package control import ( "bytes" "crypto/sha256" "encoding/json" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util" commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "github.com/spf13/cobra" ) const ( ruleFlag = "rule" ) var addRuleCmd = &cobra.Command{ Use: "add-rule", Short: "Add local override", Long: "Add local APE rule to a node with following format:\n[:action_detail] [ ...] ", Example: `allow Object.Get * deny Object.Get EbxzAdz5LB4uqxuz6crWKAumBNtZyK2rKsqQP7TdZvwr/* deny:QuotaLimitReached Object.Put Object.Resource:Department=HR * `, Run: addRule, } func prettyJSONFormat(cmd *cobra.Command, serializedChain []byte) string { wr := bytes.NewBufferString("") err := json.Indent(wr, serializedChain, "", " ") commonCmd.ExitOnErr(cmd, "%w", err) return wr.String() } func addRule(cmd *cobra.Command, _ []string) { pk := key.Get(cmd) chainID, _ := cmd.Flags().GetString(chainIDFlag) var cnr cid.ID cidStr, _ := cmd.Flags().GetString(commonflags.CIDFlag) commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(cidStr)) rawCID := make([]byte, sha256.Size) cnr.Encode(rawCID) rule, _ := cmd.Flags().GetString(ruleFlag) chain := new(apechain.Chain) commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, []string{rule})) chain.ID = apechain.ID(chainID) serializedChain := chain.Bytes() cmd.Println("Container ID: " + cidStr) cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain)) req := &control.AddChainLocalOverrideRequest{ Body: &control.AddChainLocalOverrideRequest_Body{ Target: &control.ChainTarget{ Type: control.ChainTarget_CONTAINER, Name: cidStr, }, Chain: serializedChain, }, } signRequest(cmd, pk, req) cli := getClient(cmd, pk) var resp *control.AddChainLocalOverrideResponse var err error err = cli.ExecRaw(func(client *client.Client) error { resp, err = control.AddChainLocalOverride(client, req) return err }) commonCmd.ExitOnErr(cmd, "rpc error: %w", err) verifyResponse(cmd, resp.GetSignature(), resp.GetBody()) cmd.Println("Rule has been added. Chain id: ", resp.GetBody().GetChainId()) } func initControlAddRuleCmd() { initControlFlags(addRuleCmd) ff := addRuleCmd.Flags() ff.String(commonflags.CIDFlag, "", commonflags.CIDFlagUsage) ff.String(ruleFlag, "", "Rule statement") ff.String(chainIDFlag, "", "Assign ID to the parsed chain") }