[#283] Support frostfsid groups in policy request checking

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-13 17:44:18 +03:00 · 2023-12-13 17:44:18 +03:00 · 5698d5844e
commit 5698d5844e
parent 43cae9ee04
11 changed files with 92 additions and 56 deletions
--- a/api/router.go
+++ b/api/router.go
@ -96,6 +96,11 @@ type Settings interface {
 	s3middleware.MetricsSettings
 }

+type FrostFSID interface {
+	s3middleware.FrostFSIDValidator
+	s3middleware.FrostFSIDInformer
+}
+
 type Config struct {
 	Throttle middleware.ThrottleOpts
 	Handler  Handler
@ -108,8 +113,9 @@ type Config struct {
 	// Domains optional. If empty no virtual hosted domains will be attached.
 	Domains []string

-	// FrostfsID optional. If nil middleware.FrostfsIDValidation won't be attached.
-	FrostfsID s3middleware.FrostFSID
+	FrostfsID FrostFSID
+
+	FrostFSIDValidation bool

 	PolicyChecker engine.ChainRouter
 }
@ -126,13 +132,11 @@ func NewRouter(cfg Config) *chi.Mux {
 		s3middleware.Auth(cfg.Center, cfg.Log),
 	)

-	if cfg.FrostfsID != nil {
+	if cfg.FrostFSIDValidation {
 		api.Use(s3middleware.FrostfsIDValidation(cfg.FrostfsID, cfg.Log))
 	}

-	if cfg.PolicyChecker != nil {
-		api.Use(s3middleware.PolicyCheck(cfg.PolicyChecker, cfg.MiddlewareSettings, cfg.Domains, cfg.Log))
-	}
+	api.Use(s3middleware.PolicyCheck(cfg.PolicyChecker, cfg.FrostfsID, cfg.MiddlewareSettings, cfg.Domains, cfg.Log))

 	defaultRouter := chi.NewRouter()
 	defaultRouter.Mount(fmt.Sprintf("/{%s}", s3middleware.BucketURLPrm), bucketRouter(cfg.Handler, cfg.Log))