ape: Add container source to object policy checker

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-03-14 21:10:31 +03:00 · 2024-03-14 21:10:31 +03:00 · f41d743203
commit f41d743203
parent c6f0545298
3 changed files with 20 additions and 2 deletions
--- a/cmd/frostfs-node/object.go
+++ b/cmd/frostfs-node/object.go
@ -444,6 +444,7 @@ func createAPEService(c *cfg, splitSvc *objectService.TransportSplitter) *object
 		objectAPE.NewChecker(
 			c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.chainRouter,
 			objectAPE.NewStorageEngineHeaderProvider(c.cfgObject.cfgLocalStorage.localStorage),
+			c.cfgObject.cnrSource,
 		),
 		splitSvc,
 	)
--- a/pkg/services/object/ape/checker.go
+++ b/pkg/services/object/ape/checker.go
@ -5,23 +5,32 @@ import (
 	"fmt"

 	objectV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	containercore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 )

+type containers interface {
+	Get(cid.ID) (*containercore.Container, error)
+}
+
 type checkerImpl struct {
 	chainRouter policyengine.ChainRouter

 	headerProvider HeaderProvider
+
+	reader containers
 }

-func NewChecker(chainRouter policyengine.ChainRouter, headerProvider HeaderProvider) Checker {
+func NewChecker(chainRouter policyengine.ChainRouter, headerProvider HeaderProvider, reader containers) Checker {
 	return &checkerImpl{
 		chainRouter: chainRouter,

 		headerProvider: headerProvider,
+
+		reader: reader,
 	}
 }

--- a/pkg/services/object/ape/request.go
+++ b/pkg/services/object/ape/request.go
@ -145,11 +145,19 @@ func (c *checkerImpl) newAPERequest(ctx context.Context, prm Prm) (*request, err
 		}
 	}

+	cont, err := c.reader.Get(prm.Container)
+	if err != nil {
+		return nil, fmt.Errorf("get container: %s", err)
+	}
+
+	props := objectProperties(prm.Container, prm.Object, header)
+	props[nativeschema.PropertyKeyContainerOwnerID] = cont.Value.Owner().EncodeToString()
+
 	return &request{
 		operation: prm.Method,
 		resource: &resource{
 			name:       resourceName(prm.Container, prm.Object, prm.Namespace),
-			properties: objectProperties(prm.Container, prm.Object, header),
+			properties: props,
 		},
 		properties: map[string]string{
 			nativeschema.PropertyKeyActorPublicKey: prm.SenderKey,