WIP: ape: Add container source to object policy checker #1045
3 changed files with 20 additions and 2 deletions
|
@ -444,6 +444,7 @@ func createAPEService(c *cfg, splitSvc *objectService.TransportSplitter) *object
|
|||
objectAPE.NewChecker(
|
||||
c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.chainRouter,
|
||||
objectAPE.NewStorageEngineHeaderProvider(c.cfgObject.cfgLocalStorage.localStorage),
|
||||
c.cfgObject.cnrSource,
|
||||
),
|
||||
splitSvc,
|
||||
)
|
||||
|
|
|
@ -5,23 +5,32 @@ import (
|
|||
"fmt"
|
||||
|
||||
objectV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
|
||||
containercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
||||
)
|
||||
|
||||
type containers interface {
|
||||
Get(cid.ID) (*containercore.Container, error)
|
||||
}
|
||||
|
||||
type checkerImpl struct {
|
||||
chainRouter policyengine.ChainRouter
|
||||
|
||||
headerProvider HeaderProvider
|
||||
|
||||
reader containers
|
||||
}
|
||||
|
||||
func NewChecker(chainRouter policyengine.ChainRouter, headerProvider HeaderProvider) Checker {
|
||||
func NewChecker(chainRouter policyengine.ChainRouter, headerProvider HeaderProvider, reader containers) Checker {
|
||||
return &checkerImpl{
|
||||
chainRouter: chainRouter,
|
||||
|
||||
headerProvider: headerProvider,
|
||||
|
||||
reader: reader,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -145,11 +145,19 @@ func (c *checkerImpl) newAPERequest(ctx context.Context, prm Prm) (*request, err
|
|||
}
|
||||
}
|
||||
|
||||
cont, err := c.reader.Get(prm.Container)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("get container: %s", err)
|
||||
}
|
||||
|
||||
props := objectProperties(prm.Container, prm.Object, header)
|
||||
props[nativeschema.PropertyKeyContainerOwnerID] = cont.Value.Owner().EncodeToString()
|
||||
|
||||
return &request{
|
||||
operation: prm.Method,
|
||||
resource: &resource{
|
||||
name: resourceName(prm.Container, prm.Object, prm.Namespace),
|
||||
properties: objectProperties(prm.Container, prm.Object, header),
|
||||
properties: props,
|
||||
},
|
||||
properties: map[string]string{
|
||||
nativeschema.PropertyKeyActorPublicKey: prm.SenderKey,
|
||||
|
|
Loading…
Reference in a new issue