Airat Arifullin
70b2d00f9c
* Provide methods to access rule chains with access policy engine (APE) chain source * Initialize apeChainSource within object service initialization * Share apeChainSource with control service * Implement dummy apeChainSource instance based on in-memory implementation Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
80 lines
2.5 KiB
Go
80 lines
2.5 KiB
Go
package container
|
|
|
|
import (
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
|
|
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
|
|
)
|
|
|
|
// Container groups information about the FrostFS container stored in the FrostFS network.
|
|
type Container struct {
|
|
// Container structure.
|
|
Value container.Container
|
|
|
|
// Signature of the Value.
|
|
Signature frostfscrypto.Signature
|
|
|
|
// Session within which Value was created. Nil means session absence.
|
|
Session *session.Container
|
|
}
|
|
|
|
// DelInfo contains info about removed container.
|
|
type DelInfo struct {
|
|
// Container owner.
|
|
Owner []byte
|
|
|
|
// Epoch indicates when the container was removed.
|
|
Epoch int
|
|
}
|
|
|
|
// Source is an interface that wraps
|
|
// basic container receiving method.
|
|
type Source interface {
|
|
// Get reads the container from the storage by its identifier.
|
|
// It returns the pointer to the requested container and any error encountered.
|
|
//
|
|
// Get must return exactly one non-nil value.
|
|
// Get must return an error of type apistatus.ContainerNotFound if the container is not in the storage.
|
|
//
|
|
// Implementations must not retain the container pointer and modify
|
|
// the container through it.
|
|
Get(cid.ID) (*Container, error)
|
|
|
|
DeletionInfo(cid.ID) (*DelInfo, error)
|
|
}
|
|
|
|
// EACL groups information about the FrostFS container's extended ACL stored in
|
|
// the FrostFS network.
|
|
type EACL struct {
|
|
// Extended ACL structure.
|
|
Value *eacl.Table
|
|
|
|
// Signature of the Value.
|
|
Signature frostfscrypto.Signature
|
|
|
|
// Session within which Value was set. Nil means session absence.
|
|
Session *session.Container
|
|
}
|
|
|
|
// EACLSource is the interface that wraps
|
|
// basic methods of extended ACL table source.
|
|
type EACLSource interface {
|
|
// GetEACL reads the table from the source by identifier.
|
|
// It returns any error encountered.
|
|
//
|
|
// GetEACL must return exactly one non-nil value.
|
|
//
|
|
// Must return apistatus.ErrEACLNotFound if requested
|
|
// eACL table is not in source.
|
|
GetEACL(cid.ID) (*EACL, error)
|
|
}
|
|
|
|
// AccessPolicyEngineChainSource interface provides methods to access and manipulate
|
|
// policy engine chain storage.
|
|
type AccessPolicyEngineChainSource interface {
|
|
// TODO (aarifullin): Better to use simpler interface instead CachedChainStorage.
|
|
GetChainSource(cid cid.ID) (policyengine.CachedChainStorage, error)
|
|
}
|