[#804] ape: Implement boltdb storage for local overrides

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-20 19:35:16 +03:00 · 2023-11-20 19:35:16 +03:00 · 0f45e3d344
commit 0f45e3d344
parent e361e017f3
15 changed files with 560 additions and 142 deletions
--- a/pkg/services/object/acl/ape.go
+++ b/pkg/services/object/acl/ape.go
@ -1,10 +1,8 @@
 package acl

 import (
-	"errors"
 	"fmt"

-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
 	v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@ -12,34 +10,25 @@ import (
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 )

-var errAPEChainNoSource = errors.New("could not get ape chain source for the container")
-
 type apeCheckerImpl struct {
-	log    *logger.Logger
-	apeSrc container.AccessPolicyEngineChainSource
+	log         *logger.Logger
+	chainRouter policyengine.ChainRouter
 }

-func NewAPEChecker(log *logger.Logger, apeSrc container.AccessPolicyEngineChainSource) v2.APEChainChecker {
+func NewAPEChecker(log *logger.Logger, chainRouter policyengine.ChainRouter) v2.APEChainChecker {
 	return &apeCheckerImpl{
-		log:    log,
-		apeSrc: apeSrc,
+		log:         log,
+		chainRouter: chainRouter,
 	}
 }

 func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
-	cnr := reqInfo.ContainerID()
-
-	chainCache, err := c.apeSrc.GetChainSource(cnr)
-	if err != nil {
-		return errAPEChainNoSource
-	}
-
 	request := new(Request)
 	request.FromRequestInfo(reqInfo)

 	cnrTarget := getResource(reqInfo).Name()

-	status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
+	status, ruleFound, err := c.chainRouter.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
 	if err != nil {
 		return err
 	}