From 65a8e2dadc0742c40d8a056acc092dbc29aecb55 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Wed, 10 Apr 2024 16:26:39 +0300 Subject: [PATCH] [#360] Reuse single target during policy check Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin --- api/middleware/policy.go | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/api/middleware/policy.go b/api/middleware/policy.go index a74a479..cde6af5 100644 --- a/api/middleware/policy.go +++ b/api/middleware/policy.go @@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error { } reqInfo := GetReqInfo(r.Context()) - targets := []engine.RequestTarget{ - engine.NewRequestTargetWithNamespace(reqInfo.Namespace), - } + target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace) if bktInfo != nil { - targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString())) + cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString()) + target.Container = &cnrTarget } - st := chain.NoRuleFound - for _, target := range targets { - status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req) - if err != nil { - return err - } - if found { - st = status - if status != chain.Allow { - break - } - } + st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req) + if err != nil { + return err + } + + if !found { + st = chain.NoRuleFound } switch { -- 2.45.2