From 0e69e485115a92c0f71611e14a546a8d7c5911ae Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Tue, 9 Apr 2024 18:10:56 +0300 Subject: [PATCH] [#64] engine: Add user and group targets Signed-off-by: Evgenii Stratonikov --- pkg/engine/inmemory/morph_storage.go | 8 ++-- pkg/engine/interface.go | 42 +++++++++++++++++++++ pkg/morph/policy/policy_contract_storage.go | 12 ++++-- 3 files changed, 55 insertions(+), 7 deletions(-) diff --git a/pkg/engine/inmemory/morph_storage.go b/pkg/engine/inmemory/morph_storage.go index 53922a6..4aa96e0 100644 --- a/pkg/engine/inmemory/morph_storage.go +++ b/pkg/engine/inmemory/morph_storage.go @@ -21,7 +21,7 @@ func NewInmemoryMorphRuleChainStorage() engine.MorphRuleChainStorage { func (s *inmemoryMorphRuleChainStorage) AddMorphRuleChain(name chain.Name, target engine.Target, c *chain.Chain) (_ util.Uint256, _ uint32, err error) { switch target.Type { - case engine.Namespace, engine.Container: + case engine.Namespace, engine.Container, engine.User, engine.Group: _, err = s.storage.AddOverride(name, target, c) default: err = engine.ErrUnknownTarget @@ -31,7 +31,7 @@ func (s *inmemoryMorphRuleChainStorage) AddMorphRuleChain(name chain.Name, targe func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChain(name chain.Name, target engine.Target, chainID chain.ID) (_ util.Uint256, _ uint32, err error) { switch target.Type { - case engine.Namespace, engine.Container: + case engine.Namespace, engine.Container, engine.User, engine.Group: err = s.storage.RemoveOverride(name, target, chainID) default: err = engine.ErrUnknownTarget @@ -41,7 +41,7 @@ func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChain(name chain.Name, ta func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChainsByTarget(name chain.Name, target engine.Target) (_ util.Uint256, _ uint32, err error) { switch target.Type { - case engine.Namespace, engine.Container: + case engine.Namespace, engine.Container, engine.User, engine.Group: err = s.storage.RemoveOverridesByTarget(name, target) default: err = engine.ErrUnknownTarget @@ -51,7 +51,7 @@ func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChainsByTarget(name chain func (s *inmemoryMorphRuleChainStorage) ListMorphRuleChains(name chain.Name, target engine.Target) ([]*chain.Chain, error) { switch target.Type { - case engine.Namespace, engine.Container: + case engine.Namespace, engine.Container, engine.User, engine.Group: return s.storage.ListOverrides(name, target) default: } diff --git a/pkg/engine/interface.go b/pkg/engine/interface.go index 71c89e4..ab026b3 100644 --- a/pkg/engine/interface.go +++ b/pkg/engine/interface.go @@ -37,6 +37,8 @@ type TargetType rune const ( Namespace TargetType = 'n' Container TargetType = 'c' + User TargetType = 'u' + Group TargetType = 'g' ) type Target struct { @@ -48,6 +50,8 @@ type Target struct { type RequestTarget struct { Namespace *Target Container *Target + User *Target + Groups []Target } func NewRequestTargetWithNamespace(namespace string) RequestTarget { @@ -73,6 +77,24 @@ func NewRequestTarget(namespace, container string) RequestTarget { } } +func NewRequestTargetExtended(namespace, container, user string, groups []string) RequestTarget { + nt := NamespaceTarget(namespace) + ct := ContainerTarget(container) + u := UserTarget(user) + rt := RequestTarget{ + Namespace: &nt, + Container: &ct, + User: &u, + } + if len(groups) != 0 { + rt.Groups = make([]Target, len(groups)) + for i := range groups { + rt.Groups[i] = GroupTarget(groups[i]) + } + } + return rt +} + func (rt *RequestTarget) Targets() (targets []Target) { if rt.Namespace != nil { targets = append(targets, *rt.Namespace) @@ -80,6 +102,12 @@ func (rt *RequestTarget) Targets() (targets []Target) { if rt.Container != nil { targets = append(targets, *rt.Container) } + if rt.User != nil { + targets = append(targets, *rt.User) + } + if len(rt.Groups) != 0 { + targets = append(targets, rt.Groups...) + } return } @@ -97,6 +125,20 @@ func ContainerTarget(container string) Target { } } +func UserTarget(user string) Target { + return Target{ + Type: User, + Name: user, + } +} + +func GroupTarget(group string) Target { + return Target{ + Type: Group, + Name: group, + } +} + // MorphRuleChainStorageReader is the interface that provides read-only methods to receive // data like chains, target or admin from a chain storage. type MorphRuleChainStorageReader interface { diff --git a/pkg/morph/policy/policy_contract_storage.go b/pkg/morph/policy/policy_contract_storage.go index 3d18f56..d120988 100644 --- a/pkg/morph/policy/policy_contract_storage.go +++ b/pkg/morph/policy/policy_contract_storage.go @@ -205,10 +205,16 @@ func prefixedChainName(name chain.Name, chainID chain.ID) []byte { } func policyKind(typ engine.TargetType) (policy.Kind, error) { - if typ == engine.Namespace { + switch typ { + case engine.Namespace: return policy.Namespace, nil - } else if typ == engine.Container { + case engine.Container: return policy.Container, nil + case engine.User: + return policy.Kind(engine.User), nil + case engine.Group: + return policy.Kind(engine.Group), nil + default: + return policy.Kind(0), ErrEngineTargetTypeUnsupported } - return policy.Kind(0), ErrEngineTargetTypeUnsupported }