package router import ( "fmt" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer" cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory" ) func newTarget(ct ape.ChainTarget) (engine.Target, error) { var target engine.Target switch ct.TargetType { case ape.TargetTypeContainer: var cid cidSDK.ID err := cid.DecodeString(ct.Name) if err != nil { return target, fmt.Errorf("invalid cid format: %s", target.Name) } target.Type = engine.Container case ape.TargetTypeGroup: target.Type = engine.Group case ape.TargetTypeNamespace: target.Type = engine.Namespace case ape.TargetTypeUser: target.Type = engine.User default: return target, fmt.Errorf("unsupported target type: %v", ct.TargetType) } target.Name = ct.Name return target, nil } // SingleUseRouterWithBearerTokenChains creates chain router with inmemory storage implementation and // fed with APE chains defined in Bearer token. func SingleUseRouterWithBearerTokenChains(overrides []bearer.APEOverride) (engine.ChainRouter, error) { storage := inmemory.NewInmemoryMorphRuleChainStorage() for _, override := range overrides { target, err := newTarget(override.Target) if err != nil { return nil, err } for i := range override.Chains { chain := new(apechain.Chain) if err := chain.DecodeBytes(override.Chains[i].Raw); err != nil { return nil, fmt.Errorf("invalid ape chain: %w", err) } _, _, _ = storage.AddMorphRuleChain(apechain.Ingress, target, chain) } } return engine.NewDefaultChainRouter(storage), nil }