forked from TrueCloudLab/frostfs-s3-gw
95 lines
2.9 KiB
Go
95 lines
2.9 KiB
Go
package policy
|
|
|
|
import (
|
|
policycontract "git.frostfs.info/TrueCloudLab/frostfs-contract/policy"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/handler"
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource"
|
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type Storage struct {
|
|
router engine.ChainRouter
|
|
|
|
morph handler.MorphRuleChainStorage
|
|
|
|
local engine.LocalOverrideStorage
|
|
|
|
policy handler.PolicyStorage
|
|
}
|
|
|
|
type StorageConfig struct {
|
|
Contract Contract
|
|
Cache *cache.MorphPolicyCache
|
|
Log *zap.Logger
|
|
}
|
|
|
|
type Contract interface {
|
|
AddChain(kind policycontract.Kind, entity string, name []byte, chain []byte) (util.Uint256, uint32, error)
|
|
GetChain(kind policycontract.Kind, entity string, name []byte) ([]byte, error)
|
|
RemoveChain(kind policycontract.Kind, entity string, name []byte) (util.Uint256, uint32, error)
|
|
ListChains(kind policycontract.Kind, entity string, name []byte) ([][]byte, error)
|
|
Wait(tx util.Uint256, vub uint32, err error) error
|
|
}
|
|
|
|
var _ handler.APE = (*Storage)(nil)
|
|
|
|
func NewStorage(cfg StorageConfig) *Storage {
|
|
// todo use thread safe inmemory https://git.frostfs.info/TrueCloudLab/policy-engine/issues/35
|
|
local := inmemory.NewInmemoryLocalStorage()
|
|
|
|
morph := NewMorphRuleChainStorage(&MorphRuleChainStorageConfig{
|
|
Contract: cfg.Contract,
|
|
Cache: cfg.Cache,
|
|
Log: cfg.Log,
|
|
})
|
|
|
|
policyStorage := NewMorphPolicyStorage(&MorphPolicyStorageConfig{
|
|
Contract: cfg.Contract,
|
|
Log: cfg.Log,
|
|
})
|
|
|
|
return &Storage{
|
|
router: engine.NewDefaultChainRouterWithLocalOverrides(morph, local),
|
|
morph: morph,
|
|
local: local,
|
|
policy: policyStorage,
|
|
}
|
|
}
|
|
|
|
func (s *Storage) IsAllowed(name chain.Name, target engine.RequestTarget, r resource.Request) (status chain.Status, found bool, err error) {
|
|
return s.router.IsAllowed(name, target, r)
|
|
}
|
|
|
|
func (s *Storage) LocalStorage() engine.LocalOverrideStorage {
|
|
return s.local
|
|
}
|
|
|
|
func (s *Storage) AddChain(target engine.Target, policyChain *chain.Chain) error {
|
|
return s.morph.AddChain(target, policyChain)
|
|
}
|
|
|
|
func (s *Storage) RemoveChain(target engine.Target, chainID chain.ID) error {
|
|
return s.morph.RemoveChain(target, chainID)
|
|
}
|
|
|
|
func (s *Storage) ListChains(target engine.Target) ([]*chain.Chain, error) {
|
|
return s.morph.ListChains(target)
|
|
}
|
|
|
|
func (s *Storage) PutPolicy(namespace string, cnrID cid.ID, policy []byte) error {
|
|
return s.policy.PutPolicy(namespace, cnrID, policy)
|
|
}
|
|
|
|
func (s *Storage) GetPolicy(namespace string, cnrID cid.ID) ([]byte, error) {
|
|
return s.policy.GetPolicy(namespace, cnrID)
|
|
}
|
|
|
|
func (s *Storage) DeletePolicy(namespace string, cnrID cid.ID) error {
|
|
return s.policy.DeletePolicy(namespace, cnrID)
|
|
}
|