TrueCloudLab/frostfs-s3-gw
14
2
Fork 17
Code Issues 22 Pull requests 5 Projects Releases 16 Packages Activity Actions

[#360] Reuse single target during policy check
Some checks failed
/ DCO (pull_request) Successful in 1m38s
Details
/ Vulncheck (pull_request) Failing after 2m4s
Details
/ Builds (1.20) (pull_request) Successful in 2m33s
Details
/ Builds (1.21) (pull_request) Successful in 2m12s
Details
/ Lint (pull_request) Successful in 3m6s
Details
/ Tests (1.20) (pull_request) Successful in 2m57s
Details
/ Tests (1.21) (pull_request) Successful in 2m6s
Details

Browse source 
Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
This commit is contained in:
Alexey Vanin 2024-04-10 16:26:39 +03:00
parent 6da1acc554
commit 61ff4702a2
1 changed files with 10 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
api/middleware/policy.go
View file

@ -81,25 +81,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
} }
reqInfo := GetReqInfo(r.Context()) reqInfo := GetReqInfo(r.Context())
targets := []engine.RequestTarget{ target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
}
if bktInfo != nil { if bktInfo != nil {
targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString())) cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
target.Container = &cnrTarget
} }
st := chain.NoRuleFound st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
for _, target := range targets { if err != nil {
status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req) return err
if err != nil { }
return err
} if !found {
if found { st = chain.NoRuleFound
st = status
if status != chain.Allow {
break
}
}
} }
switch { switch {