[#XX] Test policy engine check

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

go.mod

@@ -8,7 +8,7 @@ require (
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
 	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1
-	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231115094736-5db67021e10f
+	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231128145636-a0a35bf4bf31
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0
 	github.com/cheggaaa/pb v1.0.29
 	github.com/chzyer/readline v1.5.1

pkg/services/control/server/policy_engine.go

@@ -8,7 +8,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	engine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
+	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -37,10 +37,8 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
 
 	s.apeChainCounter.Add(1)
 	// TODO (aarifullin): the such chain id is not well-designed yet.
-	chain.ID = apechain.ID(fmt.Sprintf("%s:%d", apechain.Ingress, s.apeChainCounter.Load()))
 
-	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	if _, err = src.LocalStorage().AddOverride(apechain.Ingress, resource, &chain); err != nil {
+	if err = src.MorphRuleChainStorage().AddMorphRuleChain(apechain.Ingress, engine.NamespaceTarget(""), &chain); err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
 
@@ -144,8 +142,8 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	if err = src.LocalStorage().RemoveOverride(apechain.Ingress, resource, apechain.ID(req.GetBody().GetChainId())); err != nil {
+	//resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
+	if err = src.MorphRuleChainStorage().RemoveMorphRuleChain(apechain.Ingress, engine.NamespaceTarget(""), apechain.ID(req.GetBody().GetChainId())); err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
 	resp := &control.RemoveChainLocalOverrideResponse{

pkg/services/object/acl/ape.go

@@ -8,6 +8,7 @@ import (
 	v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 )
 
@@ -26,7 +27,8 @@ func NewAPEChecker(log *logger.Logger, apeSrc container.AccessPolicyEngineChainS
 }
 
 func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
-	cnr := reqInfo.ContainerID()
+	//cnr := reqInfo.ContainerID()
+	var cnr cid.ID
 
 	chainCache, err := c.apeSrc.GetChainSource(cnr)
 	if err != nil {

pkg/services/object/acl/ape_request.go

@@ -1,6 +1,7 @@
 package acl
 
 import (
+	"encoding/hex"
 	"fmt"
 
 	v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
@@ -40,15 +41,21 @@ func getResource(reqInfo v2.RequestInfo) *resource {
 	} else {
 		name = fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
 	}
+
+	properties := make(map[string]string, len(reqInfo.ObjectAttributes()))
+	for _, attr := range reqInfo.ObjectAttributes() {
+		properties[attr.GetKey()] = attr.GetValue()
+	}
+
 	return &resource{
 		name:       name,
-		properties: make(map[string]string),
+		properties: properties,
 	}
 }
 
-func getProperties(_ v2.RequestInfo) map[string]string {
+func getProperties(reqInfo v2.RequestInfo) map[string]string {
 	return map[string]string{
-		nativeschema.PropertyKeyActorPublicKey: "",
+		nativeschema.PropertyKeyActorPublicKey: hex.EncodeToString(reqInfo.SenderKey()),
 		nativeschema.PropertyKeyActorRole:      "",
 	}
 }

pkg/services/object/acl/v2/request.go

@@ -4,6 +4,7 @@ import (
 	"crypto/ecdsa"
 	"fmt"
 
+	objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
 	sessionV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
@@ -28,6 +29,8 @@ type RequestInfo struct {
 	// e.g. Put, Search
 	obj *oid.ID
 
+	objectAttributes []objectv2.Attribute
+
 	senderKey []byte
 
 	bearer *bearer.Token // bearer token of request
@@ -67,6 +70,11 @@ func (r RequestInfo) ContainerID() cid.ID {
 	return r.idCnr
 }
 
+// ObjectAttributes return object attributes.
+func (r RequestInfo) ObjectAttributes() []objectv2.Attribute {
+	return r.objectAttributes
+}
+
 // CleanBearer forces cleaning bearer token information.
 func (r *RequestInfo) CleanBearer() {
 	r.bearer = nil

pkg/services/object/acl/v2/service.go

@@ -566,6 +566,8 @@ func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRe
 
 		reqInfo.obj = obj
 
+		reqInfo.objectAttributes = part.GetHeader().GetAttributes()
+
 		if err := p.source.apeChecker.CheckIfRequestPermitted(reqInfo); err != nil {
 			return err
 		}