frostfs-node/pkg/services/object/acl/ape_request.go
Airat Arifullin 8e11ef46b8 [#770] object: Introduce ape chain checker for object svc
* Introduce Request type converted from RequestInfo type
  to implement policy-engine's Request interface
* Implement basic ape checker to check if a request is
  permitted to be performed
* Make put handlers use APE checker instead EACL

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2023-11-08 13:34:03 +00:00

105 lines
2.2 KiB
Go

package acl
import (
"fmt"
v2 "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/acl/v2"
aclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
policyengine "git.frostfs.info/TrueCloudLab/policy-engine"
)
type Request struct {
operation string
resource *resource
properties map[string]string
}
var _ policyengine.Request = (*Request)(nil)
type resource struct {
name string
properties map[string]string
}
var _ policyengine.Resource = (*resource)(nil)
func (r *resource) Name() string {
return r.name
}
func (r *resource) Property(key string) string {
return r.properties[key]
}
// TODO (aarifullin): these stringified verbs, properties and namespaces
// should be non-implementation-specific.
func getResource(reqInfo v2.RequestInfo) *resource {
cid := reqInfo.ContainerID()
oid := "*"
if reqOID := reqInfo.ObjectID(); reqOID != nil {
oid = reqOID.EncodeToString()
}
name := fmt.Sprintf("native:::object/%s/%s",
cid,
oid)
return &resource{
name: name,
properties: make(map[string]string),
}
}
func getProperties(_ v2.RequestInfo) map[string]string {
return map[string]string{
"Actor": "",
}
}
// TODO (aarifullin): these stringified verbs, properties and namespaces
// should be non-implementation-specific.
func getOperation(reqInfo v2.RequestInfo) string {
var verb string
switch op := reqInfo.Operation(); op {
case aclSDK.OpObjectGet:
verb = "GetObject"
case aclSDK.OpObjectHead:
verb = "HeadObject"
case aclSDK.OpObjectPut:
verb = "PutObject"
case aclSDK.OpObjectDelete:
verb = "DeleteObject"
case aclSDK.OpObjectSearch:
verb = "SearchObject"
case aclSDK.OpObjectRange:
verb = "RangeObject"
case aclSDK.OpObjectHash:
verb = "HashObject"
}
return "native:" + verb
}
func NewRequest() *Request {
return &Request{
resource: new(resource),
properties: map[string]string{},
}
}
func (r *Request) FromRequestInfo(ri v2.RequestInfo) {
r.operation = getOperation(ri)
r.resource = getResource(ri)
r.properties = getProperties(ri)
}
func (r *Request) Operation() string {
return r.operation
}
func (r *Request) Property(key string) string {
return r.properties[key]
}
func (r *Request) Resource() policyengine.Resource {
return r.resource
}