2021-11-08 14:29:54 +00:00
|
|
|
package eacl
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/sha256"
|
2022-04-12 16:23:16 +00:00
|
|
|
"fmt"
|
2021-11-08 14:29:54 +00:00
|
|
|
|
2024-10-07 14:20:25 +00:00
|
|
|
v2acl "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/acl"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
|
2023-03-07 11:20:03 +00:00
|
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
|
2021-11-08 14:29:54 +00:00
|
|
|
)
|
|
|
|
|
2022-02-17 16:10:49 +00:00
|
|
|
// Table is a group of ContainerEACL records for single container.
|
2021-11-08 14:29:54 +00:00
|
|
|
//
|
|
|
|
// Table is compatible with v2 acl.EACLTable message.
|
|
|
|
type Table struct {
|
|
|
|
version version.Version
|
2022-04-12 16:23:16 +00:00
|
|
|
cid *cid.ID
|
2022-03-11 09:02:53 +00:00
|
|
|
records []Record
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// CID returns identifier of the container that should use given access control rules.
|
2022-04-12 16:23:16 +00:00
|
|
|
func (t Table) CID() (cID cid.ID, isSet bool) {
|
|
|
|
if t.cid != nil {
|
|
|
|
cID = *t.cid
|
|
|
|
isSet = true
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetCID sets identifier of the container that should use given access control rules.
|
2022-04-11 16:25:14 +00:00
|
|
|
func (t *Table) SetCID(cid cid.ID) {
|
2022-04-12 16:23:16 +00:00
|
|
|
t.cid = &cid
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Version returns version of eACL format.
|
|
|
|
func (t Table) Version() version.Version {
|
|
|
|
return t.version
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetVersion sets version of eACL format.
|
|
|
|
func (t *Table) SetVersion(version version.Version) {
|
|
|
|
t.version = version
|
|
|
|
}
|
|
|
|
|
|
|
|
// Records returns list of extended ACL rules.
|
2022-03-11 09:02:53 +00:00
|
|
|
func (t Table) Records() []Record {
|
2021-11-08 14:29:54 +00:00
|
|
|
return t.records
|
|
|
|
}
|
|
|
|
|
|
|
|
// AddRecord adds single eACL rule.
|
|
|
|
func (t *Table) AddRecord(r *Record) {
|
|
|
|
if r != nil {
|
2022-03-11 09:02:53 +00:00
|
|
|
t.records = append(t.records, *r)
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToV2 converts Table to v2 acl.EACLTable message.
|
|
|
|
//
|
|
|
|
// Nil Table converts to nil.
|
|
|
|
func (t *Table) ToV2() *v2acl.Table {
|
|
|
|
if t == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
v2 := new(v2acl.Table)
|
2022-04-11 16:25:14 +00:00
|
|
|
var cidV2 refs.ContainerID
|
2021-11-08 14:29:54 +00:00
|
|
|
|
2022-04-12 16:23:16 +00:00
|
|
|
if t.cid != nil {
|
2022-04-11 16:25:14 +00:00
|
|
|
t.cid.WriteToV2(&cidV2)
|
|
|
|
v2.SetContainerID(&cidV2)
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if t.records != nil {
|
2022-03-11 09:02:53 +00:00
|
|
|
records := make([]v2acl.Record, len(t.records))
|
|
|
|
for i := range t.records {
|
|
|
|
records[i] = *t.records[i].ToV2()
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
v2.SetRecords(records)
|
|
|
|
}
|
|
|
|
|
2022-03-23 15:35:44 +00:00
|
|
|
var verV2 refs.Version
|
|
|
|
t.version.WriteToV2(&verV2)
|
|
|
|
v2.SetVersion(&verV2)
|
2021-11-08 14:29:54 +00:00
|
|
|
|
|
|
|
return v2
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewTable creates, initializes and returns blank Table instance.
|
|
|
|
//
|
|
|
|
// Defaults:
|
2022-08-24 14:17:40 +00:00
|
|
|
// - version: version.Current();
|
|
|
|
// - container ID: nil;
|
|
|
|
// - records: nil;
|
|
|
|
// - session token: nil;
|
|
|
|
// - signature: nil.
|
2021-11-08 14:29:54 +00:00
|
|
|
func NewTable() *Table {
|
|
|
|
t := new(Table)
|
2022-03-23 15:35:44 +00:00
|
|
|
t.SetVersion(version.Current())
|
2021-11-08 14:29:54 +00:00
|
|
|
|
|
|
|
return t
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateTable creates, initializes with parameters and returns Table instance.
|
|
|
|
func CreateTable(cid cid.ID) *Table {
|
|
|
|
t := NewTable()
|
2022-04-11 16:25:14 +00:00
|
|
|
t.SetCID(cid)
|
2021-11-08 14:29:54 +00:00
|
|
|
|
|
|
|
return t
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewTableFromV2 converts v2 acl.EACLTable message to Table.
|
|
|
|
func NewTableFromV2(table *v2acl.Table) *Table {
|
|
|
|
t := new(Table)
|
|
|
|
|
|
|
|
if table == nil {
|
|
|
|
return t
|
|
|
|
}
|
|
|
|
|
|
|
|
// set version
|
|
|
|
if v := table.GetVersion(); v != nil {
|
|
|
|
ver := version.Version{}
|
|
|
|
ver.SetMajor(v.GetMajor())
|
|
|
|
ver.SetMinor(v.GetMinor())
|
|
|
|
|
|
|
|
t.SetVersion(ver)
|
|
|
|
}
|
|
|
|
|
|
|
|
// set container id
|
|
|
|
if id := table.GetContainerID(); id != nil {
|
2022-04-12 16:23:16 +00:00
|
|
|
if t.cid == nil {
|
|
|
|
t.cid = new(cid.ID)
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var h [sha256.Size]byte
|
|
|
|
|
|
|
|
copy(h[:], id.GetValue())
|
|
|
|
t.cid.SetSHA256(h)
|
|
|
|
}
|
|
|
|
|
|
|
|
// set eacl records
|
|
|
|
v2records := table.GetRecords()
|
2022-03-11 09:02:53 +00:00
|
|
|
t.records = make([]Record, len(v2records))
|
2021-11-08 14:29:54 +00:00
|
|
|
|
|
|
|
for i := range v2records {
|
2022-03-11 09:02:53 +00:00
|
|
|
t.records[i] = *NewRecordFromV2(&v2records[i])
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return t
|
|
|
|
}
|
|
|
|
|
|
|
|
// Marshal marshals Table into a protobuf binary form.
|
|
|
|
func (t *Table) Marshal() ([]byte, error) {
|
2022-05-30 19:05:35 +00:00
|
|
|
return t.ToV2().StableMarshal(nil), nil
|
2021-11-08 14:29:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Unmarshal unmarshals protobuf binary representation of Table.
|
|
|
|
func (t *Table) Unmarshal(data []byte) error {
|
|
|
|
fV2 := new(v2acl.Table)
|
|
|
|
if err := fV2.Unmarshal(data); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-04-12 16:23:16 +00:00
|
|
|
// format checks
|
|
|
|
err := checkFormat(fV2)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-11-08 14:29:54 +00:00
|
|
|
*t = *NewTableFromV2(fV2)
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// MarshalJSON encodes Table to protobuf JSON format.
|
|
|
|
func (t *Table) MarshalJSON() ([]byte, error) {
|
|
|
|
return t.ToV2().MarshalJSON()
|
|
|
|
}
|
|
|
|
|
|
|
|
// UnmarshalJSON decodes Table from protobuf JSON format.
|
|
|
|
func (t *Table) UnmarshalJSON(data []byte) error {
|
|
|
|
tV2 := new(v2acl.Table)
|
|
|
|
if err := tV2.UnmarshalJSON(data); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-04-12 16:23:16 +00:00
|
|
|
err := checkFormat(tV2)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-11-08 14:29:54 +00:00
|
|
|
*t = *NewTableFromV2(tV2)
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2022-03-18 10:25:05 +00:00
|
|
|
|
2022-03-28 08:15:52 +00:00
|
|
|
// EqualTables compares Table with each other.
|
|
|
|
func EqualTables(t1, t2 Table) bool {
|
2022-04-12 16:23:16 +00:00
|
|
|
cID1, set1 := t1.CID()
|
|
|
|
cID2, set2 := t2.CID()
|
|
|
|
|
|
|
|
if set1 != set2 || cID1 != cID2 ||
|
2022-03-28 08:15:52 +00:00
|
|
|
!t1.Version().Equal(t2.Version()) {
|
2022-03-18 10:25:05 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-03-28 08:15:52 +00:00
|
|
|
rs1, rs2 := t1.Records(), t2.Records()
|
2022-03-18 10:25:05 +00:00
|
|
|
|
2022-03-28 08:15:52 +00:00
|
|
|
if len(rs1) != len(rs2) {
|
2022-03-18 10:25:05 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2024-09-03 10:20:30 +00:00
|
|
|
for i := range len(rs1) {
|
2022-03-28 08:15:52 +00:00
|
|
|
if !equalRecords(rs1[i], rs2[i]) {
|
2022-03-18 10:25:05 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
2022-04-12 16:23:16 +00:00
|
|
|
|
|
|
|
func checkFormat(v2 *v2acl.Table) error {
|
|
|
|
var cID cid.ID
|
|
|
|
|
|
|
|
cidV2 := v2.GetContainerID()
|
|
|
|
if cidV2 == nil {
|
2022-05-25 08:26:45 +00:00
|
|
|
return nil
|
2022-04-12 16:23:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err := cID.ReadFromV2(*cidV2)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not convert V2 container ID: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|