frostfs-node/pkg/services/object/acl/ape_request.go

package acl

import (
	"fmt"

	v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
	aclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
	policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
)

type Request struct {
	operation  string
	resource   *resource
	properties map[string]string
}

var _ policyengine.Request = (*Request)(nil)

type resource struct {
	name       string
	properties map[string]string
}

var _ policyengine.Resource = (*resource)(nil)

func (r *resource) Name() string {
	return r.name
}

func (r *resource) Property(key string) string {
	return r.properties[key]
}

// TODO (aarifullin): these stringified verbs, properties and namespaces
// should be non-implementation-specific.
func getResource(reqInfo v2.RequestInfo) *resource {
	cid := reqInfo.ContainerID()
	oid := "*"
	if reqOID := reqInfo.ObjectID(); reqOID != nil {
		oid = reqOID.EncodeToString()
	}
	name := fmt.Sprintf("native:::object/%s/%s",
		cid,
		oid)

	return &resource{
		name:       name,
		properties: make(map[string]string),
	}
}

func getProperties(_ v2.RequestInfo) map[string]string {
	return map[string]string{
		"Actor": "",
	}
}

// TODO (aarifullin): these stringified verbs, properties and namespaces
// should be non-implementation-specific.
func getOperation(reqInfo v2.RequestInfo) string {
	var verb string
	switch op := reqInfo.Operation(); op {
	case aclSDK.OpObjectGet:
		verb = "GetObject"
	case aclSDK.OpObjectHead:
		verb = "HeadObject"
	case aclSDK.OpObjectPut:
		verb = "PutObject"
	case aclSDK.OpObjectDelete:
		verb = "DeleteObject"
	case aclSDK.OpObjectSearch:
		verb = "SearchObject"
	case aclSDK.OpObjectRange:
		verb = "RangeObject"
	case aclSDK.OpObjectHash:
		verb = "HashObject"
	}

	return "native:" + verb
}

func NewRequest() *Request {
	return &Request{
		resource:   new(resource),
		properties: map[string]string{},
	}
}

func (r *Request) FromRequestInfo(ri v2.RequestInfo) {
	r.operation = getOperation(ri)
	r.resource = getResource(ri)
	r.properties = getProperties(ri)
}

func (r *Request) Operation() string {
	return r.operation
}

func (r *Request) Property(key string) string {
	return r.properties[key]
}

func (r *Request) Resource() policyengine.Resource {
	return r.resource
}
[#770] object: Introduce ape chain checker for object svc * Introduce Request type converted from RequestInfo type to implement policy-engine's Request interface * Implement basic ape checker to check if a request is permitted to be performed * Make put handlers use APE checker instead EACL Signed-off-by: Airat Arifullin <a.arifullin@yadro.com> 2023-10-30 15:30:23 +00:00			`package acl`

			`import (`
			`"fmt"`

			`v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"`
			`aclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"`
			`policyengine "git.frostfs.info/TrueCloudLab/policy-engine"`
			`)`

			`type Request struct {`
			`operation string`
			`resource *resource`
			`properties map[string]string`
			`}`

			`var _ policyengine.Request = (*Request)(nil)`

			`type resource struct {`
			`name string`
			`properties map[string]string`
			`}`

			`var _ policyengine.Resource = (*resource)(nil)`

			`func (r *resource) Name() string {`
			`return r.name`
			`}`

			`func (r *resource) Property(key string) string {`
			`return r.properties[key]`
			`}`

			`// TODO (aarifullin): these stringified verbs, properties and namespaces`
			`// should be non-implementation-specific.`
			`func getResource(reqInfo v2.RequestInfo) *resource {`
			`cid := reqInfo.ContainerID()`
			`oid := "*"`
			`if reqOID := reqInfo.ObjectID(); reqOID != nil {`
			`oid = reqOID.EncodeToString()`
			`}`
			`name := fmt.Sprintf("native:::object/%s/%s",`
			`cid,`
			`oid)`

			`return &resource{`
			`name: name,`
			`properties: make(map[string]string),`
			`}`
			`}`

			`func getProperties(_ v2.RequestInfo) map[string]string {`
			`return map[string]string{`
			`"Actor": "",`
			`}`
			`}`

			`// TODO (aarifullin): these stringified verbs, properties and namespaces`
			`// should be non-implementation-specific.`
			`func getOperation(reqInfo v2.RequestInfo) string {`
			`var verb string`
			`switch op := reqInfo.Operation(); op {`
			`case aclSDK.OpObjectGet:`
			`verb = "GetObject"`
			`case aclSDK.OpObjectHead:`
			`verb = "HeadObject"`
			`case aclSDK.OpObjectPut:`
			`verb = "PutObject"`
			`case aclSDK.OpObjectDelete:`
			`verb = "DeleteObject"`
			`case aclSDK.OpObjectSearch:`
			`verb = "SearchObject"`
			`case aclSDK.OpObjectRange:`
			`verb = "RangeObject"`
			`case aclSDK.OpObjectHash:`
			`verb = "HashObject"`
			`}`

			`return "native:" + verb`
			`}`

			`func NewRequest() *Request {`
			`return &Request{`
			`resource: new(resource),`
			`properties: map[string]string{},`
			`}`
			`}`

			`func (r *Request) FromRequestInfo(ri v2.RequestInfo) {`
			`r.operation = getOperation(ri)`
			`r.resource = getResource(ri)`
			`r.properties = getProperties(ri)`
			`}`

			`func (r *Request) Operation() string {`
			`return r.operation`
			`}`

			`func (r *Request) Property(key string) string {`
			`return r.properties[key]`
			`}`

			`func (r *Request) Resource() policyengine.Resource {`
			`return r.resource`
			`}`