[#986] object: Introduce soft ape checks

* Soft APE check means that APE should allow request even it gets status NoRuleFound for a request. Otherwise, it is interpreted as Deny. * Soft APE check is performed if basic ACL mask is not set. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-02-14 14:14:07 +03:00 · 2024-02-14 14:14:07 +03:00 · 7cc368e188
commit 7cc368e188
parent bc9dbb26ec
6 changed files with 176 additions and 108 deletions
--- a/pkg/services/object/ape/checker_test.go
+++ b/pkg/services/object/ape/checker_test.go
@ -165,11 +165,29 @@ func TestAPECheck(t *testing.T) {
 			container: containerID,
 			object:    stringPtr(objectID),
 			methods:   methodsRequiredOID,
+			containerRules: []chain.Rule{
+				{
+					Status:  chain.Allow,
+					Actions: chain.Actions{Names: methodsRequiredOID},
+					Resources: chain.Resources{
+						Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObject, containerID, objectID)},
+					},
+				},
+			},
 		},
 		{
 			name:      "oid optional requests are allowed",
 			container: containerID,
 			methods:   methodsOptionalOID,
+			containerRules: []chain.Rule{
+				{
+					Status:  chain.Allow,
+					Actions: chain.Actions{Names: methodsOptionalOID},
+					Resources: chain.Resources{
+						Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)},
+					},
+				},
+			},
 		},
 		{
 			name:      "oid required requests are denied",