[#842] control: Pass target instead resource name

* Update policy-engine package version in go.mod, go.sum. * Refactor CheckIfRequestPermitted: pass container target instead container ID. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-12-05 13:26:09 +03:00 · 2023-12-05 13:26:09 +03:00 · e361e017f3
commit e361e017f3
parent 39060382a1
4 changed files with 11 additions and 8 deletions
--- a/pkg/services/object/acl/ape.go
+++ b/pkg/services/object/acl/ape.go
@ -9,6 +9,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 )

 var errAPEChainNoSource = errors.New("could not get ape chain source for the container")
@ -36,7 +37,9 @@ func (c *apeCheckerImpl) CheckIfRequestPermitted(reqInfo v2.RequestInfo) error {
 	request := new(Request)
 	request.FromRequestInfo(reqInfo)

-	status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, "", request)
+	cnrTarget := getResource(reqInfo).Name()
+
+	status, ruleFound, err := chainCache.IsAllowed(apechain.Ingress, policyengine.NewRequestTargetWithContainer(cnrTarget), request)
 	if err != nil {
 		return err
 	}