[#800] node: eACL -> APE converter

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-11-10 11:40:06 +03:00 · 2023-11-10 11:40:06 +03:00 · fd9128d051
commit fd9128d051
parent 364f835b7e
6 changed files with 749 additions and 30 deletions
--- a/cmd/frostfs-cli/modules/util/ape.go
+++ b/cmd/frostfs-cli/modules/util/ape.go
@ -6,6 +6,7 @@ import (
 	"strings"

 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
+	nativeschema "git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
 	"github.com/flynn-archive/go-shlex"
 )

@ -65,7 +66,7 @@ func parseRuleLexemes(r *policyengine.Rule, lexemes []string) error {
 		return err
 	}

-	r.Action, err = parseAction(lexemes[1])
+	r.Actions, err = parseAction(lexemes[1])
 	if err != nil {
 		return err
 	}
@ -75,7 +76,7 @@ func parseRuleLexemes(r *policyengine.Rule, lexemes []string) error {
 		return err
 	}

-	r.Resource, err = parseResource(lexemes[len(lexemes)-1])
+	r.Resources, err = parseResource(lexemes[len(lexemes)-1])
 	return err
 }

@ -100,41 +101,42 @@ func parseStatus(lexeme string) (policyengine.Status, error) {
 	}
 }

-func parseAction(lexeme string) ([]string, error) {
+func parseAction(lexeme string) (policyengine.Actions, error) {
 	switch strings.ToLower(lexeme) {
 	case "object.put":
-		return []string{"native:PutObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodPutObject}}, nil
 	case "object.get":
-		return []string{"native:GetObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodGetObject}}, nil
 	case "object.head":
-		return []string{"native:HeadObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodHeadObject}}, nil
 	case "object.delete":
-		return []string{"native:DeleteObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodDeleteObject}}, nil
 	case "object.search":
-		return []string{"native:SearchObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodSearchObject}}, nil
 	case "object.range":
-		return []string{"native:RangeObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodRangeObject}}, nil
 	case "object.hash":
-		return []string{"native:HashObject"}, nil
+		return policyengine.Actions{Names: []string{nativeschema.MethodHashObject}}, nil
 	default:
 	}
-	return nil, fmt.Errorf("%w: %s", errUnknownOperation, lexeme)
+	return policyengine.Actions{}, fmt.Errorf("%w: %s", errUnknownOperation, lexeme)
 }

-func parseResource(lexeme string) ([]string, error) {
-	return []string{fmt.Sprintf("native:::object/%s", lexeme)}, nil
+func parseResource(lexeme string) (policyengine.Resources, error) {
+	if lexeme == "*" {
+		return policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}}, nil
+	}
+	return policyengine.Resources{Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, lexeme)}}, nil
 }

 const (
 	ObjectResource = "object.resource"
 	ObjectRequest  = "object.request"
-	ObjectActor    = "object.actor"
 )

 var typeToCondObject = map[string]policyengine.ObjectType{
 	ObjectResource: policyengine.ObjectResource,
 	ObjectRequest:  policyengine.ObjectRequest,
-	ObjectActor:    policyengine.ObjectActor,
 }

 func parseConditions(lexemes []string) ([]policyengine.Condition, error) {