forked from TrueCloudLab/frostfs-sdk-go
[#168] eacl: Replace pointer slices with non-pointer slices
- []*Record => []Record - []*Filter => []Filter - []*Target => []Target Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
Alex Vanin
parent
ef96949cbf
commit
e70bf05fb9
7 changed files with 47 additions and 51 deletions
|
|
@ -20,22 +20,22 @@ import (
|
||||||
type Record struct {
|
type Record struct {
|
||||||
action Action
|
action Action
|
||||||
operation Operation
|
operation Operation
|
||||||
filters []*Filter
|
filters []Filter
|
||||||
targets []*Target
|
targets []Target
|
||||||
}
|
}
|
||||||
|
|
||||||
// Targets returns list of target subjects to apply ACL rule to.
|
// Targets returns list of target subjects to apply ACL rule to.
|
||||||
func (r Record) Targets() []*Target {
|
func (r Record) Targets() []Target {
|
||||||
return r.targets
|
return r.targets
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetTargets sets list of target subjects to apply ACL rule to.
|
// SetTargets sets list of target subjects to apply ACL rule to.
|
||||||
func (r *Record) SetTargets(targets ...*Target) {
|
func (r *Record) SetTargets(targets ...Target) {
|
||||||
r.targets = targets
|
r.targets = targets
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filters returns list of filters to match and see if rule is applicable.
|
// Filters returns list of filters to match and see if rule is applicable.
|
||||||
func (r Record) Filters() []*Filter {
|
func (r Record) Filters() []Filter {
|
||||||
return r.filters
|
return r.filters
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -61,7 +61,7 @@ func (r *Record) SetAction(action Action) {
|
||||||
|
|
||||||
// AddRecordTarget adds single Target to the Record.
|
// AddRecordTarget adds single Target to the Record.
|
||||||
func AddRecordTarget(r *Record, t *Target) {
|
func AddRecordTarget(r *Record, t *Target) {
|
||||||
r.SetTargets(append(r.Targets(), t)...)
|
r.SetTargets(append(r.Targets(), *t)...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddFormedTarget forms Target with specified Role and list of
|
// AddFormedTarget forms Target with specified Role and list of
|
||||||
|
|
@ -75,7 +75,7 @@ func AddFormedTarget(r *Record, role Role, keys ...ecdsa.PublicKey) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Record) addFilter(from FilterHeaderType, m Match, keyTyp filterKeyType, key string, val fmt.Stringer) {
|
func (r *Record) addFilter(from FilterHeaderType, m Match, keyTyp filterKeyType, key string, val fmt.Stringer) {
|
||||||
filter := &Filter{
|
filter := Filter{
|
||||||
from: from,
|
from: from,
|
||||||
key: filterKey{
|
key: filterKey{
|
||||||
typ: keyTyp,
|
typ: keyTyp,
|
||||||
|
|
@ -162,18 +162,18 @@ func (r *Record) ToV2() *v2acl.Record {
|
||||||
v2 := new(v2acl.Record)
|
v2 := new(v2acl.Record)
|
||||||
|
|
||||||
if r.targets != nil {
|
if r.targets != nil {
|
||||||
targets := make([]*v2acl.Target, 0, len(r.targets))
|
targets := make([]v2acl.Target, len(r.targets))
|
||||||
for _, target := range r.targets {
|
for i := range r.targets {
|
||||||
targets = append(targets, target.ToV2())
|
targets[i] = *r.targets[i].ToV2()
|
||||||
}
|
}
|
||||||
|
|
||||||
v2.SetTargets(targets)
|
v2.SetTargets(targets)
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.filters != nil {
|
if r.filters != nil {
|
||||||
filters := make([]*v2acl.HeaderFilter, 0, len(r.filters))
|
filters := make([]v2acl.HeaderFilter, len(r.filters))
|
||||||
for _, filter := range r.filters {
|
for i := range r.filters {
|
||||||
filters = append(filters, filter.ToV2())
|
filters[i] = *r.filters[i].ToV2()
|
||||||
}
|
}
|
||||||
|
|
||||||
v2.SetFilters(filters)
|
v2.SetFilters(filters)
|
||||||
|
|
@ -201,8 +201,8 @@ func CreateRecord(action Action, operation Operation) *Record {
|
||||||
r := NewRecord()
|
r := NewRecord()
|
||||||
r.action = action
|
r.action = action
|
||||||
r.operation = operation
|
r.operation = operation
|
||||||
r.targets = []*Target{}
|
r.targets = []Target{}
|
||||||
r.filters = []*Filter{}
|
r.filters = []Filter{}
|
||||||
|
|
||||||
return r
|
return r
|
||||||
}
|
}
|
||||||
|
|
@ -221,14 +221,14 @@ func NewRecordFromV2(record *v2acl.Record) *Record {
|
||||||
v2targets := record.GetTargets()
|
v2targets := record.GetTargets()
|
||||||
v2filters := record.GetFilters()
|
v2filters := record.GetFilters()
|
||||||
|
|
||||||
r.targets = make([]*Target, 0, len(v2targets))
|
r.targets = make([]Target, len(v2targets))
|
||||||
for i := range v2targets {
|
for i := range v2targets {
|
||||||
r.targets = append(r.targets, NewTargetFromV2(v2targets[i]))
|
r.targets[i] = *NewTargetFromV2(&v2targets[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
r.filters = make([]*Filter, 0, len(v2filters))
|
r.filters = make([]Filter, len(v2filters))
|
||||||
for i := range v2filters {
|
for i := range v2filters {
|
||||||
r.filters = append(r.filters, NewFilterFromV2(v2filters[i]))
|
r.filters[i] = *NewFilterFromV2(&v2filters[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
return r
|
return r
|
||||||
|
|
|
||||||
|
|
@ -63,18 +63,14 @@ func TestAddFormedTarget(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
targets := make([]*Target, 0, len(items))
|
targets := make([]Target, len(items))
|
||||||
|
|
||||||
r := NewRecord()
|
r := NewRecord()
|
||||||
|
|
||||||
for _, item := range items {
|
for i := range items {
|
||||||
tgt := NewTarget()
|
targets[i].SetRole(items[i].role)
|
||||||
tgt.SetRole(item.role)
|
SetTargetECDSAKeys(&targets[i], ecdsaKeysToPtrs(items[i].keys)...)
|
||||||
SetTargetECDSAKeys(tgt, ecdsaKeysToPtrs(item.keys)...)
|
AddFormedTarget(r, items[i].role, items[i].keys...)
|
||||||
|
|
||||||
targets = append(targets, tgt)
|
|
||||||
|
|
||||||
AddFormedTarget(r, item.role, item.keys...)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
tgts := r.Targets()
|
tgts := r.Targets()
|
||||||
|
|
@ -86,9 +82,9 @@ func TestAddFormedTarget(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRecord_AddFilter(t *testing.T) {
|
func TestRecord_AddFilter(t *testing.T) {
|
||||||
filters := []*Filter{
|
filters := []Filter{
|
||||||
newObjectFilter(MatchStringEqual, "some name", "ContainerID"),
|
*newObjectFilter(MatchStringEqual, "some name", "ContainerID"),
|
||||||
newObjectFilter(MatchStringNotEqual, "X-Header-Name", "X-Header-Value"),
|
*newObjectFilter(MatchStringNotEqual, "X-Header-Name", "X-Header-Value"),
|
||||||
}
|
}
|
||||||
|
|
||||||
r := NewRecord()
|
r := NewRecord()
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ type Table struct {
|
||||||
cid *cid.ID
|
cid *cid.ID
|
||||||
token *session.Token
|
token *session.Token
|
||||||
sig *signature.Signature
|
sig *signature.Signature
|
||||||
records []*Record
|
records []Record
|
||||||
}
|
}
|
||||||
|
|
||||||
// CID returns identifier of the container that should use given access control rules.
|
// CID returns identifier of the container that should use given access control rules.
|
||||||
|
|
@ -42,14 +42,14 @@ func (t *Table) SetVersion(version version.Version) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Records returns list of extended ACL rules.
|
// Records returns list of extended ACL rules.
|
||||||
func (t Table) Records() []*Record {
|
func (t Table) Records() []Record {
|
||||||
return t.records
|
return t.records
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddRecord adds single eACL rule.
|
// AddRecord adds single eACL rule.
|
||||||
func (t *Table) AddRecord(r *Record) {
|
func (t *Table) AddRecord(r *Record) {
|
||||||
if r != nil {
|
if r != nil {
|
||||||
t.records = append(t.records, r)
|
t.records = append(t.records, *r)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -90,9 +90,9 @@ func (t *Table) ToV2() *v2acl.Table {
|
||||||
}
|
}
|
||||||
|
|
||||||
if t.records != nil {
|
if t.records != nil {
|
||||||
records := make([]*v2acl.Record, 0, len(t.records))
|
records := make([]v2acl.Record, len(t.records))
|
||||||
for _, record := range t.records {
|
for i := range t.records {
|
||||||
records = append(records, record.ToV2())
|
records[i] = *t.records[i].ToV2()
|
||||||
}
|
}
|
||||||
|
|
||||||
v2.SetRecords(records)
|
v2.SetRecords(records)
|
||||||
|
|
@ -157,10 +157,10 @@ func NewTableFromV2(table *v2acl.Table) *Table {
|
||||||
|
|
||||||
// set eacl records
|
// set eacl records
|
||||||
v2records := table.GetRecords()
|
v2records := table.GetRecords()
|
||||||
t.records = make([]*Record, 0, len(v2records))
|
t.records = make([]Record, len(v2records))
|
||||||
|
|
||||||
for i := range v2records {
|
for i := range v2records {
|
||||||
t.records = append(t.records, NewRecordFromV2(v2records[i]))
|
t.records[i] = *NewRecordFromV2(&v2records[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
return t
|
return t
|
||||||
|
|
|
||||||
|
|
@ -51,14 +51,14 @@ func TestTable(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTable_AddRecord(t *testing.T) {
|
func TestTable_AddRecord(t *testing.T) {
|
||||||
records := []*eacl.Record{
|
records := []eacl.Record{
|
||||||
eacl.CreateRecord(eacl.ActionDeny, eacl.OperationDelete),
|
*eacl.CreateRecord(eacl.ActionDeny, eacl.OperationDelete),
|
||||||
eacl.CreateRecord(eacl.ActionAllow, eacl.OperationPut),
|
*eacl.CreateRecord(eacl.ActionAllow, eacl.OperationPut),
|
||||||
}
|
}
|
||||||
|
|
||||||
table := eacl.NewTable()
|
table := eacl.NewTable()
|
||||||
for _, record := range records {
|
for _, record := range records {
|
||||||
table.AddRecord(record)
|
table.AddRecord(&record)
|
||||||
}
|
}
|
||||||
|
|
||||||
require.Equal(t, records, table.Records())
|
require.Equal(t, records, table.Records())
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ func Record() *eacl.Record {
|
||||||
|
|
||||||
x.SetAction(eacl.ActionAllow)
|
x.SetAction(eacl.ActionAllow)
|
||||||
x.SetOperation(eacl.OperationRangeHash)
|
x.SetOperation(eacl.OperationRangeHash)
|
||||||
x.SetTargets(Target(), Target())
|
x.SetTargets(*Target(), *Target())
|
||||||
x.AddObjectContainerIDFilter(eacl.MatchStringEqual, cidtest.ID())
|
x.AddObjectContainerIDFilter(eacl.MatchStringEqual, cidtest.ID())
|
||||||
x.AddObjectOwnerIDFilter(eacl.MatchStringNotEqual, ownertest.ID())
|
x.AddObjectOwnerIDFilter(eacl.MatchStringNotEqual, ownertest.ID())
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ func (v *Validator) CalculateAction(unit *ValidationUnit) Action {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check target
|
// check target
|
||||||
if !targetMatches(unit, record) {
|
if !targetMatches(unit, &record) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -51,7 +51,7 @@ func (v *Validator) CalculateAction(unit *ValidationUnit) Action {
|
||||||
// - positive value if no matching header is found for at least one filter;
|
// - positive value if no matching header is found for at least one filter;
|
||||||
// - zero if at least one suitable header is found for all filters;
|
// - zero if at least one suitable header is found for all filters;
|
||||||
// - negative value if the headers of at least one filter cannot be obtained.
|
// - negative value if the headers of at least one filter cannot be obtained.
|
||||||
func matchFilters(hdrSrc TypedHeaderSource, filters []*Filter) int {
|
func matchFilters(hdrSrc TypedHeaderSource, filters []Filter) int {
|
||||||
matched := 0
|
matched := 0
|
||||||
|
|
||||||
for _, filter := range filters {
|
for _, filter := range filters {
|
||||||
|
|
@ -79,7 +79,7 @@ func matchFilters(hdrSrc TypedHeaderSource, filters []*Filter) int {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check match
|
// check match
|
||||||
if !matchFn(header, filter) {
|
if !matchFn(header, &filter) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestFilterMatch(t *testing.T) {
|
func TestFilterMatch(t *testing.T) {
|
||||||
tgt := NewTarget()
|
tgt := *NewTarget()
|
||||||
tgt.SetRole(RoleOthers)
|
tgt.SetRole(RoleOthers)
|
||||||
|
|
||||||
t.Run("simple header match", func(t *testing.T) {
|
t.Run("simple header match", func(t *testing.T) {
|
||||||
|
|
@ -115,7 +115,7 @@ func TestFilterMatch(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestOperationMatch(t *testing.T) {
|
func TestOperationMatch(t *testing.T) {
|
||||||
tgt := NewTarget()
|
tgt := *NewTarget()
|
||||||
tgt.SetRole(RoleOthers)
|
tgt.SetRole(RoleOthers)
|
||||||
|
|
||||||
t.Run("single operation", func(t *testing.T) {
|
t.Run("single operation", func(t *testing.T) {
|
||||||
|
|
@ -161,7 +161,7 @@ func TestTargetMatches(t *testing.T) {
|
||||||
tgt2.SetRole(RoleOthers)
|
tgt2.SetRole(RoleOthers)
|
||||||
|
|
||||||
r := NewRecord()
|
r := NewRecord()
|
||||||
r.SetTargets(tgt1, tgt2)
|
r.SetTargets(*tgt1, *tgt2)
|
||||||
|
|
||||||
u := newValidationUnit(RoleUser, pubs[0], nil)
|
u := newValidationUnit(RoleUser, pubs[0], nil)
|
||||||
require.True(t, targetMatches(u, r))
|
require.True(t, targetMatches(u, r))
|
||||||
|
|
@ -224,7 +224,7 @@ func (h headers) HeadersOfType(ht FilterHeaderType) ([]Header, bool) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func newRecord(a Action, op Operation, tgt ...*Target) *Record {
|
func newRecord(a Action, op Operation, tgt ...Target) *Record {
|
||||||
r := NewRecord()
|
r := NewRecord()
|
||||||
r.SetAction(a)
|
r.SetAction(a)
|
||||||
r.SetOperation(op)
|
r.SetOperation(op)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue