TrueCloudLab
/
frostfs-node
18
1
Fork 21
Code Issues 89 Pull Requests 7 Actions Releases Activity

[#180] Return isInnerRing flag in request classifier 

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
remotes/KirillovDenis/release/v0.21.1
Alex Vanin 2020-11-18 10:53:42 +03:00 committed by Alex Vanin
parent 6f841e319d
commit cf85fa9fab
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/services/object/acl/acl.go
View File

@ -405,7 +405,7 @@ func (b Service) findRequestInfo(
} }
// find request role and key // find request role and key
role, key, err := b.sender.Classify(req, cid, cnr) role, isIR, key, err := b.sender.Classify(req, cid, cnr)
if err != nil { if err != nil {
return info, err return info, err
} }
@ -420,6 +420,7 @@ func (b Service) findRequestInfo(
info.basicACL = basicACLHelper(cnr.BasicACL()) info.basicACL = basicACLHelper(cnr.BasicACL())
info.requestRole = role info.requestRole = role
info.isInnerRing = isIR
info.operation = verb info.operation = verb
info.owner = cnr.OwnerID() info.owner = cnr.OwnerID()
info.cid = cid info.cid = cid

18
pkg/services/object/acl/classifier.go
View File

@ -46,15 +46,15 @@ func NewSenderClassifier(ir InnerRingFetcher, nm core.Source) SenderClassifier {
func (c SenderClassifier) Classify( func (c SenderClassifier) Classify(
req metaWithToken, req metaWithToken,
cid *container.ID, cid *container.ID,
cnr *container.Container) (acl.Role, []byte, error) { cnr *container.Container) (role acl.Role, isIR bool, key []byte, err error) {
if cid == nil { if cid == nil {
return 0, nil, errors.Wrap(ErrMalformedRequest, "container id is not set") return 0, false, nil, errors.Wrap(ErrMalformedRequest, "container id is not set")
} }
ownerID, ownerKey, err := requestOwner(req) ownerID, ownerKey, err := requestOwner(req)
if err != nil { if err != nil {
return 0, nil, err return 0, false, nil, err
} }
ownerKeyInBytes := crypto.MarshalPublicKey(ownerKey) ownerKeyInBytes := crypto.MarshalPublicKey(ownerKey)
@ -63,25 +63,25 @@ func (c SenderClassifier) Classify(
// if request owner is the same as container owner, return RoleUser // if request owner is the same as container owner, return RoleUser
if bytes.Equal(cnr.OwnerID().ToV2().GetValue(), ownerID.ToV2().GetValue()) { if bytes.Equal(cnr.OwnerID().ToV2().GetValue(), ownerID.ToV2().GetValue()) {
return acl.RoleUser, ownerKeyInBytes, nil return acl.RoleUser, false, ownerKeyInBytes, nil
} }
isInnerRingNode, err := c.isInnerRingKey(ownerKeyInBytes) isInnerRingNode, err := c.isInnerRingKey(ownerKeyInBytes)
if err != nil { if err != nil {
return 0, nil, errors.Wrap(err, "can't check if request from inner ring") return 0, false, nil, errors.Wrap(err, "can't check if request from inner ring")
} else if isInnerRingNode { } else if isInnerRingNode {
return acl.RoleSystem, ownerKeyInBytes, nil return acl.RoleSystem, true, ownerKeyInBytes, nil
} }
isContainerNode, err := c.isContainerKey(ownerKeyInBytes, cid.ToV2().GetValue(), cnr) isContainerNode, err := c.isContainerKey(ownerKeyInBytes, cid.ToV2().GetValue(), cnr)
if err != nil { if err != nil {
return 0, nil, errors.Wrap(err, "can't check if request from container node") return 0, false, nil, errors.Wrap(err, "can't check if request from container node")
} else if isContainerNode { } else if isContainerNode {
return acl.RoleSystem, ownerKeyInBytes, nil return acl.RoleSystem, false, ownerKeyInBytes, nil
} }
// if none of above, return RoleOthers // if none of above, return RoleOthers
return acl.RoleOthers, ownerKeyInBytes, nil return acl.RoleOthers, false, ownerKeyInBytes, nil
} }
func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) { func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) {