lib
This commit is contained in:
@@ -141,6 +141,11 @@ type Peer struct {
|
||||
// Null when the peer has not registered any organization data.
|
||||
Organization *organization.Organization `json:"organization,omitempty" bson:"organization,omitempty"`
|
||||
|
||||
// PolicyID references the Policy document that governs which inbound
|
||||
// libp2p streams are authorized for this peer.
|
||||
// When empty, all non-vital streams are denied by default.
|
||||
PolicyID string `json:"policy_id,omitempty" bson:"policy_id,omitempty"`
|
||||
|
||||
// Volatile connectivity state — never persisted to DB (bson:"-").
|
||||
// Set in-memory by oc-peer when it receives a PEER_OBSERVE_RESPONSE_EVENT.
|
||||
// Considered offline when LastHeartbeat is older than 60 s (30 s interval + 30 s grace).
|
||||
@@ -157,6 +162,11 @@ func (ri *Peer) Extend(typ ...string) map[string][]tools.DataType {
|
||||
ext[t] = []tools.DataType{}
|
||||
}
|
||||
ext[t] = append(ext[t], tools.PEER)
|
||||
case "policy":
|
||||
if _, ok := ext[t]; !ok {
|
||||
ext[t] = []tools.DataType{}
|
||||
}
|
||||
ext[t] = append(ext[t], tools.POLICY)
|
||||
}
|
||||
}
|
||||
return ext
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"cloud.o-forge.io/core/oc-lib/models/utils"
|
||||
"cloud.o-forge.io/core/oc-lib/tools"
|
||||
)
|
||||
|
||||
// Policy defines which inbound libp2p streams are authorized for a peer.
|
||||
// Vital streams (planner, considers, minio/admiralty config, source-presign,
|
||||
// verify, observe, heartbeat) are always allowed regardless of policy.
|
||||
type Policy struct {
|
||||
utils.AbstractObject
|
||||
|
||||
// Resource CRUD
|
||||
AllowSearch bool `json:"allow_search" bson:"allow_search"`
|
||||
AllowCreate bool `json:"allow_create" bson:"allow_create"`
|
||||
AllowUpdate bool `json:"allow_update" bson:"allow_update"`
|
||||
AllowDelete bool `json:"allow_delete" bson:"allow_delete"`
|
||||
|
||||
// Resource freshness tracking
|
||||
AllowRegisterWatcher bool `json:"allow_register_watcher" bson:"allow_register_watcher"`
|
||||
AllowUnregisterWatcher bool `json:"allow_unregister_watcher" bson:"allow_unregister_watcher"`
|
||||
|
||||
// Organization partner confirmation
|
||||
AllowOrgPartnerConfirm bool `json:"allow_org_partner_confirm" bson:"allow_org_partner_confirm"`
|
||||
}
|
||||
|
||||
func (p *Policy) GetAccessor(request *tools.APIRequest) utils.Accessor {
|
||||
return NewAccessor(request)
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"cloud.o-forge.io/core/oc-lib/dbs"
|
||||
"cloud.o-forge.io/core/oc-lib/logs"
|
||||
"cloud.o-forge.io/core/oc-lib/models/utils"
|
||||
"cloud.o-forge.io/core/oc-lib/tools"
|
||||
)
|
||||
|
||||
type policyMongoAccessor struct {
|
||||
utils.AbstractAccessor[*Policy]
|
||||
}
|
||||
|
||||
func NewAccessor(request *tools.APIRequest) *policyMongoAccessor {
|
||||
return &policyMongoAccessor{
|
||||
AbstractAccessor: utils.AbstractAccessor[*Policy]{
|
||||
Logger: logs.CreateLogger(tools.POLICY.String()),
|
||||
Request: request,
|
||||
Type: tools.POLICY,
|
||||
New: func() *Policy { return &Policy{} },
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (a *policyMongoAccessor) GetObjectFilters(search string) *dbs.Filters {
|
||||
return &dbs.Filters{
|
||||
Or: map[string][]dbs.Filter{
|
||||
"abstractobject.name": {{Operator: dbs.LIKE.String(), Value: search}},
|
||||
},
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user