2024-05-13 16:07:44 +00:00
|
|
|
package apemanager
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/hex"
|
|
|
|
"errors"
|
|
|
|
|
|
|
|
internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
|
|
|
|
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
2024-11-18 09:37:55 +00:00
|
|
|
apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
|
2024-11-18 09:54:02 +00:00
|
|
|
parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/ape"
|
2024-05-28 13:12:14 +00:00
|
|
|
apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
|
2024-05-13 16:07:44 +00:00
|
|
|
client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
|
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
|
|
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
chainIDFlag = "chain-id"
|
|
|
|
chainIDHexFlag = "chain-id-hex"
|
|
|
|
ruleFlag = "rule"
|
|
|
|
pathFlag = "path"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
targetNameFlag = "target-name"
|
|
|
|
targetNameDesc = "Resource name in APE resource name format"
|
|
|
|
targetTypeFlag = "target-type"
|
|
|
|
targetTypeDesc = "Resource type(container/namespace)"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2024-10-14 14:20:14 +00:00
|
|
|
namespaceTarget = "namespace"
|
|
|
|
containerTarget = "container"
|
|
|
|
userTarget = "user"
|
|
|
|
groupTarget = "group"
|
2024-05-13 16:07:44 +00:00
|
|
|
)
|
|
|
|
|
2024-05-27 12:57:02 +00:00
|
|
|
var errUnknownTargetType = errors.New("unknown target type")
|
2024-05-13 16:07:44 +00:00
|
|
|
|
|
|
|
var addCmd = &cobra.Command{
|
|
|
|
Use: "add",
|
|
|
|
Short: "Add rule chain for a target",
|
|
|
|
Run: add,
|
|
|
|
PersistentPreRun: func(cmd *cobra.Command, _ []string) {
|
|
|
|
commonflags.Bind(cmd)
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2024-05-28 13:12:14 +00:00
|
|
|
func parseTarget(cmd *cobra.Command) (ct apeSDK.ChainTarget) {
|
2024-05-13 16:07:44 +00:00
|
|
|
typ, _ := cmd.Flags().GetString(targetTypeFlag)
|
|
|
|
name, _ := cmd.Flags().GetString(targetNameFlag)
|
|
|
|
|
|
|
|
ct.Name = name
|
|
|
|
|
|
|
|
switch typ {
|
|
|
|
case namespaceTarget:
|
2024-05-28 13:12:14 +00:00
|
|
|
ct.TargetType = apeSDK.TargetTypeNamespace
|
2024-05-13 16:07:44 +00:00
|
|
|
case containerTarget:
|
|
|
|
var cnr cid.ID
|
|
|
|
commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
|
2024-05-28 13:12:14 +00:00
|
|
|
ct.TargetType = apeSDK.TargetTypeContainer
|
2024-05-13 16:07:44 +00:00
|
|
|
case userTarget:
|
2024-05-28 13:12:14 +00:00
|
|
|
ct.TargetType = apeSDK.TargetTypeUser
|
2024-05-13 16:07:44 +00:00
|
|
|
case groupTarget:
|
2024-05-28 13:12:14 +00:00
|
|
|
ct.TargetType = apeSDK.TargetTypeGroup
|
2024-05-13 16:07:44 +00:00
|
|
|
default:
|
|
|
|
commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
|
|
|
|
}
|
|
|
|
return ct
|
|
|
|
}
|
|
|
|
|
2024-05-28 13:12:14 +00:00
|
|
|
func parseChain(cmd *cobra.Command) apeSDK.Chain {
|
2024-05-13 16:07:44 +00:00
|
|
|
chainID, _ := cmd.Flags().GetString(chainIDFlag)
|
|
|
|
hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
|
|
|
|
|
|
|
|
chainIDRaw := []byte(chainID)
|
|
|
|
|
|
|
|
if hexEncoded {
|
|
|
|
var err error
|
|
|
|
chainIDRaw, err = hex.DecodeString(chainID)
|
|
|
|
commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
chain := new(apechain.Chain)
|
|
|
|
chain.ID = apechain.ID(chainIDRaw)
|
|
|
|
|
|
|
|
if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
|
2024-11-18 09:54:02 +00:00
|
|
|
commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
|
2024-05-13 16:07:44 +00:00
|
|
|
} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
|
2024-11-18 09:54:02 +00:00
|
|
|
commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
|
2024-05-13 16:07:44 +00:00
|
|
|
} else {
|
|
|
|
commonCmd.ExitOnErr(cmd, "parser error: %w", errors.New("rule is not passed"))
|
|
|
|
}
|
|
|
|
|
|
|
|
cmd.Println("Parsed chain:")
|
2024-11-18 09:37:55 +00:00
|
|
|
apeCmd.PrintHumanReadableAPEChain(cmd, chain)
|
2024-05-13 16:07:44 +00:00
|
|
|
|
|
|
|
serialized := chain.Bytes()
|
2024-05-28 13:12:14 +00:00
|
|
|
return apeSDK.Chain{
|
2024-05-13 16:07:44 +00:00
|
|
|
Raw: serialized,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func add(cmd *cobra.Command, _ []string) {
|
|
|
|
c := parseChain(cmd)
|
|
|
|
|
|
|
|
target := parseTarget(cmd)
|
|
|
|
|
|
|
|
key := key.Get(cmd)
|
|
|
|
cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
|
|
|
|
|
|
|
|
res, err := cli.APEManagerAddChain(cmd.Context(), client_sdk.PrmAPEManagerAddChain{
|
|
|
|
ChainTarget: target,
|
|
|
|
Chain: c,
|
|
|
|
})
|
|
|
|
|
|
|
|
commonCmd.ExitOnErr(cmd, "add chain error: %w", err)
|
|
|
|
|
|
|
|
cmd.Println("Rule has been added.")
|
|
|
|
cmd.Println("Chain ID: ", string(res.ChainID))
|
|
|
|
}
|
|
|
|
|
|
|
|
func initAddCmd() {
|
|
|
|
commonflags.Init(addCmd)
|
|
|
|
|
|
|
|
ff := addCmd.Flags()
|
|
|
|
ff.StringArray(ruleFlag, []string{}, "Rule statement")
|
|
|
|
ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
|
|
|
|
ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
|
|
|
|
ff.String(targetNameFlag, "", targetNameDesc)
|
|
|
|
ff.String(targetTypeFlag, "", targetTypeDesc)
|
|
|
|
_ = addCmd.MarkFlagRequired(targetTypeFlag)
|
|
|
|
ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
|
|
|
|
|
|
|
|
addCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
|
|
|
|
}
|