forked from TrueCloudLab/frostfs-sdk-go
[#36] eacl: add eACL table to ValidationUnit
Improve SDK usability a bit: 1. Replace bearer and storage with a single eACL table. This way caller can implement it's own behaviour for missing eACL. 2. Remove logging. SDK library shouldn't be dependent on a specific logger. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov
Alex Vanin
parent
8c5a596ea2
commit
f83ff628fb
4 changed files with 28 additions and 141 deletions
|
|
@ -2,29 +2,17 @@ package eacl
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
// Validator is a tool that calculates
|
||||
// the action on a request according
|
||||
// to the extended ACL rule table.
|
||||
type Validator struct {
|
||||
*cfg
|
||||
}
|
||||
|
||||
// NewValidator creates and initializes a new Validator using options.
|
||||
func NewValidator(opts ...Option) *Validator {
|
||||
cfg := defaultCfg()
|
||||
|
||||
for i := range opts {
|
||||
opts[i](cfg)
|
||||
}
|
||||
|
||||
return &Validator{
|
||||
cfg: cfg,
|
||||
}
|
||||
func NewValidator() *Validator {
|
||||
return &Validator{}
|
||||
}
|
||||
|
||||
// CalculateAction calculates action on the request according
|
||||
|
|
@ -33,40 +21,9 @@ func NewValidator(opts ...Option) *Validator {
|
|||
// The action is calculated according to the application of
|
||||
// eACL table of rules to the request.
|
||||
//
|
||||
// If the eACL table is not available at the time of the call,
|
||||
// ActionUnknown is returned.
|
||||
//
|
||||
// If no matching table entry is found, ActionAllow is returned.
|
||||
func (v *Validator) CalculateAction(unit *ValidationUnit) Action {
|
||||
var (
|
||||
err error
|
||||
table *Table
|
||||
)
|
||||
|
||||
if unit.bearer != nil {
|
||||
table = NewTableFromV2(unit.bearer.GetBody().GetEACL())
|
||||
} else {
|
||||
// get eACL table by container ID
|
||||
table, err = v.storage.GetEACL(unit.cid)
|
||||
if err != nil {
|
||||
if errors.Is(err, ErrEACLNotFound) {
|
||||
return ActionAllow
|
||||
}
|
||||
|
||||
v.logger.Error("could not get eACL table",
|
||||
zap.String("error", err.Error()),
|
||||
)
|
||||
|
||||
return ActionUnknown
|
||||
}
|
||||
}
|
||||
|
||||
return tableAction(unit, table)
|
||||
}
|
||||
|
||||
// tableAction calculates action on the request based on the eACL rules.
|
||||
func tableAction(unit *ValidationUnit, table *Table) Action {
|
||||
for _, record := range table.Records() {
|
||||
for _, record := range unit.table.Records() {
|
||||
// check type of operation
|
||||
if record.Operation() != unit.op {
|
||||
continue
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue