achuprov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#770] node: Introduce ape chain source

Browse source 
* Provide methods to access rule chains with access
  policy engine (APE) chain source
* Initialize apeChainSource within object service
  initialization
* Share apeChainSource with control service
* Implement dummy apeChainSource instance based on
  in-memory implementation

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
Airat Arifullin 2023-10-30 16:48:02 +03:00 committed by Evgenii Stratonikov
parent 3a2c319b87
commit 5ec73fe8a0
8 changed files with 55 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cmd/frostfs-node/config.go
View file

@ -510,6 +510,11 @@ type cfgObject struct {
eaclSource container.EACLSource eaclSource container.EACLSource
// Access policy chain source is used by object service to
// check for operation permissions but this source is also shared with
// control service that dispatches local overrides.
apeChainSource container.AccessPolicyEngineChainSource
pool cfgObjectRoutines pool cfgObjectRoutines
cfgLocalStorage cfgLocalStorage cfgLocalStorage cfgLocalStorage

1
cmd/frostfs-node/control.go
View file

@ -51,6 +51,7 @@ func initControlService(c *cfg) {
controlSvc.WithTreeService(treeSynchronizer{ controlSvc.WithTreeService(treeSynchronizer{
c.treeService, c.treeService,
}), }),
controlSvc.WithAPEChainSource(c.cfgObject.apeChainSource),
) )
lis, err := net.Listen("tcp", endpoint) lis, err := net.Listen("tcp", endpoint)

2
cmd/frostfs-node/object.go
View file

@ -157,6 +157,8 @@ func initObjectService(c *cfg) {
c.replicator = createReplicator(c, keyStorage, c.bgClientCache) c.replicator = createReplicator(c, keyStorage, c.bgClientCache)
c.cfgObject.apeChainSource = NewAPESource()
addPolicer(c, keyStorage, c.bgClientCache) addPolicer(c, keyStorage, c.bgClientCache)
traverseGen := util.NewTraverserGenerator(c.netMapSource, c.cfgObject.cnrSource, c) traverseGen := util.NewTraverserGenerator(c.netMapSource, c.cfgObject.cnrSource, c)

28
cmd/frostfs-node/policy_engine.go Normal file
View file

@ -0,0 +1,28 @@
package main
import (
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
)
type apeChainSourceImpl struct {
localChainStorage map[cid.ID]policyengine.CachedChainStorage
}
func NewAPESource() container.AccessPolicyEngineChainSource {
return &apeChainSourceImpl{
localChainStorage: make(map[cid.ID]policyengine.CachedChainStorage),
}
}
var _ container.AccessPolicyEngineChainSource = (*apeChainSourceImpl)(nil)
func (c *apeChainSourceImpl) GetChainSource(cid cid.ID) (policyengine.CachedChainStorage, error) {
s, ok := c.localChainStorage[cid]
if ok {
return s, nil
}
c.localChainStorage[cid] = policyengine.NewInMemory()
return c.localChainStorage[cid], nil
}

1
go.mod
View file

@ -8,6 +8,7 @@ require (
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231101144515-6fbe1595cb3d git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231101144515-6fbe1595cb3d
git.frostfs.info/TrueCloudLab/hrw v1.2.1 git.frostfs.info/TrueCloudLab/hrw v1.2.1
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231101082425-5eee1a733432
git.frostfs.info/TrueCloudLab/tzhash v1.8.0 git.frostfs.info/TrueCloudLab/tzhash v1.8.0
github.com/cheggaaa/pb v1.0.29 github.com/cheggaaa/pb v1.0.29
github.com/chzyer/readline v1.5.1 github.com/chzyer/readline v1.5.1

BIN
go.sum
View file

Binary file not shown.

8
pkg/core/container/storage.go
View file

@ -6,6 +6,7 @@ import (
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto" frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
) )
// Container groups information about the FrostFS container stored in the FrostFS network. // Container groups information about the FrostFS container stored in the FrostFS network.
@ -70,3 +71,10 @@ type EACLSource interface {
// eACL table is not in source. // eACL table is not in source.
GetEACL(cid.ID) (*EACL, error) GetEACL(cid.ID) (*EACL, error)
} }
// AccessPolicyEngineChainSource interface provides methods to access and manipulate
// policy engine chain storage.
type AccessPolicyEngineChainSource interface {
// TODO (aarifullin): Better to use simpler interface instead CachedChainStorage.
GetChainSource(cid cid.ID) (policyengine.CachedChainStorage, error)
}

10
pkg/services/control/server/server.go
View file

@ -59,6 +59,8 @@ type cfg struct {
cnrSrc container.Source cnrSrc container.Source
apeChainSrc container.AccessPolicyEngineChainSource
replicator *replicator.Replicator replicator *replicator.Replicator
nodeState NodeState nodeState NodeState
@ -151,3 +153,11 @@ func WithTreeService(s TreeService) Option {
c.treeService = s c.treeService = s
} }
} }
// WithAPEChainSource returns the option to set access policy engine
// chain source.
func WithAPEChainSource(apeChainSrc container.AccessPolicyEngineChainSource) Option {
return func(c *cfg) {
c.apeChainSrc = apeChainSrc
}
}