forked from TrueCloudLab/frostfs-s3-gw
[#360] Reuse single target during policy check
Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin <a.vanin@yadro.com>
This commit is contained in:
parent
b7e15402a1
commit
65a8e2dadc
1 changed files with 10 additions and 16 deletions
|
@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
|
|||
}
|
||||
|
||||
reqInfo := GetReqInfo(r.Context())
|
||||
targets := []engine.RequestTarget{
|
||||
engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
|
||||
}
|
||||
target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
|
||||
if bktInfo != nil {
|
||||
targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString()))
|
||||
cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
|
||||
target.Container = &cnrTarget
|
||||
}
|
||||
|
||||
st := chain.NoRuleFound
|
||||
for _, target := range targets {
|
||||
status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if found {
|
||||
st = status
|
||||
if status != chain.Allow {
|
||||
break
|
||||
}
|
||||
}
|
||||
st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !found {
|
||||
st = chain.NoRuleFound
|
||||
}
|
||||
|
||||
switch {
|
||||
|
|
Loading…
Reference in a new issue