acl: reorganize files

This commit is contained in:
Pavel Korotkov 2020-07-07 19:44:09 +03:00
parent 0db55d31ae
commit d0f56e5044
6 changed files with 121 additions and 362 deletions

View file

@ -1,38 +0,0 @@
package acl
// RequestInfo is an interface of request information needed for extended ACL check.
type RequestInfo interface {
TypedHeaderSource
// Must return the binary representation of request initiator's key.
Key() []byte
// Must return true if request corresponds to operation type.
TypeOf(OperationType) bool
// Must return true if request has passed target.
TargetOf(Target) bool
}
// ExtendedACLChecker is an interface of extended ACL checking tool.
type ExtendedACLChecker interface {
// Must return an action according to the results of applying the ACL table rules to request.
//
// Must return ActionUndefined if it is unable to explicitly calculate the action.
Action(ExtendedACLTable, RequestInfo) ExtendedACLAction
}
type extendedACLChecker struct{}
const (
// ActionUndefined is ExtendedACLAction used to mark value as undefined.
// Most of the tools consider ActionUndefined as incalculable.
// Using ActionUndefined in ExtendedACLRecord is unsafe.
ActionUndefined ExtendedACLAction = iota
// ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule.
ActionAllow
// ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule.
ActionDeny
)

View file

@ -1,290 +0,0 @@
package acl
import (
"strconv"
"github.com/nspcc-dev/neofs-api-go/object"
"github.com/nspcc-dev/neofs-api-go/service"
)
type objectHeaderSource struct {
obj *object.Object
}
type typedHeader struct {
n string
v string
t HeaderType
}
type extendedHeadersWrapper struct {
hdrSrc service.ExtendedHeadersSource
}
type typedExtendedHeader struct {
hdr service.ExtendedHeader
}
const (
_ HeaderType = iota
// HdrTypeRequest is a HeaderType for request header.
HdrTypeRequest
// HdrTypeObjSys is a HeaderType for system headers of object.
HdrTypeObjSys
// HdrTypeObjUsr is a HeaderType for user headers of object.
HdrTypeObjUsr
)
const (
// HdrObjSysNameID is a name of ID field in system header of object.
HdrObjSysNameID = "ID"
// HdrObjSysNameCID is a name of CID field in system header of object.
HdrObjSysNameCID = "CID"
// HdrObjSysNameOwnerID is a name of OwnerID field in system header of object.
HdrObjSysNameOwnerID = "OWNER_ID"
// HdrObjSysNameVersion is a name of Version field in system header of object.
HdrObjSysNameVersion = "VERSION"
// HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object.
HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH"
// HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object.
HdrObjSysNameCreatedUnix = "CREATED_UNIX"
// HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object.
HdrObjSysNameCreatedEpoch = "CREATED_EPOCH"
// HdrObjSysLinkPrev is a name of previous link header in extended headers of object.
HdrObjSysLinkPrev = "LINK_PREV"
// HdrObjSysLinkNext is a name of next link header in extended headers of object.
HdrObjSysLinkNext = "LINK_NEXT"
// HdrObjSysLinkChild is a name of child link header in extended headers of object.
HdrObjSysLinkChild = "LINK_CHILD"
// HdrObjSysLinkPar is a name of parent link header in extended headers of object.
HdrObjSysLinkPar = "LINK_PAR"
// HdrObjSysLinkSG is a name of storage group link header in extended headers of object.
HdrObjSysLinkSG = "LINK_SG"
)
func newTypedHeader(name, value string, typ HeaderType) TypedHeader {
return &typedHeader{
n: name,
v: value,
t: typ,
}
}
// Name is a name field getter.
func (s typedHeader) Name() string {
return s.n
}
// Value is a value field getter.
func (s typedHeader) Value() string {
return s.v
}
// HeaderType is a type field getter.
func (s typedHeader) HeaderType() HeaderType {
return s.t
}
// TypedHeaderSourceFromObject wraps passed object and returns TypedHeaderSource interface.
func TypedHeaderSourceFromObject(obj *object.Object) TypedHeaderSource {
return &objectHeaderSource{
obj: obj,
}
}
// HeaderOfType gathers object headers of passed type and returns Header list.
//
// If value of some header can not be calculated (e.g. nil extended header), it does not appear in list.
//
// Always returns true.
func (s objectHeaderSource) HeadersOfType(typ HeaderType) ([]Header, bool) {
if s.obj == nil {
return nil, true
}
var res []Header
switch typ {
case HdrTypeObjUsr:
objHeaders := s.obj.GetHeaders()
res = make([]Header, 0, len(objHeaders)) // 7 system header fields
for _, extHdr := range objHeaders {
if h := newTypedObjectExtendedHeader(extHdr); h != nil {
res = append(res, h)
}
}
case HdrTypeObjSys:
res = make([]Header, 0, 7)
sysHdr := s.obj.GetSystemHeader()
// ID
res = append(res, newTypedHeader(
HdrObjSysNameID,
sysHdr.ID.String(),
HdrTypeObjSys),
)
// CID
res = append(res, newTypedHeader(
HdrObjSysNameCID,
sysHdr.CID.String(),
HdrTypeObjSys),
)
// OwnerID
res = append(res, newTypedHeader(
HdrObjSysNameOwnerID,
sysHdr.OwnerID.String(),
HdrTypeObjSys),
)
// Version
res = append(res, newTypedHeader(
HdrObjSysNameVersion,
strconv.FormatUint(sysHdr.GetVersion(), 10),
HdrTypeObjSys),
)
// PayloadLength
res = append(res, newTypedHeader(
HdrObjSysNamePayloadLength,
strconv.FormatUint(sysHdr.GetPayloadLength(), 10),
HdrTypeObjSys),
)
created := sysHdr.GetCreatedAt()
// CreatedAt.UnitTime
res = append(res, newTypedHeader(
HdrObjSysNameCreatedUnix,
strconv.FormatUint(uint64(created.GetUnixTime()), 10),
HdrTypeObjSys),
)
// CreatedAt.Epoch
res = append(res, newTypedHeader(
HdrObjSysNameCreatedEpoch,
strconv.FormatUint(created.GetEpoch(), 10),
HdrTypeObjSys),
)
}
return res, true
}
func newTypedObjectExtendedHeader(h object.Header) TypedHeader {
val := h.GetValue()
if val == nil {
return nil
}
res := new(typedHeader)
res.t = HdrTypeObjSys
switch hdr := val.(type) {
case *object.Header_UserHeader:
if hdr.UserHeader == nil {
return nil
}
res.t = HdrTypeObjUsr
res.n = hdr.UserHeader.GetKey()
res.v = hdr.UserHeader.GetValue()
case *object.Header_Link:
if hdr.Link == nil {
return nil
}
switch hdr.Link.GetType() {
case object.Link_Previous:
res.n = HdrObjSysLinkPrev
case object.Link_Next:
res.n = HdrObjSysLinkNext
case object.Link_Child:
res.n = HdrObjSysLinkChild
case object.Link_Parent:
res.n = HdrObjSysLinkPar
case object.Link_StorageGroup:
res.n = HdrObjSysLinkSG
default:
return nil
}
res.v = hdr.Link.ID.String()
default:
return nil
}
return res
}
// TypedHeaderSourceFromExtendedHeaders wraps passed ExtendedHeadersSource and returns TypedHeaderSource interface.
func TypedHeaderSourceFromExtendedHeaders(hdrSrc service.ExtendedHeadersSource) TypedHeaderSource {
return &extendedHeadersWrapper{
hdrSrc: hdrSrc,
}
}
// Name returns the result of Key method.
func (s typedExtendedHeader) Name() string {
return s.hdr.Key()
}
// Value returns the result of Value method.
func (s typedExtendedHeader) Value() string {
return s.hdr.Value()
}
// HeaderType always returns HdrTypeRequest.
func (s typedExtendedHeader) HeaderType() HeaderType {
return HdrTypeRequest
}
// TypedHeaders gathers extended request headers and returns TypedHeader list.
//
// Nil headers are ignored.
//
// Always returns true.
func (s extendedHeadersWrapper) HeadersOfType(typ HeaderType) ([]Header, bool) {
if s.hdrSrc == nil {
return nil, true
}
var res []Header
switch typ {
case HdrTypeRequest:
hs := s.hdrSrc.ExtendedHeaders()
res = make([]Header, 0, len(hs))
for i := range hs {
if hs[i] == nil {
continue
}
res = append(res, &typedExtendedHeader{
hdr: hs[i],
})
}
}
return res, true
}

View file

@ -1,29 +0,0 @@
package acl
const (
_ MatchType = iota
StringEqual
StringNotEqual
)
// Maps MatchType to corresponding function.
// 1st argument of function - header value, 2nd - header filter.
var mMatchFns = map[MatchType]func(Header, Header) bool{
StringEqual: stringEqual,
StringNotEqual: stringNotEqual,
}
const (
mResUndefined = iota
mResMatch
mResMismatch
)
func stringEqual(header, filter Header) bool {
return header.Value() == filter.Value()
}
func stringNotEqual(header, filter Header) bool {
return header.Value() != filter.Value()
}

View file

@ -1,5 +1,121 @@
package acl
import (
"github.com/nspcc-dev/neofs-api-go/object"
"github.com/nspcc-dev/neofs-api-go/service"
)
const (
_ MatchType = iota
stringEqual
stringNotEqual
)
const (
// ActionUndefined is ExtendedACLAction used to mark value as undefined.
// Most of the tools consider ActionUndefined as incalculable.
// Using ActionUndefined in ExtendedACLRecord is unsafe.
ActionUndefined ExtendedACLAction = iota
// ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule.
ActionAllow
// ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule.
ActionDeny
)
const (
_ HeaderType = iota
// HdrTypeRequest is a HeaderType for request header.
HdrTypeRequest
// HdrTypeObjSys is a HeaderType for system headers of object.
HdrTypeObjSys
// HdrTypeObjUsr is a HeaderType for user headers of object.
HdrTypeObjUsr
)
const (
// HdrObjSysNameID is a name of ID field in system header of object.
HdrObjSysNameID = "ID"
// HdrObjSysNameCID is a name of CID field in system header of object.
HdrObjSysNameCID = "CID"
// HdrObjSysNameOwnerID is a name of OwnerID field in system header of object.
HdrObjSysNameOwnerID = "OWNER_ID"
// HdrObjSysNameVersion is a name of Version field in system header of object.
HdrObjSysNameVersion = "VERSION"
// HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object.
HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH"
// HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object.
HdrObjSysNameCreatedUnix = "CREATED_UNIX"
// HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object.
HdrObjSysNameCreatedEpoch = "CREATED_EPOCH"
// HdrObjSysLinkPrev is a name of previous link header in extended headers of object.
HdrObjSysLinkPrev = "LINK_PREV"
// HdrObjSysLinkNext is a name of next link header in extended headers of object.
HdrObjSysLinkNext = "LINK_NEXT"
// HdrObjSysLinkChild is a name of child link header in extended headers of object.
HdrObjSysLinkChild = "LINK_CHILD"
// HdrObjSysLinkPar is a name of parent link header in extended headers of object.
HdrObjSysLinkPar = "LINK_PAR"
// HdrObjSysLinkSG is a name of storage group link header in extended headers of object.
HdrObjSysLinkSG = "LINK_SG"
)
type objectHeaderSource struct {
obj *object.Object
}
type typedHeader struct {
n string
v string
t HeaderType
}
type extendedHeadersWrapper struct {
hdrSrc service.ExtendedHeadersSource
}
type typedExtendedHeader struct {
hdr service.ExtendedHeader
}
func newTypedHeader(name, value string, typ HeaderType) TypedHeader {
return &typedHeader{
n: name,
v: value,
t: typ,
}
}
// Name is a name field getter.
func (s typedHeader) Name() string {
return s.n
}
// Value is a value field getter.
func (s typedHeader) Value() string {
return s.v
}
// HeaderType is a type field getter.
func (s typedHeader) HeaderType() HeaderType {
return s.t
}
// SetMatchType is MatchType field setter.
func (m *EACLRecord_FilterInfo) SetMatchType(v EACLRecord_FilterInfo_MatchType) {
m.MatchType = v

View file

@ -83,9 +83,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) {
if s.filter != nil {
switch s.filter.GetMatchType() {
case EACLRecord_FilterInfo_StringEqual:
res = StringEqual
res = stringEqual
case EACLRecord_FilterInfo_StringNotEqual:
res = StringNotEqual
res = stringNotEqual
}
}
@ -102,9 +102,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) {
func (s EACLFilterWrapper) SetMatchType(v MatchType) {
if s.filter != nil {
switch v {
case StringEqual:
case stringEqual:
s.filter.SetMatchType(EACLRecord_FilterInfo_StringEqual)
case StringNotEqual:
case stringNotEqual:
s.filter.SetMatchType(EACLRecord_FilterInfo_StringNotEqual)
default:
s.filter.SetMatchType(EACLRecord_FilterInfo_MatchUnknown)

View file

@ -9,7 +9,7 @@ import (
func TestEACLFilterWrapper(t *testing.T) {
s := WrapFilterInfo(nil)
mt := StringEqual
mt := stringEqual
s.SetMatchType(mt)
require.Equal(t, mt, s.MatchType())