Upgrade to sdk rc10

[smallhive]

closes #806

[codecov]

Codecov Report

Merging #807 (cb7d1e5) into master (d013f71) will decrease coverage by 0.02%.
Report is 1 commits behind head on master.
The diff coverage is 4.39%.

@@            Coverage Diff             @@
##           master     #807      +/-   ##
==========================================
- Coverage   34.35%   34.33%   -0.02%     
==========================================
  Files          61       61              
  Lines       10483    10485       +2     
==========================================
- Hits         3601     3600       -1     
- Misses       6481     6484       +3     
  Partials      401      401              

Files Changed	Coverage Δ
api/handler/multipart_upload.go	19.42% <0.00%> (-0.16%)	⬇️
api/handler/notifications.go	30.82% <0.00%> (ø)
authmate/authmate.go	0.00% <0.00%> (ø)
internal/neofs/neofs.go	1.43% <0.00%> (-0.03%)	⬇️
internal/neofs/tree.go	4.59% <0.00%> (ø)
api/layer/layer.go	37.71% <75.00%> (+0.53%)	⬆️
api/layer/neofs_mock.go	58.67% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[roman-khimov]

It's supposed to be a feature, see #271. Although I don't quite understand it.

[smallhive]

On current master it doesn't work:

$ aws s3api create-bucket --bucket $BUCKET --endpoint http://localhost:9080 --no-sign-request

An error occurred (InternalError) when calling the CreateBucket operation (reached max retries: 0): We encountered an internal error, please try again.

In the gate logs:

2023-08-04T07:42:20.324+0400    error   handler/util.go:29      call method     {"status": 500, "request_id": "dc3da4ba-b5b0-42aa-800f-2dbb71b80ddc", "method": "CreateBucket", "bucket": "heh3", "object": "", "description": "couldn't get bearer token signature key", "error": "couldn't get box data from context"}

In any case, we have to sign requests. Many client calls requires Signer as an explicit parameter. I tend to think it doesn't matter what key it should be either a gate key or an anonymous one.
But the gate key we have to have because all our sessions were created for the gate key. And we need to sign requests by it

I also agreed with comment in #271 because we can't create container with random key, because containerPut is not a free operation. Signer is required and must not be nil. The account corresponding to the specified Signer will be charged for the operation.

[roman-khimov]

It can be used for reads, I guess.

[smallhive]

Added anonymous key using for the containerList operation

[smallhive]

Updated to the latest RC-10 SDK and neofs-contract versions

[roman-khimov]

Why only this request? I think we can have the same in other ones like object get.

[smallhive]

Moved this check to the old place, inside Owner func. After that it will work like previous implementation

[roman-khimov]

But what about keys? I suppose we should use a different key when we're doing anonymous requests. Maybe layer should return user.Signer now to provide both at the same time (gw normally and anon if no auth)?

[smallhive]

I revised the code one more time.
We have the next component chain (gate component names):

• layer -> neofs -> pool

layer - handles API requests, calls neofs component to prepare data and then it call pool to execute request in neofs node.

In fact, the layer even doesn't need to know something about a key or signer. We will drop the key from it.
The neofs component stores the same key (pool also stores it) and it is a good place to make magic with anonymous keys. We just need to pass isAnonymous flag to neofs component and anonymous signer will be used

[smallhive]

Made changes in separate commits. At first look, I replaced all places when we cat override the signer. In other places, random keys are already in use by SDK client.

If these changes ok, even after few iterations, I will squash them to proper commit, if required

[roman-khimov]

But what about keys? I suppose we should use a different key when we're doing anonymous requests. Maybe layer should return user.Signer now to provide both at the same time (gw normally and anon if no auth)?