package container import ( "context" "sync/atomic" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container" container_grpc "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container/grpc" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" "git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user" ) var _ Server = (*auditService)(nil) type auditService struct { next Server log *logger.Logger enabled *atomic.Bool } func NewAuditService(next Server, log *logger.Logger, enabled *atomic.Bool) Server { return &auditService{ next: next, log: log, enabled: enabled, } } // AnnounceUsedSpace implements Server. func (a *auditService) AnnounceUsedSpace(ctx context.Context, req *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error) { res, err := a.next.AnnounceUsedSpace(ctx, req) if !a.enabled.Load() { return res, err } var ids []*refs.ContainerID for _, v := range req.GetBody().GetAnnouncements() { ids = append(ids, v.GetContainerID()) } audit.LogRequest(a.log, container_grpc.ContainerService_AnnounceUsedSpace_FullMethodName, req, audit.TargetFromRefs(ids, &cid.ID{}), err == nil) return res, err } // Delete implements Server. func (a *auditService) Delete(ctx context.Context, req *container.DeleteRequest) (*container.DeleteResponse, error) { res, err := a.next.Delete(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_Delete_FullMethodName, req, audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil) return res, err } // Get implements Server. func (a *auditService) Get(ctx context.Context, req *container.GetRequest) (*container.GetResponse, error) { res, err := a.next.Get(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_Get_FullMethodName, req, audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil) return res, err } // GetExtendedACL implements Server. func (a *auditService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) { res, err := a.next.GetExtendedACL(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_GetExtendedACL_FullMethodName, req, audit.TargetFromRef(req.GetBody().GetContainerID(), &cid.ID{}), err == nil) return res, err } // List implements Server. func (a *auditService) List(ctx context.Context, req *container.ListRequest) (*container.ListResponse, error) { res, err := a.next.List(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_List_FullMethodName, req, audit.TargetFromRef(req.GetBody().GetOwnerID(), &user.ID{}), err == nil) return res, err } // Put implements Server. func (a *auditService) Put(ctx context.Context, req *container.PutRequest) (*container.PutResponse, error) { res, err := a.next.Put(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_Put_FullMethodName, req, audit.TargetFromRef(res.GetBody().GetContainerID(), &cid.ID{}), err == nil) return res, err } // SetExtendedACL implements Server. func (a *auditService) SetExtendedACL(ctx context.Context, req *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) { res, err := a.next.SetExtendedACL(ctx, req) if !a.enabled.Load() { return res, err } audit.LogRequest(a.log, container_grpc.ContainerService_SetExtendedACL_FullMethodName, req, audit.TargetFromRef(req.GetBody().GetEACL().GetContainerID(), &cid.ID{}), err == nil) return res, err }