forked from TrueCloudLab/frostfs-s3-gw
88 lines
2.6 KiB
Go
88 lines
2.6 KiB
Go
package policy
|
|
|
|
import (
|
|
policycontract "git.frostfs.info/TrueCloudLab/frostfs-contract/policy"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/handler"
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
type Storage struct {
|
|
router engine.ChainRouter
|
|
|
|
morph *MorphRuleChainStorage
|
|
|
|
local engine.LocalOverrideStorage
|
|
}
|
|
|
|
type StorageConfig struct {
|
|
Contract Contract
|
|
Cache *cache.MorphPolicyCache
|
|
Log *zap.Logger
|
|
}
|
|
|
|
type MultiTransaction interface {
|
|
AddChain(entity policycontract.Kind, entityName string, name []byte, chain []byte)
|
|
RemoveChain(entity policycontract.Kind, entityName string, name []byte)
|
|
Scripts() ([][]byte, error)
|
|
}
|
|
|
|
type Contract interface {
|
|
GetChain(entity policycontract.Kind, entityName string, name []byte) ([]byte, error)
|
|
ListChains(entity policycontract.Kind, entityName string, prefix []byte) ([][]byte, error)
|
|
|
|
StartTx() MultiTransaction
|
|
SendTx(transaction MultiTransaction) error
|
|
}
|
|
|
|
var _ handler.APE = (*Storage)(nil)
|
|
|
|
func NewStorage(cfg StorageConfig) *Storage {
|
|
local := inmemory.NewInmemoryLocalStorage()
|
|
|
|
morph := NewMorphRuleChainStorage(&MorphRuleChainStorageConfig{
|
|
Contract: cfg.Contract,
|
|
Cache: cfg.Cache,
|
|
Log: cfg.Log,
|
|
})
|
|
|
|
return &Storage{
|
|
router: engine.NewDefaultChainRouterWithLocalOverrides(morph, local),
|
|
morph: morph,
|
|
local: local,
|
|
}
|
|
}
|
|
|
|
func (s *Storage) IsAllowed(name chain.Name, target engine.RequestTarget, r resource.Request) (status chain.Status, found bool, err error) {
|
|
return s.router.IsAllowed(name, target, r)
|
|
}
|
|
|
|
func (s *Storage) LocalStorage() engine.LocalOverrideStorage {
|
|
return s.local
|
|
}
|
|
|
|
func (s *Storage) PutBucketPolicy(ns string, cnrID cid.ID, policy []byte, s3Chain *chain.Chain) error {
|
|
return s.morph.PutBucketPolicy(ns, cnrID, policy, s3Chain)
|
|
}
|
|
|
|
func (s *Storage) DeleteBucketPolicy(ns string, cnrID cid.ID, chainID chain.ID) error {
|
|
return s.morph.DeleteBucketPolicy(ns, cnrID, chainID)
|
|
}
|
|
|
|
func (s *Storage) GetBucketPolicy(ns string, cnrID cid.ID) ([]byte, error) {
|
|
return s.morph.GetBucketPolicy(ns, cnrID)
|
|
}
|
|
|
|
func (s *Storage) SaveACLChains(ns string, chains []*chain.Chain) error {
|
|
return s.morph.SaveACLChains(ns, chains)
|
|
}
|
|
|
|
//
|
|
//func (s *Storage) ListChains(target engine.Target) ([]*chain.Chain, error) {
|
|
// return s.morph.ListMorphRuleChains(target)
|
|
//}
|