov
roman-khimov reviewed Dec 23, 2025
View reviewed changes
Copy link
Member

@roman-khimov roman-khimov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can I create a chain of sessions with this?

@roman-khimov roman-khimov requested a review from Copilot December 23, 2025 20:34
Copilot AI reviewed Dec 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for V2 session tokens in the NeoFS CLI, introducing a new session create-v2 command and integrating V2 token handling into existing object and container operations.

  • Adds session create-v2 command for creating V2 session tokens with multiple subjects and contexts
  • Updates SDK dependency to enable V2 token support
  • Implements backward-compatible V2 token validation and usage in object and container operations

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
go.mod Updates neofs-sdk-go dependency to version supporting V2 session tokens
go.sum Updates checksums for neofs-sdk-go dependency
CHANGELOG.md Documents new session create-v2 command and SDK update
docs/cli-commands/neofs-cli_session_create-v2.md Adds documentation for new create-v2 command with usage examples
docs/cli-commands/neofs-cli_session.md Adds reference to create-v2 subcommand
cmd/neofs-cli/modules/session/root.go Registers create-v2 command
cmd/neofs-cli/modules/session/create_v2.go Implements V2 session token creation with subject and context parsing
cmd/neofs-cli/modules/object/util_session_v2.go Adds V2 token reading, validation, and verification for object operations
cmd/neofs-cli/modules/object/util.go Integrates V2 token support with backward compatibility for V1 tokens
cmd/neofs-cli/modules/container/util_session_v2.go Adds V2 token handling for container operations
cmd/neofs-cli/modules/container/set_eacl.go Updates to support both V1 and V2 session tokens
cmd/neofs-cli/modules/container/delete.go Updates to support both V1 and V2 session tokens
cmd/neofs-cli/modules/container/create.go Updates to support both V1 and V2 session tokens

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@End-rey
go.mod: upgrade SDK
a9e02d2 
Upgrade to a version with full support for the new v2 session tokens.

Signed-off-by: Andrey Butusov <andrey@nspcc.io>
@End-rey End-rey force-pushed the cli-session-token-v2 branch from 1857a2d to eeef24e Compare December 24, 2025 10:25
@End-rey End-rey requested a review from roman-khimov December 24, 2025 10:26
@End-rey End-rey force-pushed the cli-session-token-v2 branch from eeef24e to e25c995 Compare December 24, 2025 10:27
roman-khimov
roman-khimov reviewed Dec 24, 2025
View reviewed changes
@End-rey
cli: add new session token V2
37a032a 
Use new session tokens v2 in object and container cli operations. Also make new
command `session create-v2`.

Signed-off-by: Andrey Butusov <andrey@nspcc.io>
@End-rey End-rey force-pushed the cli-session-token-v2 branch from e25c995 to 37a032a Compare December 24, 2025 20:13
@roman-khimov roman-khimov added this to the v0.51.0 milestone Dec 25, 2025
@roman-khimov roman-khimov merged commit d4dafbb into master Dec 25, 2025
20 of 22 checks passed
@roman-khimov roman-khimov deleted the cli-session-token-v2 branch December 25, 2025 11:19
@End-rey End-rey mentioned this pull request Dec 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@roman-khimov roman-khimov roman-khimov approved these changes

@carpawell carpawell carpawell approved these changes

@cthulhu-rider cthulhu-rider Awaiting requested review from cthulhu-rider cthulhu-rider is a code owner

Assignees

@End-rey End-rey

Labels

None yet

Projects

None yet

Milestone

v0.51.0

Development

Successfully merging this pull request may close these issues.

4 participants

@End-rey @roman-khimov @carpawell