Use access policy engine to permit PUT request #770
No reviewers
Labels
No labels
P0
P1
P2
P3
badger
frostfs-adm
frostfs-cli
frostfs-ir
frostfs-lens
frostfs-node
good first issue
triage
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
No milestone
No project
No assignees
4 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: TrueCloudLab/frostfs-node#770
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "aarifullin/frostfs-node:feature/ape_rules_impl"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
e67a493560
to8247382a21
@ -0,0 +26,4 @@
return nil
}
func ParseAPERule(r *policyengine.Rule, rule string) error {
Please add some
rule
examples. I suppose that simplejson
will be easier.Also, as I understand it, it turns out that there are two policy serilizers: one for the
cli
, the second forjson
. So having only one (json
) will be simpler to maintain.You have probably misunderstood the point - IAM JSON format rules are not processed in cli.
The statements are passed to
ParseAPERule
are similiar with the format passed toParseEACLRules
likeallow Object.Put *
deny Object.Put *
deny:QuotaLimitReached Object.Put *
etc.
I will writre a unit-test for parsing and that will be clearer
8247382a21
tobc8a21a949
bc8a21a949
toa4a8bc1dbe
a4a8bc1dbe
to4fbce91ce0
@ -0,0 +7,4 @@
)
type apeChainSourceImpl struct {
localChainStorage map[cid.ID]policyengine.CachedChainStorage
Also mutex is required.
You are right. I've added. But this mutex will be used agressively for a while (
Lock
,Unlock
) because if there is no source it is created for a container@ -172,0 +184,4 @@
// Access denied.
ACCESS_DENIED = 2;
// Quita limit reached.
In my opinion, there is no sense from such comments. Maybe drop it?
I agree! This has been with principle "everyone writes and I write too" :) but I also do not find any profit of these comments
Removed obvious comments
4fbce91ce0
toa37ae27d4d
a37ae27d4d
to13bd2dd692
13bd2dd692
to5d493bc52e
5d493bc52e
to9807a291f9
@ -171,1 +171,4 @@
}
// Access policy enigne rule chain.
message Chain {
Statuses are defined in the policy engine library, I think having raw byte slice in chain is OK, at least for now.
Alright. I've made proto fill serialized chain instead
Chain
protobuf9807a291f9
toe39a542d46
e39a542d46
to28777fed0b
Please, also fix
XX
in the commit messages.28777fed0b
to4ab978ac0c
Fixed
@ -0,0 +137,4 @@
ObjectActor: policyengine.ObjectActor,
}
func parseConitions(lexemes []string) ([]policyengine.Condition, error) {
parseConitions -> parseConditions
4ab978ac0c
to11e80dce61
11e80dce61
to205cd4628f
205cd4628f
to624f9deb87
apeSvc
at the same level withaclSvc
#798