forked from TrueCloudLab/frostfs-node
[#1574] ape: Extend ChainRouterError
* Introduce new fields and getters for them; * Fix `CheckAPE` in `checkerCoreImpl` at `newChainRouterError`. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
00faa9f854
commit
b83bce1435
2 changed files with 25 additions and 9 deletions
|
|
@ -104,7 +104,7 @@ func (c *checkerCoreImpl) CheckAPE(ctx context.Context, prm CheckPrm) error {
|
|||
if found && status == apechain.Allow {
|
||||
return nil
|
||||
}
|
||||
return newChainRouterError(prm.Request.Operation(), status)
|
||||
return newChainRouterError(rt, prm.Request, status)
|
||||
}
|
||||
|
||||
// isValidBearer checks whether bearer token was correctly signed by authorized
|
||||
|
|
|
|||
|
|
@ -3,31 +3,47 @@ package ape
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
aperequest "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/ape/request"
|
||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||
policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
||||
)
|
||||
|
||||
// ChainRouterError is returned when chain router validation prevents
|
||||
// the APE request from being processed (no rule found, access denied, etc.).
|
||||
type ChainRouterError struct {
|
||||
operation string
|
||||
status apechain.Status
|
||||
target policyengine.RequestTarget
|
||||
request aperequest.Request
|
||||
status apechain.Status
|
||||
}
|
||||
|
||||
func (e *ChainRouterError) Error() string {
|
||||
return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Operation(), e.Status())
|
||||
return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Request().Operation(), e.Status())
|
||||
}
|
||||
|
||||
func (e *ChainRouterError) Operation() string {
|
||||
return e.operation
|
||||
func (e *ChainRouterError) Target() policyengine.RequestTarget {
|
||||
return e.target
|
||||
}
|
||||
|
||||
func (e *ChainRouterError) Request() aperequest.Request {
|
||||
return e.request
|
||||
}
|
||||
|
||||
func (e *ChainRouterError) Resource() aperequest.Resource {
|
||||
res, ok := e.request.Resource().(*aperequest.Resource)
|
||||
if !ok {
|
||||
return aperequest.Resource{}
|
||||
}
|
||||
return *res
|
||||
}
|
||||
|
||||
func (e *ChainRouterError) Status() apechain.Status {
|
||||
return e.status
|
||||
}
|
||||
|
||||
func newChainRouterError(operation string, status apechain.Status) *ChainRouterError {
|
||||
func newChainRouterError(target policyengine.RequestTarget, request aperequest.Request, status apechain.Status) *ChainRouterError {
|
||||
return &ChainRouterError{
|
||||
operation: operation,
|
||||
status: status,
|
||||
target: target,
|
||||
request: request,
|
||||
status: status,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue