From d0f56e504448b2f820e1c79038796b2d2ac3b5cf Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 19:44:09 +0300 Subject: [PATCH] acl: reorganize files --- acl/action.go | 38 ------ acl/header.go | 290 ------------------------------------------- acl/match.go | 29 ----- acl/types.go | 116 +++++++++++++++++ acl/wrappers.go | 8 +- acl/wrappers_test.go | 2 +- 6 files changed, 121 insertions(+), 362 deletions(-) delete mode 100644 acl/action.go delete mode 100644 acl/header.go delete mode 100644 acl/match.go diff --git a/acl/action.go b/acl/action.go deleted file mode 100644 index b2986e2..0000000 --- a/acl/action.go +++ /dev/null @@ -1,38 +0,0 @@ -package acl - -// RequestInfo is an interface of request information needed for extended ACL check. -type RequestInfo interface { - TypedHeaderSource - - // Must return the binary representation of request initiator's key. - Key() []byte - - // Must return true if request corresponds to operation type. - TypeOf(OperationType) bool - - // Must return true if request has passed target. - TargetOf(Target) bool -} - -// ExtendedACLChecker is an interface of extended ACL checking tool. -type ExtendedACLChecker interface { - // Must return an action according to the results of applying the ACL table rules to request. - // - // Must return ActionUndefined if it is unable to explicitly calculate the action. - Action(ExtendedACLTable, RequestInfo) ExtendedACLAction -} - -type extendedACLChecker struct{} - -const ( - // ActionUndefined is ExtendedACLAction used to mark value as undefined. - // Most of the tools consider ActionUndefined as incalculable. - // Using ActionUndefined in ExtendedACLRecord is unsafe. - ActionUndefined ExtendedACLAction = iota - - // ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule. - ActionAllow - - // ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule. - ActionDeny -) diff --git a/acl/header.go b/acl/header.go deleted file mode 100644 index 9dff79e..0000000 --- a/acl/header.go +++ /dev/null @@ -1,290 +0,0 @@ -package acl - -import ( - "strconv" - - "github.com/nspcc-dev/neofs-api-go/object" - "github.com/nspcc-dev/neofs-api-go/service" -) - -type objectHeaderSource struct { - obj *object.Object -} - -type typedHeader struct { - n string - v string - t HeaderType -} - -type extendedHeadersWrapper struct { - hdrSrc service.ExtendedHeadersSource -} - -type typedExtendedHeader struct { - hdr service.ExtendedHeader -} - -const ( - _ HeaderType = iota - - // HdrTypeRequest is a HeaderType for request header. - HdrTypeRequest - - // HdrTypeObjSys is a HeaderType for system headers of object. - HdrTypeObjSys - - // HdrTypeObjUsr is a HeaderType for user headers of object. - HdrTypeObjUsr -) - -const ( - // HdrObjSysNameID is a name of ID field in system header of object. - HdrObjSysNameID = "ID" - - // HdrObjSysNameCID is a name of CID field in system header of object. - HdrObjSysNameCID = "CID" - - // HdrObjSysNameOwnerID is a name of OwnerID field in system header of object. - HdrObjSysNameOwnerID = "OWNER_ID" - - // HdrObjSysNameVersion is a name of Version field in system header of object. - HdrObjSysNameVersion = "VERSION" - - // HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object. - HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH" - - // HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object. - HdrObjSysNameCreatedUnix = "CREATED_UNIX" - - // HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object. - HdrObjSysNameCreatedEpoch = "CREATED_EPOCH" - - // HdrObjSysLinkPrev is a name of previous link header in extended headers of object. - HdrObjSysLinkPrev = "LINK_PREV" - - // HdrObjSysLinkNext is a name of next link header in extended headers of object. - HdrObjSysLinkNext = "LINK_NEXT" - - // HdrObjSysLinkChild is a name of child link header in extended headers of object. - HdrObjSysLinkChild = "LINK_CHILD" - - // HdrObjSysLinkPar is a name of parent link header in extended headers of object. - HdrObjSysLinkPar = "LINK_PAR" - - // HdrObjSysLinkSG is a name of storage group link header in extended headers of object. - HdrObjSysLinkSG = "LINK_SG" -) - -func newTypedHeader(name, value string, typ HeaderType) TypedHeader { - return &typedHeader{ - n: name, - v: value, - t: typ, - } -} - -// Name is a name field getter. -func (s typedHeader) Name() string { - return s.n -} - -// Value is a value field getter. -func (s typedHeader) Value() string { - return s.v -} - -// HeaderType is a type field getter. -func (s typedHeader) HeaderType() HeaderType { - return s.t -} - -// TypedHeaderSourceFromObject wraps passed object and returns TypedHeaderSource interface. -func TypedHeaderSourceFromObject(obj *object.Object) TypedHeaderSource { - return &objectHeaderSource{ - obj: obj, - } -} - -// HeaderOfType gathers object headers of passed type and returns Header list. -// -// If value of some header can not be calculated (e.g. nil extended header), it does not appear in list. -// -// Always returns true. -func (s objectHeaderSource) HeadersOfType(typ HeaderType) ([]Header, bool) { - if s.obj == nil { - return nil, true - } - - var res []Header - - switch typ { - case HdrTypeObjUsr: - objHeaders := s.obj.GetHeaders() - - res = make([]Header, 0, len(objHeaders)) // 7 system header fields - - for _, extHdr := range objHeaders { - if h := newTypedObjectExtendedHeader(extHdr); h != nil { - res = append(res, h) - } - } - case HdrTypeObjSys: - res = make([]Header, 0, 7) - - sysHdr := s.obj.GetSystemHeader() - - // ID - res = append(res, newTypedHeader( - HdrObjSysNameID, - sysHdr.ID.String(), - HdrTypeObjSys), - ) - - // CID - res = append(res, newTypedHeader( - HdrObjSysNameCID, - sysHdr.CID.String(), - HdrTypeObjSys), - ) - - // OwnerID - res = append(res, newTypedHeader( - HdrObjSysNameOwnerID, - sysHdr.OwnerID.String(), - HdrTypeObjSys), - ) - - // Version - res = append(res, newTypedHeader( - HdrObjSysNameVersion, - strconv.FormatUint(sysHdr.GetVersion(), 10), - HdrTypeObjSys), - ) - - // PayloadLength - res = append(res, newTypedHeader( - HdrObjSysNamePayloadLength, - strconv.FormatUint(sysHdr.GetPayloadLength(), 10), - HdrTypeObjSys), - ) - - created := sysHdr.GetCreatedAt() - - // CreatedAt.UnitTime - res = append(res, newTypedHeader( - HdrObjSysNameCreatedUnix, - strconv.FormatUint(uint64(created.GetUnixTime()), 10), - HdrTypeObjSys), - ) - - // CreatedAt.Epoch - res = append(res, newTypedHeader( - HdrObjSysNameCreatedEpoch, - strconv.FormatUint(created.GetEpoch(), 10), - HdrTypeObjSys), - ) - } - - return res, true -} - -func newTypedObjectExtendedHeader(h object.Header) TypedHeader { - val := h.GetValue() - if val == nil { - return nil - } - - res := new(typedHeader) - res.t = HdrTypeObjSys - - switch hdr := val.(type) { - case *object.Header_UserHeader: - if hdr.UserHeader == nil { - return nil - } - - res.t = HdrTypeObjUsr - res.n = hdr.UserHeader.GetKey() - res.v = hdr.UserHeader.GetValue() - case *object.Header_Link: - if hdr.Link == nil { - return nil - } - - switch hdr.Link.GetType() { - case object.Link_Previous: - res.n = HdrObjSysLinkPrev - case object.Link_Next: - res.n = HdrObjSysLinkNext - case object.Link_Child: - res.n = HdrObjSysLinkChild - case object.Link_Parent: - res.n = HdrObjSysLinkPar - case object.Link_StorageGroup: - res.n = HdrObjSysLinkSG - default: - return nil - } - - res.v = hdr.Link.ID.String() - default: - return nil - } - - return res -} - -// TypedHeaderSourceFromExtendedHeaders wraps passed ExtendedHeadersSource and returns TypedHeaderSource interface. -func TypedHeaderSourceFromExtendedHeaders(hdrSrc service.ExtendedHeadersSource) TypedHeaderSource { - return &extendedHeadersWrapper{ - hdrSrc: hdrSrc, - } -} - -// Name returns the result of Key method. -func (s typedExtendedHeader) Name() string { - return s.hdr.Key() -} - -// Value returns the result of Value method. -func (s typedExtendedHeader) Value() string { - return s.hdr.Value() -} - -// HeaderType always returns HdrTypeRequest. -func (s typedExtendedHeader) HeaderType() HeaderType { - return HdrTypeRequest -} - -// TypedHeaders gathers extended request headers and returns TypedHeader list. -// -// Nil headers are ignored. -// -// Always returns true. -func (s extendedHeadersWrapper) HeadersOfType(typ HeaderType) ([]Header, bool) { - if s.hdrSrc == nil { - return nil, true - } - - var res []Header - - switch typ { - case HdrTypeRequest: - hs := s.hdrSrc.ExtendedHeaders() - - res = make([]Header, 0, len(hs)) - - for i := range hs { - if hs[i] == nil { - continue - } - - res = append(res, &typedExtendedHeader{ - hdr: hs[i], - }) - } - } - - return res, true -} diff --git a/acl/match.go b/acl/match.go deleted file mode 100644 index bddee89..0000000 --- a/acl/match.go +++ /dev/null @@ -1,29 +0,0 @@ -package acl - -const ( - _ MatchType = iota - StringEqual - StringNotEqual -) - -// Maps MatchType to corresponding function. -// 1st argument of function - header value, 2nd - header filter. -var mMatchFns = map[MatchType]func(Header, Header) bool{ - StringEqual: stringEqual, - - StringNotEqual: stringNotEqual, -} - -const ( - mResUndefined = iota - mResMatch - mResMismatch -) - -func stringEqual(header, filter Header) bool { - return header.Value() == filter.Value() -} - -func stringNotEqual(header, filter Header) bool { - return header.Value() != filter.Value() -} diff --git a/acl/types.go b/acl/types.go index 0587b9b..6a418bc 100644 --- a/acl/types.go +++ b/acl/types.go @@ -1,5 +1,121 @@ package acl +import ( + "github.com/nspcc-dev/neofs-api-go/object" + "github.com/nspcc-dev/neofs-api-go/service" +) + +const ( + _ MatchType = iota + stringEqual + stringNotEqual +) + +const ( + // ActionUndefined is ExtendedACLAction used to mark value as undefined. + // Most of the tools consider ActionUndefined as incalculable. + // Using ActionUndefined in ExtendedACLRecord is unsafe. + ActionUndefined ExtendedACLAction = iota + + // ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule. + ActionAllow + + // ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule. + ActionDeny +) + +const ( + _ HeaderType = iota + + // HdrTypeRequest is a HeaderType for request header. + HdrTypeRequest + + // HdrTypeObjSys is a HeaderType for system headers of object. + HdrTypeObjSys + + // HdrTypeObjUsr is a HeaderType for user headers of object. + HdrTypeObjUsr +) + +const ( + // HdrObjSysNameID is a name of ID field in system header of object. + HdrObjSysNameID = "ID" + + // HdrObjSysNameCID is a name of CID field in system header of object. + HdrObjSysNameCID = "CID" + + // HdrObjSysNameOwnerID is a name of OwnerID field in system header of object. + HdrObjSysNameOwnerID = "OWNER_ID" + + // HdrObjSysNameVersion is a name of Version field in system header of object. + HdrObjSysNameVersion = "VERSION" + + // HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object. + HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH" + + // HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object. + HdrObjSysNameCreatedUnix = "CREATED_UNIX" + + // HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object. + HdrObjSysNameCreatedEpoch = "CREATED_EPOCH" + + // HdrObjSysLinkPrev is a name of previous link header in extended headers of object. + HdrObjSysLinkPrev = "LINK_PREV" + + // HdrObjSysLinkNext is a name of next link header in extended headers of object. + HdrObjSysLinkNext = "LINK_NEXT" + + // HdrObjSysLinkChild is a name of child link header in extended headers of object. + HdrObjSysLinkChild = "LINK_CHILD" + + // HdrObjSysLinkPar is a name of parent link header in extended headers of object. + HdrObjSysLinkPar = "LINK_PAR" + + // HdrObjSysLinkSG is a name of storage group link header in extended headers of object. + HdrObjSysLinkSG = "LINK_SG" +) + +type objectHeaderSource struct { + obj *object.Object +} + +type typedHeader struct { + n string + v string + t HeaderType +} + +type extendedHeadersWrapper struct { + hdrSrc service.ExtendedHeadersSource +} + +type typedExtendedHeader struct { + hdr service.ExtendedHeader +} + +func newTypedHeader(name, value string, typ HeaderType) TypedHeader { + return &typedHeader{ + n: name, + v: value, + t: typ, + } +} + +// Name is a name field getter. +func (s typedHeader) Name() string { + return s.n +} + +// Value is a value field getter. +func (s typedHeader) Value() string { + return s.v +} + +// HeaderType is a type field getter. +func (s typedHeader) HeaderType() HeaderType { + return s.t +} + // SetMatchType is MatchType field setter. func (m *EACLRecord_FilterInfo) SetMatchType(v EACLRecord_FilterInfo_MatchType) { m.MatchType = v diff --git a/acl/wrappers.go b/acl/wrappers.go index 30c2ee3..94e420a 100644 --- a/acl/wrappers.go +++ b/acl/wrappers.go @@ -83,9 +83,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { if s.filter != nil { switch s.filter.GetMatchType() { case EACLRecord_FilterInfo_StringEqual: - res = StringEqual + res = stringEqual case EACLRecord_FilterInfo_StringNotEqual: - res = StringNotEqual + res = stringNotEqual } } @@ -102,9 +102,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { func (s EACLFilterWrapper) SetMatchType(v MatchType) { if s.filter != nil { switch v { - case StringEqual: + case stringEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringEqual) - case StringNotEqual: + case stringNotEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringNotEqual) default: s.filter.SetMatchType(EACLRecord_FilterInfo_MatchUnknown) diff --git a/acl/wrappers_test.go b/acl/wrappers_test.go index b7dbbe0..a55db8c 100644 --- a/acl/wrappers_test.go +++ b/acl/wrappers_test.go @@ -9,7 +9,7 @@ import ( func TestEACLFilterWrapper(t *testing.T) { s := WrapFilterInfo(nil) - mt := StringEqual + mt := stringEqual s.SetMatchType(mt) require.Equal(t, mt, s.MatchType())