[#842] control: Pass target instead resource name

* Update policy-engine package version in go.mod, go.sum.
* Refactor CheckIfRequestPermitted: pass container target
  instead container ID.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>

go.mod

@@ -8,7 +8,7 @@ require (
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
 	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20231122162120-56debcfa569e
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1
-	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231128145636-a0a35bf4bf31
+	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20231205092054-2d4a9fc6dcb3
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0
 	github.com/cheggaaa/pb v1.0.29
 	github.com/chzyer/readline v1.5.1

pkg/services/control/server/policy_engine.go

@@ -66,7 +66,7 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
 	}
 
 	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	if _, err = src.LocalStorage().AddOverride(apechain.Ingress, resource, &chain); err != nil {
+	if _, err = src.LocalStorage().AddOverride(apechain.Ingress, engine.ContainerTarget(resource), &chain); err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
 
@@ -103,7 +103,7 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL
 	}
 
 	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	chain, err := src.LocalStorage().GetOverride(apechain.Ingress, resource, apechain.ID(req.GetBody().GetChainId()))
+	chain, err := src.LocalStorage().GetOverride(apechain.Ingress, engine.ContainerTarget(resource), apechain.ID(req.GetBody().GetChainId()))
 	if err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
@@ -141,7 +141,7 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha
 	}
 
 	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	chains, err := src.LocalStorage().ListOverrides(apechain.Ingress, resource)
+	chains, err := src.LocalStorage().ListOverrides(apechain.Ingress, engine.ContainerTarget(resource))
 	if err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
@@ -183,7 +183,7 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
 	}
 
 	resource := fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, cid.EncodeToString())
-	if err = src.LocalStorage().RemoveOverride(apechain.Ingress, resource, apechain.ID(req.GetBody().GetChainId())); err != nil {
+	if err = src.LocalStorage().RemoveOverride(apechain.Ingress, engine.ContainerTarget(resource), apechain.ID(req.GetBody().GetChainId())); err != nil {
 		return nil, status.Error(getCodeByLocalStorageErr(err), err.Error())
 	}
 	resp := &control.RemoveChainLocalOverrideResponse{

pkg/services/object/acl/ape.go

@@ -9,6 +9,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 )
 
 var errAPEChainNoSource = errors.New("could not get ape chain source for the container")
@@ -36,7 +37,9 @@ func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
 	request := new(Request)
 	request.FromRequestInfo(reqInfo)
 
-	status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, "", request)
+	cnrTarget := getResource(reqInfo).Name()
+
+	status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
 	if err != nil {
 		return err
 	}