forked from TrueCloudLab/frostfs-s3-gw
[#360] Reuse single target during policy check
Policy engine library is able to manage multiple targets and resolve different status results. Signed-off-by: Alex Vanin <a.vanin@yadro.com>
This commit is contained in:
parent
6da1acc554
commit
61ff4702a2
1 changed files with 10 additions and 16 deletions
|
|
@ -81,25 +81,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo := GetReqInfo(r.Context())
|
reqInfo := GetReqInfo(r.Context())
|
||||||
targets := []engine.RequestTarget{
|
target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
|
||||||
engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
|
|
||||||
}
|
|
||||||
if bktInfo != nil {
|
if bktInfo != nil {
|
||||||
targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString()))
|
cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
|
||||||
|
target.Container = &cnrTarget
|
||||||
}
|
}
|
||||||
|
|
||||||
st := chain.NoRuleFound
|
st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
|
||||||
for _, target := range targets {
|
if err != nil {
|
||||||
status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
|
return err
|
||||||
if err != nil {
|
}
|
||||||
return err
|
|
||||||
}
|
if !found {
|
||||||
if found {
|
st = chain.NoRuleFound
|
||||||
st = status
|
|
||||||
if status != chain.Allow {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue