Anoke/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#937] ape: Validate chain resource name

Browse source 
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
This commit is contained in:
Anton Nikiforov 2024-01-30 17:07:05 +03:00
parent e3573de6db
commit 483a67b170
6 changed files with 259 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/services/control/server/policy_engine.go
View file

@ -6,6 +6,7 @@ import (
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ape"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
"google.golang.org/grpc/codes"
@ -38,6 +39,13 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
if err := chain.DecodeBytes(req.GetBody().GetChain()); err != nil {
return nil, status.Error(codes.InvalidArgument, err.Error())
}
for _, rule := range chain.Rules {
for _, name := range rule.Resources.Names {
if err := ape.ValidateResourceName(name); err != nil {
return nil, status.Error(codes.InvalidArgument, fmt.Errorf("invalid resource: %w", err).Error())
}
}
}
s.apeChainCounter.Add(1)
// TODO (aarifullin): the such chain id is not well-designed yet.