[#25] engine: Refactor LocalOverrideStorage

* Make LocalOverrideStorage methods to receive Target type
  instead resource
* Refactor unit-tests and dependencies
* Make default chain router check local overrides not
  only for container but also for namespaces

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>

pkg/engine/chain_router.go

@@ -25,19 +25,36 @@ func NewDefaultChainRouterWithLocalOverrides(morph MorphRuleChainStorage, local
 }
 
 func (dr *defaultChainRouter) IsAllowed(name chain.Name, namespace string, r resource.Request) (status chain.Status, ruleFound bool, err error) {
-	if dr.local != nil {
-		var localRuleFound bool
-		status, localRuleFound, err = dr.checkLocalOverrides(name, r)
-		if err != nil {
-			return chain.NoRuleFound, false, err
-		} else if localRuleFound {
-			ruleFound = true
-			return
-		}
+	status, ruleFound, err = dr.checkLocal(name, namespace, r)
+	if err != nil {
+		return chain.NoRuleFound, false, err
+	} else if ruleFound {
+		return
 	}
 
+	status, ruleFound, err = dr.checkMorph(name, namespace, r)
+	return
+}
+
+func (dr *defaultChainRouter) checkLocal(name chain.Name, namespace string, r resource.Request) (status chain.Status, ruleFound bool, err error) {
+	if dr.local == nil {
+		return
+	}
+
+	status, ruleFound, err = dr.matchLocalOverrides(name, ContainerTarget(r.Resource().Name()), r)
+	if err != nil {
+		return chain.NoRuleFound, false, err
+	} else if ruleFound {
+		return
+	}
+
+	status, ruleFound, err = dr.matchLocalOverrides(name, NamespaceTarget(namespace), r)
+	return
+}
+
+func (dr *defaultChainRouter) checkMorph(name chain.Name, namespace string, r resource.Request) (status chain.Status, ruleFound bool, err error) {
 	var namespaceRuleFound bool
-	status, namespaceRuleFound, err = dr.checkNamespaceChains(name, namespace, r)
+	status, namespaceRuleFound, err = dr.matchMorphRuleChains(name, NamespaceTarget(namespace), r)
 	if err != nil {
 		return
 	} else if namespaceRuleFound && status != chain.Allow {
@@ -46,7 +63,7 @@ func (dr *defaultChainRouter) IsAllowed(name chain.Name, namespace string, r res
 	}
 
 	var cnrRuleFound bool
-	status, cnrRuleFound, err = dr.checkContainerChains(name, r.Resource().Name(), r)
+	status, cnrRuleFound, err = dr.matchMorphRuleChains(name, ContainerTarget(r.Resource().Name()), r)
 	if err != nil {
 		return
 	} else if cnrRuleFound && status != chain.Allow {
@@ -61,8 +78,8 @@ func (dr *defaultChainRouter) IsAllowed(name chain.Name, namespace string, r res
 	return
 }
 
-func (dr *defaultChainRouter) checkLocalOverrides(name chain.Name, r resource.Request) (status chain.Status, ruleFound bool, err error) {
-	localOverrides, err := dr.local.ListOverrides(name, r.Resource().Name())
+func (dr *defaultChainRouter) matchLocalOverrides(name chain.Name, target Target, r resource.Request) (status chain.Status, ruleFound bool, err error) {
+	localOverrides, err := dr.local.ListOverrides(name, target)
 	if err != nil {
 		return
 	}
@@ -74,8 +91,8 @@ func (dr *defaultChainRouter) checkLocalOverrides(name chain.Name, r resource.Re
 	return
 }
 
-func (dr *defaultChainRouter) checkNamespaceChains(name chain.Name, namespace string, r resource.Request) (status chain.Status, ruleFound bool, err error) {
-	namespaceChains, err := dr.morph.ListMorphRuleChains(name, NamespaceTarget(namespace))
+func (dr *defaultChainRouter) matchMorphRuleChains(name chain.Name, target Target, r resource.Request) (status chain.Status, ruleFound bool, err error) {
+	namespaceChains, err := dr.morph.ListMorphRuleChains(name, target)
 	if err != nil {
 		return
 	}
@@ -86,16 +103,3 @@ func (dr *defaultChainRouter) checkNamespaceChains(name chain.Name, namespace st
 	}
 	return
 }
-
-func (dr *defaultChainRouter) checkContainerChains(name chain.Name, container string, r resource.Request) (status chain.Status, ruleFound bool, err error) {
-	containerChains, err := dr.morph.ListMorphRuleChains(name, ContainerTarget(container))
-	if err != nil {
-		return
-	}
-	for _, c := range containerChains {
-		if status, ruleFound = c.Match(r); ruleFound {
-			return
-		}
-	}
-	return
-}