TrueCloudLab/frostfs-node
20
1
Fork 28
Code Issues 107 Pull requests 4 Projects Releases 2 Packages 4 Activity Actions

[#811] ape: Update policy-engine module version and rebase
All checks were successful
DCO action / DCO (pull_request) Successful in 4m23s
Details
Vulncheck / Vulncheck (pull_request) Successful in 5m31s
Details
Build / Build Components (1.21) (pull_request) Successful in 7m33s
Details
Build / Build Components (1.20) (pull_request) Successful in 7m40s
Details
Tests and linters / Staticcheck (pull_request) Successful in 8m22s
Details
Tests and linters / Lint (pull_request) Successful in 9m23s
Details
Tests and linters / Tests with -race (pull_request) Successful in 11m20s
Details
Tests and linters / Tests (1.21) (pull_request) Successful in 11m32s
Details
Tests and linters / Tests (1.20) (pull_request) Successful in 11m41s
Details

Browse source 
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
Airat Arifullin 2023-11-16 10:58:55 +03:00
parent fd9128d051
commit 4d5be5ccb5
14 changed files with 151 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cmd/frostfs-cli/modules/control/add_rule.go
View file

@ -12,7 +12,7 @@ import (
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
ape "git.frostfs.info/TrueCloudLab/policy-engine"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
"github.com/spf13/cobra"
)
@ -50,7 +50,7 @@ func addRule(cmd *cobra.Command, _ []string) {
rule, _ := cmd.Flags().GetString(ruleFlag)
chain := new(ape.Chain)
chain := new(apechain.Chain)
commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, []string{rule}))
serializedChain := chain.Bytes()

4
cmd/frostfs-cli/modules/control/get_rule.go
View file

@ -9,7 +9,7 @@ import (
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
"github.com/spf13/cobra"
)
@ -53,7 +53,7 @@ func getRule(cmd *cobra.Command, _ []string) {
verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
var chain policyengine.Chain
var chain apechain.Chain
commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(resp.GetBody().GetChain()))
// TODO (aarifullin): make pretty-formatted output for chains.

4
cmd/frostfs-cli/modules/control/list_rules.go
View file

@ -9,7 +9,7 @@ import (
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
"github.com/spf13/cobra"
)
@ -58,7 +58,7 @@ func listRules(cmd *cobra.Command, _ []string) {
for _, c := range chains {
// TODO (aarifullin): make pretty-formatted output for chains.
var chain policyengine.Chain
var chain apechain.Chain
commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(c))
cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, chain.Bytes()))
}

58
cmd/frostfs-cli/modules/util/ape.go
View file

@ -5,7 +5,7 @@ import (
"fmt"
"strings"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/flynn-archive/go-shlex"
)
@ -21,13 +21,13 @@ var (
)
// ParseAPEChain parses APE chain rules.
func ParseAPEChain(chain *policyengine.Chain, rules []string) error {
func ParseAPEChain(chain *apechain.Chain, rules []string) error {
if len(rules) == 0 {
return errors.New("no APE rules provided")
}
for _, rule := range rules {
r := new(policyengine.Rule)
r := new(apechain.Rule)
if err := ParseAPERule(r, rule); err != nil {
return err
}
@ -47,7 +47,7 @@ func ParseAPEChain(chain *policyengine.Chain, rules []string) error {
// allow Object.Get Object.Resource:Department=HR Object.Request:Actor=ownerA *
//
//nolint:godot
func ParseAPERule(r *policyengine.Rule, rule string) error {
func ParseAPERule(r *apechain.Rule, rule string) error {
lexemes, err := shlex.Split(rule)
if err != nil {
return fmt.Errorf("can't parse rule '%s': %v", rule, err)
@ -55,7 +55,7 @@ func ParseAPERule(r *policyengine.Rule, rule string) error {
return parseRuleLexemes(r, lexemes)
}
func parseRuleLexemes(r *policyengine.Rule, lexemes []string) error {
func parseRuleLexemes(r *apechain.Rule, lexemes []string) error {
if len(lexemes) < 2 {
return errInvalidStatementFormat
}
@ -80,14 +80,14 @@ func parseRuleLexemes(r *policyengine.Rule, lexemes []string) error {
return err
}
func parseStatus(lexeme string) (policyengine.Status, error) {
func parseStatus(lexeme string) (apechain.Status, error) {
action, expression, found := strings.Cut(lexeme, ":")
switch action = strings.ToLower(action); action {
case "deny":
if !found {
return policyengine.AccessDenied, nil
return apechain.AccessDenied, nil
} else if strings.EqualFold(expression, "QuotaLimitReached") {
return policyengine.QuotaLimitReached, nil
return apechain.QuotaLimitReached, nil
} else {
return 0, fmt.Errorf("%w: %s", errUnknownActionDetail, expression)
}
@ -95,38 +95,38 @@ func parseStatus(lexeme string) (policyengine.Status, error) {
if found {
return 0, errUnknownActionDetail
}
return policyengine.Allow, nil
return apechain.Allow, nil
default:
return 0, errUnknownAction
}
}
func parseAction(lexeme string) (policyengine.Actions, error) {
func parseAction(lexeme string) (apechain.Actions, error) {
switch strings.ToLower(lexeme) {
case "object.put":
return policyengine.Actions{Names: []string{nativeschema.MethodPutObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodPutObject}}, nil
case "object.get":
return policyengine.Actions{Names: []string{nativeschema.MethodGetObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodGetObject}}, nil
case "object.head":
return policyengine.Actions{Names: []string{nativeschema.MethodHeadObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodHeadObject}}, nil
case "object.delete":
return policyengine.Actions{Names: []string{nativeschema.MethodDeleteObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodDeleteObject}}, nil
case "object.search":
return policyengine.Actions{Names: []string{nativeschema.MethodSearchObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodSearchObject}}, nil
case "object.range":
return policyengine.Actions{Names: []string{nativeschema.MethodRangeObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodRangeObject}}, nil
case "object.hash":
return policyengine.Actions{Names: []string{nativeschema.MethodHashObject}}, nil
return apechain.Actions{Names: []string{nativeschema.MethodHashObject}}, nil
default:
}
return policyengine.Actions{}, fmt.Errorf("%w: %s", errUnknownOperation, lexeme)
return apechain.Actions{}, fmt.Errorf("%w: %s", errUnknownOperation, lexeme)
}
func parseResource(lexeme string) (policyengine.Resources, error) {
func parseResource(lexeme string) (apechain.Resources, error) {
if lexeme == "*" {
return policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}}, nil
return apechain.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}}, nil
}
return policyengine.Resources{Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, lexeme)}}, nil
return apechain.Resources{Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, lexeme)}}, nil
}
const (
@ -134,13 +134,13 @@ const (
ObjectRequest = "object.request"
)
var typeToCondObject = map[string]policyengine.ObjectType{
ObjectResource: policyengine.ObjectResource,
ObjectRequest: policyengine.ObjectRequest,
var typeToCondObject = map[string]apechain.ObjectType{
ObjectResource: apechain.ObjectResource,
ObjectRequest: apechain.ObjectRequest,
}
func parseConditions(lexemes []string) ([]policyengine.Condition, error) {
conds := make([]policyengine.Condition, 0)
func parseConditions(lexemes []string) ([]apechain.Condition, error) {
conds := make([]apechain.Condition, 0)
for _, lexeme := range lexemes {
typ, expression, found := strings.Cut(lexeme, ":")
@ -155,7 +155,7 @@ func parseConditions(lexemes []string) ([]policyengine.Condition, error) {
var lhs, rhs string
var binExpFound bool
var cond policyengine.Condition
var cond apechain.Condition
cond.Object = objType
lhs, rhs, binExpFound = strings.Cut(expression, "!=")
@ -164,9 +164,9 @@ func parseConditions(lexemes []string) ([]policyengine.Condition, error) {
if !binExpFound {
return nil, fmt.Errorf("%w: %s", errUnknownBinaryOperator, expression)
}
cond.Op = policyengine.CondStringEquals
cond.Op = apechain.CondStringEquals
} else {
cond.Op = policyengine.CondStringNotEquals
cond.Op = apechain.CondStringNotEquals
}
cond.Key, cond.Value = lhs, rhs

2
cmd/frostfs-cli/modules/util/ape_test.go
View file

@ -3,7 +3,7 @@ package util
import (
"testing"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
"github.com/stretchr/testify/require"
)