[#7] engine: Revise CachedChainStorage interface

* Nuke out CachedChainStorage interface * Introduce LocalOverrideStorage interface to manage local overrides * Introduce MorphRuleChainStorage interface to manage chains in the policy contract * Extend Engine interface Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2023-11-07 21:29:51 +03:00 · 2023-11-07 21:29:51 +03:00 · 17453d3cda
commit 17453d3cda
parent a08f600d97
9 changed files with 633 additions and 150 deletions
--- a/pkg/engine/interface.go
+++ b/pkg/engine/interface.go
@ -5,26 +5,74 @@ import (
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource"
 )

-// Engine ...
-type Engine interface {
+type ChainRouter interface {
 	// IsAllowed returns status for the operation after all checks.
 	// The second return value signifies whether a matching rule was found.
-	IsAllowed(name chain.Name, namespace string, r resource.Request) (chain.Status, bool)
+	IsAllowed(name chain.Name, target string, r resource.Request) (status chain.Status, found bool, err error)
 }

-// CachedChainStorage ...
-type CachedChainStorage interface {
-	Engine
-	// Adds a policy chain used for all operations with a specific resource.
-	AddResourceChain(name chain.Name, resource string, c *chain.Chain)
-	// Adds a policy chain used for all operations in the namespace.
-	AddNameSpaceChain(name chain.Name, namespace string, c *chain.Chain)
-	// Adds a local policy chain used for all operations with this service.
-	AddOverride(name chain.Name, c *chain.Chain)
-	// Gets the local override with given chain id.
-	GetOverride(name chain.Name, chainID chain.ID) (chain *chain.Chain, found bool)
-	// Remove the local override with given chain id.
-	RemoveOverride(name chain.Name, chainID chain.ID) (removed bool)
-	// ListOverrides returns the list of local overrides.
-	ListOverrides(name chain.Name) []*chain.Chain
+// LocalOverrideStorage is the interface to manage local overrides defined
+// for a node. Local overrides have a higher priority than chains got from morph storage.
+type LocalOverrideStorage interface {
+	AddOverride(name chain.Name, resource string, c *chain.Chain) (chain.ID, error)
+
+	GetOverride(name chain.Name, resource string, chainID chain.ID) (*chain.Chain, error)
+
+	RemoveOverride(name chain.Name, resource string, chainID chain.ID) error
+
+	ListOverrides(name chain.Name, resource string) ([]*chain.Chain, error)
+
+	DropAllOverrides(name chain.Name) error
+}
+
+type TargetType rune
+
+const (
+	Namespace TargetType = 'n'
+	Container TargetType = 'c'
+)
+
+type Target struct {
+	Type TargetType
+	Name string
+}
+
+func NamespaceTarget(namespace string) Target {
+	return Target{
+		Type: Namespace,
+		Name: namespace,
+	}
+}
+
+func ContainerTarget(container string) Target {
+	return Target{
+		Type: Container,
+		Name: container,
+	}
+}
+
+// MorphRuleChainStorage is the interface to manage chains from the chain storage.
+// Basically, this implies that the storage manages rules stored in policy contract.
+type MorphRuleChainStorage interface {
+	AddMorphRuleChain(name chain.Name, target Target, c *chain.Chain) error
+
+	RemoveMorphRuleChain(name chain.Name, target Target, chainID chain.ID) error
+
+	ListMorphRuleChains(name chain.Name, target Target) ([]*chain.Chain, error)
+}
+
+// Engine is the interface that provides methods to check request permissions checking
+// chain rules from morph client - this implies using the policy contract.
+type Engine interface {
+	ChainRouter
+
+	MorphRuleChainStorage() MorphRuleChainStorage
+}
+
+// LocalOverrideEngine is extended Engine that also provides methods to manage a local
+// chain rule storage. Local overrides must have the highest priority during request checking.
+type LocalOverrideEngine interface {
+	Engine
+
+	LocalStorage() LocalOverrideStorage
 }