TrueCloudLab
/
frostfs-s3-gw
16
2
Fork 14
Code Issues 19 Pull Requests 5 Actions 4 Packages Releases 6 Activity

[#360] Reuse single target during policy check
/ DCO (pull_request) Successful in 1m40s Details
/ Vulncheck (pull_request) Failing after 1m51s Details
/ Builds (1.20) (pull_request) Successful in 2m29s Details
/ Builds (1.21) (pull_request) Successful in 1m44s Details
/ Lint (pull_request) Successful in 3m57s Details
/ Tests (1.20) (pull_request) Successful in 2m26s Details
/ Tests (1.21) (pull_request) Successful in 2m18s Details 

Policy engine library is able to manage multiple
targets and resolve different status results.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
pull/360/head v0.29.0-rc.6
Alexey Vanin 2024-04-10 16:26:39 +03:00
parent b7e15402a1
commit 65a8e2dadc
1 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
api/middleware/policy.go
View File

@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
}
reqInfo := GetReqInfo(r.Context())
targets := []engine.RequestTarget{
engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
}
target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
if bktInfo != nil {
targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString()))
cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
target.Container = &cnrTarget
}
st := chain.NoRuleFound
for _, target := range targets {
status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
if err != nil {
return err
}
if found {
st = status
if status != chain.Allow {
break
}
}
st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
if err != nil {
return err
}
if !found {
st = chain.NoRuleFound
}
switch {