[#1157] ape: Introduce single-run chain router

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
Anton Nikiforov 2024-06-03 15:32:54 +03:00 committed by Evgenii Stratonikov
parent a90310335d
commit 4edff5eea6

View file

@ -0,0 +1,55 @@
package router
import (
"fmt"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory"
)
func newTarget(ct ape.ChainTarget) (engine.Target, error) {
var target engine.Target
switch ct.TargetType {
case ape.TargetTypeContainer:
var cid cidSDK.ID
err := cid.DecodeString(ct.Name)
if err != nil {
return target, fmt.Errorf("invalid cid format: %s", target.Name)
}
target.Type = engine.Container
case ape.TargetTypeGroup:
target.Type = engine.Group
case ape.TargetTypeNamespace:
target.Type = engine.Namespace
case ape.TargetTypeUser:
target.Type = engine.User
default:
return target, fmt.Errorf("unsupported target type: %v", ct.TargetType)
}
target.Name = ct.Name
return target, nil
}
// SingleUseRouterWithBearerTokenChains creates chain router with inmemory storage implementation and
// fed with APE chains defined in Bearer token.
func SingleUseRouterWithBearerTokenChains(overrides []bearer.APEOverride) (engine.ChainRouter, error) {
storage := inmemory.NewInmemoryMorphRuleChainStorage()
for _, override := range overrides {
target, err := newTarget(override.Target)
if err != nil {
return nil, err
}
for i := range override.Chains {
chain := new(apechain.Chain)
if err := chain.DecodeBytes(override.Chains[i].Raw); err != nil {
return nil, fmt.Errorf("invalid ape chain: %w", err)
}
_, _, _ = storage.AddMorphRuleChain(apechain.Ingress, target, chain)
}
}
return engine.NewDefaultChainRouter(storage), nil
}