package engine import ( "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource" ) type ChainRouter interface { // IsAllowed returns status for the operation after all checks. // The second return value signifies whether a matching rule was found. IsAllowed(name chain.Name, target string, r resource.Request) (status chain.Status, found bool, err error) } // LocalOverrideStorage is the interface to manage local overrides defined // for a node. Local overrides have a higher priority than chains got from morph storage. type LocalOverrideStorage interface { AddOverride(name chain.Name, target Target, c *chain.Chain) (chain.ID, error) GetOverride(name chain.Name, target Target, chainID chain.ID) (*chain.Chain, error) RemoveOverride(name chain.Name, target Target, chainID chain.ID) error ListOverrides(name chain.Name, target Target) ([]*chain.Chain, error) DropAllOverrides(name chain.Name) error } type TargetType rune const ( Namespace TargetType = 'n' Container TargetType = 'c' ) type Target struct { Type TargetType Name string } func NamespaceTarget(namespace string) Target { return Target{ Type: Namespace, Name: namespace, } } func ContainerTarget(container string) Target { return Target{ Type: Container, Name: container, } } // MorphRuleChainStorage is the interface to manage chains from the chain storage. // Basically, this implies that the storage manages rules stored in policy contract. type MorphRuleChainStorage interface { AddMorphRuleChain(name chain.Name, target Target, c *chain.Chain) error RemoveMorphRuleChain(name chain.Name, target Target, chainID chain.ID) error ListMorphRuleChains(name chain.Name, target Target) ([]*chain.Chain, error) } // Engine is the interface that provides methods to check request permissions checking // chain rules from morph client - this implies using the policy contract. type Engine interface { ChainRouter MorphRuleChainStorage() MorphRuleChainStorage } // LocalOverrideEngine is extended Engine that also provides methods to manage a local // chain rule storage. Local overrides must have the highest priority during request checking. type LocalOverrideEngine interface { Engine LocalStorage() LocalOverrideStorage }