package control import ( "bytes" "crypto/sha256" "encoding/hex" "encoding/json" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util" commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common" "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "github.com/spf13/cobra" ) const ( ruleFlag = "rule" ) var addRuleCmd = &cobra.Command{ Use: "add-rule", Short: "Add local override", Long: "Add local APE rule to a node with following format:\n[:action_detail] [ ...] ", Example: `allow Object.Get * deny Object.Get EbxzAdz5LB4uqxuz6crWKAumBNtZyK2rKsqQP7TdZvwr/* deny:QuotaLimitReached Object.Put Object.Resource:Department=HR * `, Run: addRule, } func prettyJSONFormat(cmd *cobra.Command, serializedChain []byte) string { wr := bytes.NewBufferString("") err := json.Indent(wr, serializedChain, "", " ") commonCmd.ExitOnErr(cmd, "%w", err) return wr.String() } func addRule(cmd *cobra.Command, _ []string) { pk := key.Get(cmd) chainID, _ := cmd.Flags().GetString(chainIDFlag) hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag) chainIDRaw := []byte(chainID) if hexEncoded { var err error chainIDRaw, err = hex.DecodeString(chainID) commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err) } var cnr cid.ID cidStr, _ := cmd.Flags().GetString(commonflags.CIDFlag) commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(cidStr)) rawCID := make([]byte, sha256.Size) cnr.Encode(rawCID) rule, _ := cmd.Flags().GetString(ruleFlag) chain := new(apechain.Chain) commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, []string{rule})) chain.ID = apechain.ID(chainIDRaw) serializedChain := chain.Bytes() cmd.Println("CID: " + cidStr) cmd.Println("Parsed chain:\n" + prettyJSONFormat(cmd, serializedChain)) req := &control.AddChainLocalOverrideRequest{ Body: &control.AddChainLocalOverrideRequest_Body{ Target: &control.ChainTarget{ Type: control.ChainTarget_CONTAINER, Name: cidStr, }, Chain: serializedChain, }, } signRequest(cmd, pk, req) cli := getClient(cmd, pk) var resp *control.AddChainLocalOverrideResponse var err error err = cli.ExecRaw(func(client *client.Client) error { resp, err = control.AddChainLocalOverride(client, req) return err }) commonCmd.ExitOnErr(cmd, "rpc error: %w", err) verifyResponse(cmd, resp.GetSignature(), resp.GetBody()) chainIDRaw = resp.GetBody().GetChainId() cmd.Printf("Rule has been added.\nChain id: '%s'\nChain id hex: '%x'\n", string(chainIDRaw), chainIDRaw) } func initControlAddRuleCmd() { initControlFlags(addRuleCmd) ff := addRuleCmd.Flags() ff.String(commonflags.CIDFlag, "", commonflags.CIDFlagUsage) ff.String(ruleFlag, "", "Rule statement") ff.String(chainIDFlag, "", "Assign ID to the parsed chain") ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex") }