control: Recieve target in gRPC methods for APE managing #842
14 changed files with 121 additions and 31 deletions
|
@ -4,6 +4,7 @@ import (
|
|||
"bytes"
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||
|
@ -13,6 +14,7 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
|
@ -60,10 +62,15 @@ func addRule(cmd *cobra.Command, _ []string) {
|
|||
cmd.Println("Container ID: " + cidStr)
|
||||
cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain))
|
||||
|
||||
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
|
||||
|
||||
req := &control.AddChainLocalOverrideRequest{
|
||||
Body: &control.AddChainLocalOverrideRequest_Body{
|
||||
ContainerId: rawCID,
|
||||
Chain: serializedChain,
|
||||
Target: &control.ChainTarget{
|
||||
Type: control.ChainTarget_CONTAINER,
|
||||
Name: name,
|
||||
},
|
||||
Chain: serializedChain,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ package control
|
|||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||
|
@ -10,6 +11,7 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
|
@ -32,10 +34,15 @@ func getRule(cmd *cobra.Command, _ []string) {
|
|||
|
||||
chainID, _ := cmd.Flags().GetString(chainIDFlag)
|
||||
|
||||
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
|
||||
|
||||
req := &control.GetChainLocalOverrideRequest{
|
||||
Body: &control.GetChainLocalOverrideRequest_Body{
|
||||
ContainerId: rawCID,
|
||||
ChainId: chainID,
|
||||
Target: &control.ChainTarget{
|
||||
Name: name,
|
||||
Type: control.ChainTarget_CONTAINER,
|
||||
},
|
||||
ChainId: chainID,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ package control
|
|||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||
|
@ -10,6 +11,7 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
|
@ -30,9 +32,14 @@ func listRules(cmd *cobra.Command, _ []string) {
|
|||
rawCID := make([]byte, sha256.Size)
|
||||
cnr.Encode(rawCID)
|
||||
|
||||
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
|
||||
|
||||
req := &control.ListChainLocalOverridesRequest{
|
||||
Body: &control.ListChainLocalOverridesRequest_Body{
|
||||
ContainerId: rawCID,
|
||||
Target: &control.ChainTarget{
|
||||
Name: name,
|
||||
Type: control.ChainTarget_CONTAINER,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ package control
|
|||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||
|
@ -9,6 +10,7 @@ import (
|
|||
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
|
@ -35,10 +37,15 @@ func removeRule(cmd *cobra.Command, _ []string) {
|
|||
|
||||
chainID, _ := cmd.Flags().GetString(chainIDFlag)
|
||||
|
||||
name := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cidStr)
|
||||
|
||||
req := &control.RemoveChainLocalOverrideRequest{
|
||||
Body: &control.RemoveChainLocalOverrideRequest_Body{
|
||||
ContainerId: rawCID,
|
||||
ChainId: chainID,
|
||||
Target: &control.ChainTarget{
|
||||
Name: name,
|
||||
Type: control.ChainTarget_CONTAINER,
|
||||
},
|
||||
ChainId: chainID,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
2
go.mod
2
go.mod
|
@ -8,7 +8,7 @@ require (
|
|||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e
|
||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
||||
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231128145636-a0a35bf4bf31
|
||||
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231205092054-2d4a9fc6dcb3
|
||||
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
||||
github.com/cheggaaa/pb v1.0.29
|
||||
github.com/chzyer/readline v1.5.1
|
||||
|
|
BIN
go.sum
BIN
go.sum
Binary file not shown.
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
|
@ -14,13 +15,36 @@ import (
|
|||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
// extractCID extracts CID from the schema's pattern.
|
||||
// TODO (aarifullin): This is temporary solution should be replaced by
|
||||
// resource name validation.
|
||||
func extractCID(resource string) (cid.ID, error) {
|
||||
var cidStr string
|
||||
|
||||
// Sscanf requires to make tokens delimited by spaces.
|
||||
pattern := strings.Replace(nativeschema.ResourceFormatRootContainerObjects, "/", " ", -1)
|
||||
resource = strings.Replace(resource, "/", " ", -1)
|
||||
|
||||
if _, err := fmt.Sscanf(resource, pattern, &cidStr); err != nil {
|
||||
err = fmt.Errorf("could not parse the target name '%s' to CID: %w", resource, err)
|
||||
return cid.ID{}, err
|
||||
}
|
||||
var cid cid.ID
|
||||
err := cid.DecodeString(cidStr)
|
||||
return cid, err
|
||||
}
|
||||
|
||||
func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainLocalOverrideRequest) (*control.AddChainLocalOverrideResponse, error) {
|
||||
if err := s.isValidRequest(req); err != nil {
|
||||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
|
||||
var cid cid.ID
|
||||
err := cid.Decode(req.GetBody().GetContainerId())
|
||||
target := req.GetBody().GetTarget()
|
||||
if target.Type != control.ChainTarget_CONTAINER {
|
||||
return nil, status.Error(codes.Internal, fmt.Errorf("target type is not supported: %s", target.Type.String()).Error())
|
||||
}
|
||||
|
||||
cid, err := extractCID(target.GetName())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.InvalidArgument, err.Error())
|
||||
}
|
||||
|
@ -37,10 +61,12 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
|
|||
|
||||
s.apeChainCounter.Add(1)
|
||||
// TODO (aarifullin): the such chain id is not well-designed yet.
|
||||
chain.ID = apechain.ID(fmt.Sprintf("%s:%d", apechain.Ingress, s.apeChainCounter.Load()))
|
||||
if chain.ID == "" {
|
||||
chain.ID = apechain.ID(fmt.Sprintf("%s:%d", apechain.Ingress, s.apeChainCounter.Load()))
|
||||
}
|
||||
|
||||
resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
|
||||
if _, err = src.LocalStorage().AddOverride(apechain.Ingress, resource, &chain); err != nil {
|
||||
if _, err = src.LocalStorage().AddOverride(apechain.Ingress, engine.ContainerTarget(resource), &chain); err != nil {
|
||||
return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
|
||||
}
|
||||
|
||||
|
@ -61,8 +87,12 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL
|
|||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
|
||||
var cid cid.ID
|
||||
err := cid.Decode(req.GetBody().GetContainerId())
|
||||
target := req.GetBody().GetTarget()
|
||||
if target.Type != control.ChainTarget_CONTAINER {
|
||||
return nil, status.Error(codes.Internal, fmt.Errorf("target type is not supported: %s", target.Type.String()).Error())
|
||||
}
|
||||
|
||||
cid, err := extractCID(target.GetName())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.InvalidArgument, err.Error())
|
||||
}
|
||||
|
@ -73,7 +103,7 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL
|
|||
}
|
||||
|
||||
resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
|
||||
chain, err := src.LocalStorage().GetOverride(apechain.Ingress, resource, apechain.ID(req.GetBody().GetChainId()))
|
||||
chain, err := src.LocalStorage().GetOverride(apechain.Ingress, engine.ContainerTarget(resource), apechain.ID(req.GetBody().GetChainId()))
|
||||
if err != nil {
|
||||
return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
|
||||
}
|
||||
|
@ -95,8 +125,12 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha
|
|||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
|
||||
var cid cid.ID
|
||||
err := cid.Decode(req.GetBody().GetContainerId())
|
||||
target := req.GetBody().GetTarget()
|
||||
if target.Type != control.ChainTarget_CONTAINER {
|
||||
return nil, status.Error(codes.Internal, fmt.Errorf("target type is not supported: %s", target.Type.String()).Error())
|
||||
}
|
||||
|
||||
cid, err := extractCID(target.GetName())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.InvalidArgument, err.Error())
|
||||
}
|
||||
|
@ -107,7 +141,7 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha
|
|||
}
|
||||
|
||||
resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
|
||||
chains, err := src.LocalStorage().ListOverrides(apechain.Ingress, resource)
|
||||
chains, err := src.LocalStorage().ListOverrides(apechain.Ingress, engine.ContainerTarget(resource))
|
||||
if err != nil {
|
||||
return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
|
||||
}
|
||||
|
@ -133,8 +167,12 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
|
|||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
|
||||
var cid cid.ID
|
||||
err := cid.Decode(req.GetBody().GetContainerId())
|
||||
target := req.GetBody().GetTarget()
|
||||
if target.Type != control.ChainTarget_CONTAINER {
|
||||
return nil, status.Error(codes.Internal, fmt.Errorf("target type is not supported: %s", target.Type.String()).Error())
|
||||
}
|
||||
|
||||
cid, err := extractCID(target.GetName())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.InvalidArgument, err.Error())
|
||||
}
|
||||
|
@ -145,7 +183,7 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
|
|||
}
|
||||
|
||||
resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
|
||||
if err = src.LocalStorage().RemoveOverride(apechain.Ingress, resource, apechain.ID(req.GetBody().GetChainId())); err != nil {
|
||||
if err = src.LocalStorage().RemoveOverride(apechain.Ingress, engine.ContainerTarget(resource), apechain.ID(req.GetBody().GetChainId())); err != nil {
|
||||
return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
|
||||
}
|
||||
resp := &control.RemoveChainLocalOverrideResponse{
|
||||
|
|
BIN
pkg/services/control/service.pb.go
generated
BIN
pkg/services/control/service.pb.go
generated
Binary file not shown.
|
@ -421,10 +421,12 @@ message StopShardEvacuationResponse {
|
|||
// AddChainLocalOverride request.
|
||||
message AddChainLocalOverrideRequest {
|
||||
message Body {
|
||||
// Container id for which the overrides are applied.
|
||||
bytes container_id = 1;
|
||||
// Target for which the overrides are applied.
|
||||
ChainTarget target = 1;
|
||||
|
||||
// Serialized rule chain.
|
||||
// Serialized rule chain. If chain ID is left empty
|
||||
// in the chain, then it will be generated and returned
|
||||
// in the response.
|
||||
bytes chain = 2;
|
||||
}
|
||||
|
||||
|
@ -437,6 +439,8 @@ message AddChainLocalOverrideRequest {
|
|||
message AddChainLocalOverrideResponse {
|
||||
message Body {
|
||||
// Chain ID assigned for the added rule chain.
|
||||
// If chain ID is left empty in the request, then
|
||||
// it will be generated.
|
||||
string chain_id = 1;
|
||||
}
|
||||
|
||||
|
@ -448,8 +452,8 @@ message AddChainLocalOverrideResponse {
|
|||
// GetChainLocalOverride request.
|
||||
message GetChainLocalOverrideRequest {
|
||||
message Body {
|
||||
// Container id for which the overrides are defined.
|
||||
bytes container_id = 1;
|
||||
// Target for which the overrides are applied.
|
||||
ChainTarget target = 1;
|
||||
|
||||
// Chain ID assigned for the added rule chain.
|
||||
string chain_id = 2;
|
||||
|
@ -475,8 +479,8 @@ message GetChainLocalOverrideResponse {
|
|||
// ListChainLocalOverrides request.
|
||||
message ListChainLocalOverridesRequest {
|
||||
message Body {
|
||||
// Container id for which the overrides are defined.
|
||||
bytes container_id = 1;
|
||||
// Target for which the overrides are applied.
|
||||
ChainTarget target = 1;
|
||||
}
|
||||
|
||||
Body body = 1;
|
||||
|
@ -498,8 +502,8 @@ message ListChainLocalOverridesResponse {
|
|||
|
||||
message RemoveChainLocalOverrideRequest {
|
||||
message Body {
|
||||
// Container id for which the overrides are defined.
|
||||
bytes container_id = 1;
|
||||
// Target for which the overrides are applied.
|
||||
ChainTarget target = 1;
|
||||
|
||||
// Chain ID assigned for the added rule chain.
|
||||
string chain_id = 2;
|
||||
|
|
BIN
pkg/services/control/service_frostfs.pb.go
generated
BIN
pkg/services/control/service_frostfs.pb.go
generated
Binary file not shown.
BIN
pkg/services/control/types.pb.go
generated
BIN
pkg/services/control/types.pb.go
generated
Binary file not shown.
|
@ -169,3 +169,20 @@ enum ShardMode {
|
|||
// DegradedReadOnly.
|
||||
DEGRADED_READ_ONLY = 4;
|
||||
}
|
||||
|
||||
|
||||
// ChainTarget is an object to which local overrides
|
||||
// are applied.
|
||||
message ChainTarget {
|
||||
enum TargetType {
|
||||
UNDEFINED = 0;
|
||||
|
||||
NAMESPACE = 1;
|
||||
|
||||
CONTAINER = 2;
|
||||
}
|
||||
|
||||
TargetType type = 1;
|
||||
|
||||
string Name = 2;
|
||||
}
|
BIN
pkg/services/control/types_frostfs.pb.go
generated
BIN
pkg/services/control/types_frostfs.pb.go
generated
Binary file not shown.
|
@ -9,6 +9,7 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
||||
)
|
||||
|
||||
var errAPEChainNoSource = errors.New("could not get ape chain source for the container")
|
||||
|
@ -36,7 +37,9 @@ func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
|
|||
request := new(Request)
|
||||
request.FromRequestInfo(reqInfo)
|
||||
|
||||
status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, "", request)
|
||||
cnrTarget := getResource(reqInfo).Name()
|
||||
|
||||
status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue