[#40] status: Introduce CONTAINER_ACCESS_DENIED status

* Add a new status CONTAINER_ACCESS_DENIED. * Fix descriptions for methods of container and object services. * Also regenerate md docs. Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-05 12:36:58 +03:00 · 2024-03-05 12:36:58 +03:00 · 07eb6a438c
commit 07eb6a438c
parent 46dd3885d2
12 changed files with 411 additions and 194 deletions
--- a/proto-docs/object.md
+++ b/proto-docs/object.md
@ -35,6 +35,10 @@
    - [PutRequest.Body.Init](#neo.fs.v2.object.PutRequest.Body.Init)
    - [PutResponse](#neo.fs.v2.object.PutResponse)
    - [PutResponse.Body](#neo.fs.v2.object.PutResponse.Body)
+    - [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest)
+    - [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body)
+    - [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse)
+    - [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body)
    - [Range](#neo.fs.v2.object.Range)
    - [SearchRequest](#neo.fs.v2.object.SearchRequest)
    - [SearchRequest.Body](#neo.fs.v2.object.SearchRequest.Body)
@ -46,8 +50,11 @@
 - [object/types.proto](#object/types.proto)

  - Messages
+    - [ECInfo](#neo.fs.v2.object.ECInfo)
+    - [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk)
    - [Header](#neo.fs.v2.object.Header)
    - [Header.Attribute](#neo.fs.v2.object.Header.Attribute)
+    - [Header.EC](#neo.fs.v2.object.Header.EC)
    - [Header.Split](#neo.fs.v2.object.Header.Split)
    - [Object](#neo.fs.v2.object.Object)
    - [ShortHeader](#neo.fs.v2.object.ShortHeader)
@ -80,17 +87,18 @@ rpc Head(HeadRequest) returns (HeadResponse);
 rpc Search(SearchRequest) returns (stream SearchResponse);
 rpc GetRange(GetRangeRequest) returns (stream GetRangeResponse);
 rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse);
+rpc PutSingle(PutSingleRequest) returns (PutSingleResponse);

 ```

 #### Method Get

 Receive full object structure, including Headers and payload. Response uses
-gRPC stream. First response message carries the object with the requested address.
-Chunk messages are parts of the object's payload if it is needed. All
-messages, except the first one, carry payload chunks. The requested object can
-be restored by concatenation of object message payload and all chunks
-keeping the receiving order.
+gRPC stream. First response message carries the object with the requested
+address. Chunk messages are parts of the object's payload if it is needed.
+All messages, except the first one, carry payload chunks. The requested
+object can be restored by concatenation of object message payload and all
+chunks keeping the receiving order.

 Extended headers can change `Get` behaviour:
 * [ __SYSTEM__NETMAP_EPOCH ] \
@ -99,9 +107,10 @@ Extended headers can change `Get` behaviour:
  calculation.
 * [ __SYSTEM__NETMAP_LOOKUP_DEPTH ] \
  (`__NEOFS__NETMAP_LOOKUP_DEPTH` is deprecated) \
-  Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH` (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or
-  the latest one otherwise) of Network Map to find an object until the depth
-  limit is reached.
+  Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH`
+  (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or the latest one
+  otherwise) of Network Map to find an object until the depth limit is
+  reached.

 Please refer to detailed `XHeader` description.

@ -117,6 +126,8 @@ Statuses:
  the requested object has been marked as deleted;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

@ -147,15 +158,18 @@ Statuses:
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
  write access to the container is denied;
 - **LOCKED** (2050, SECTION_OBJECT): \
-  placement of an object of type TOMBSTONE that includes at least one locked
-  object is prohibited;
+  placement of an object of type TOMBSTONE that includes at least one
+  locked object is prohibited;
 - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
  placement of an object of type LOCK that includes at least one object of
  type other than REGULAR is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object storage container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied;
 - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
-  (for trusted object preparation) session private key does not exist or has
+  (for trusted object preparation) session private key does not exist or
+  has
 been deleted;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -182,10 +196,15 @@ Statuses:
 - Common failures (SECTION_FAILURE_COMMON);
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
  delete access to the object is denied;
+- **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+  the object could not be deleted because it has not been \
+  found within the container;
 - **LOCKED** (2050, SECTION_OBJECT): \
  deleting a locked object is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

@ -218,6 +237,8 @@ Statuses:
  the requested object has been marked as deleted;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

@ -246,6 +267,8 @@ Statuses:
  access to operation SEARCH of the object is denied;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  search container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

@ -256,8 +279,8 @@ Statuses:

 Get byte range of data payload. Range is set as an (offset, length) tuple.
 Like in `Get` method, the response uses gRPC stream. Requested range can be
-restored by concatenation of all received payload chunks keeping the receiving
-order.
+restored by concatenation of all received payload chunks keeping the
+receiving order.

 Extended headers can change `GetRange` behaviour:
 * [ __SYSTEM__NETMAP_EPOCH ] \
@ -285,6 +308,8 @@ Statuses:
  the requested range is out of bounds;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

@ -322,12 +347,54 @@ Statuses:
  the requested range is out of bounds;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.

 | Name | Input | Output |
 | ---- | ----- | ------ |
 | GetRangeHash | [GetRangeHashRequest](#neo.fs.v2.object.GetRangeHashRequest) | [GetRangeHashResponse](#neo.fs.v2.object.GetRangeHashResponse) |
+#### Method PutSingle
+
+Put the prepared object into container.
+`ContainerID`, `ObjectID`, `OwnerID`, `PayloadHash` and `PayloadLength` of
+an object MUST be set.
+
+Extended headers can change `Put` behaviour:
+* [ __SYSTEM__NETMAP_EPOCH \
+  (`__NEOFS__NETMAP_EPOCH` is deprecated) \
+  Will use the requested version of Network Map for object placement
+  calculation.
+
+Please refer to detailed `XHeader` description.
+
+Statuses:
+- **OK** (0, SECTION_SUCCESS): \
+  object has been successfully saved in the container;
+- Common failures (SECTION_FAILURE_COMMON);
+- **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+  write access to the container is denied;
+- **LOCKED** (2050, SECTION_OBJECT): \
+  placement of an object of type TOMBSTONE that includes at least one
+  locked object is prohibited;
+- **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
+  placement of an object of type LOCK that includes at least one object of
+  type other than REGULAR is prohibited;
+- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+  object storage container not found;
+- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
+  access to container is denied; 
+- **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
+  (for trusted object preparation) session private key does not exist or
+  has
+been deleted;
+- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+  provided session token has expired.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| PutSingle | [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest) | [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse) |
 <!-- end services -->


@ -484,6 +551,7 @@ chunks.
 | ----- | ---- | ----- | ----------- |
 | chunk | [bytes](#bytes) |  | Chunked object payload's range. |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy. |
+| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |


 <a name="neo.fs.v2.object.GetRequest"></a>
@ -535,6 +603,7 @@ GET Object Response body
 | init | [GetResponse.Body.Init](#neo.fs.v2.object.GetResponse.Body.Init) |  | Initial part of the object stream |
 | chunk | [bytes](#bytes) |  | Chunked object payload |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy for object assembly. |
+| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |


 <a name="neo.fs.v2.object.GetResponse.Body.Init"></a>
@ -601,6 +670,7 @@ Object HEAD response body
 | header | [HeaderWithSignature](#neo.fs.v2.object.HeaderWithSignature) |  | Full object's `Header` with `ObjectID` signature |
 | short_header | [ShortHeader](#neo.fs.v2.object.ShortHeader) |  | Short object header |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy. |
+| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |


 <a name="neo.fs.v2.object.HeaderWithSignature"></a>
@ -685,6 +755,51 @@ PUT Object response body
 | object_id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Identifier of the saved object |


+<a name="neo.fs.v2.object.PutSingleRequest"></a>
+
+### Message PutSingleRequest
+Object PUT Single request
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| body | [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body) |  | Body of put single object request message. |
+| meta_header | [neo.fs.v2.session.RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) |  | Carries request meta information. Header data is used only to regulate message transport and does not affect request execution. |
+| verify_header | [neo.fs.v2.session.RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) |  | Carries request verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. |
+
+
+<a name="neo.fs.v2.object.PutSingleRequest.Body"></a>
+
+### Message PutSingleRequest.Body
+PUT Single request body
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| object | [Object](#neo.fs.v2.object.Object) |  | Prepared object with payload. |
+| copies_number | [uint32](#uint32) | repeated | Number of copies of the object to store within the RPC call. By default, object is processed according to the container's placement policy. Every number is treated as a minimal number of nodes in a corresponding placement vector that must store an object to complete the request successfully. The length MUST equal the placement vectors number, otherwise request is considered malformed. |
+
+
+<a name="neo.fs.v2.object.PutSingleResponse"></a>
+
+### Message PutSingleResponse
+Object PUT Single response
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| body | [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body) |  | Body of put single object response message. |
+| meta_header | [neo.fs.v2.session.ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) |  | Carries response meta information. Header data is used only to regulate message transport and does not affect request execution. |
+| verify_header | [neo.fs.v2.session.ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) |  | Carries response verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. |
+
+
+<a name="neo.fs.v2.object.PutSingleResponse.Body"></a>
+
+### Message PutSingleResponse.Body
+PUT Single Object response body
+
+
+
 <a name="neo.fs.v2.object.Range"></a>

 ### Message Range
@ -726,11 +841,11 @@ Object Search request body
 <a name="neo.fs.v2.object.SearchRequest.Body.Filter"></a>

 ### Message SearchRequest.Body.Filter
-Filter structure checks if the object header field or the attribute content
-matches a value.
+Filter structure checks if the object header field or the attribute
+content matches a value.

 If no filters are set, search request will return all objects of the
-container, including Regular object, Tombstones and Storage Group
+container, including Regular object and Tombstone
 objects. Most human users expect to get only object they can directly
 work with. In that case, `$Object:ROOT` filter should be used.

@ -765,11 +880,11 @@ There are some well-known filter aliases to match objects by certain
 properties:

 * $Object:ROOT \
-  Returns only `REGULAR` type objects that are not split or that are the top
-  level root objects in a split hierarchy. This includes objects not
+  Returns only `REGULAR` type objects that are not split or that are the
+  top level root objects in a split hierarchy. This includes objects not
  present physically, like large objects split into smaller objects
  without a separate top-level root object. Objects of other types like
-  StorageGroups and Tombstones will not be shown. This filter may be
+  Locks and Tombstones will not be shown. This filter may be
  useful for listing objects like `ls` command of some virtual file
  system. This filter is activated if the `key` exists, disregarding the
  value and matcher type.
@ -778,8 +893,8 @@ properties:
  activated if the `key` exists, disregarding the value and matcher type.

 Note: using filters with a key with prefix `$Object:` and match type
-`NOT_PRESENT `is not recommended since this is not a cross-version approach.
-Behavior when processing this kind of filters is undefined.
+`NOT_PRESENT `is not recommended since this is not a cross-version
+approach. Behavior when processing this kind of filters is undefined.


 | Field | Type | Label | Description |
@ -827,6 +942,30 @@ Object Search response body
 <!-- end services -->


+<a name="neo.fs.v2.object.ECInfo"></a>
+
+### Message ECInfo
+Meta information for the erasure-encoded object.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| chunks | [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk) | repeated | Chunk stored on the node. |
+
+
+<a name="neo.fs.v2.object.ECInfo.Chunk"></a>
+
+### Message ECInfo.Chunk
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Object ID of the chunk. |
+| index | [uint32](#uint32) |  | Index of the chunk. |
+| total | [uint32](#uint32) |  | Total number of chunks in this split. |
+
+
 <a name="neo.fs.v2.object.Header"></a>

 ### Message Header
@ -846,6 +985,7 @@ Object Header
 | session_token | [neo.fs.v2.session.SessionToken](#neo.fs.v2.session.SessionToken) |  | Session token, if it was used during Object creation. Need it to verify integrity and authenticity out of Request scope. |
 | attributes | [Header.Attribute](#neo.fs.v2.object.Header.Attribute) | repeated | User-defined object attributes |
 | split | [Header.Split](#neo.fs.v2.object.Header.Split) |  | Position of the object in the split hierarchy |
+| ec | [Header.EC](#neo.fs.v2.object.Header.EC) |  | Erasure code chunk information. |


 <a name="neo.fs.v2.object.Header.Attribute"></a>
@ -858,15 +998,16 @@ Key name must be an object-unique valid UTF-8 string. Value can't be empty.
 Objects with duplicated attribute names or attributes with empty values
 will be considered invalid.

-There are some "well-known" attributes starting with `__SYSTEM__` (`__NEOFS__` is deprecated) prefix
-that affect system behaviour:
+There are some "well-known" attributes starting with `__SYSTEM__`
+(`__NEOFS__` is deprecated) prefix that affect system behaviour:

 * [ __SYSTEM__UPLOAD_ID ] \
  (`__NEOFS__UPLOAD_ID` is deprecated) \
  Marks smaller parts of a split bigger object
 * [ __SYSTEM__EXPIRATION_EPOCH ] \
  (`__NEOFS__EXPIRATION_EPOCH` is deprecated) \
-  Tells GC to delete object after that epoch
+  The epoch after which object with no LOCKs on it becomes unavailable.
+  Locked object continues to be available until each of the LOCKs expire.
 * [ __SYSTEM__TICK_EPOCH ] \
  (`__NEOFS__TICK_EPOCH` is deprecated) \
  Decimal number that defines what epoch must produce
@ -905,6 +1046,23 @@ corresponding section in NeoFS Technical Specification.
 | value | [string](#string) |  | string value of the object attribute |


+<a name="neo.fs.v2.object.Header.EC"></a>
+
+### Message Header.EC
+Erasure code can be applied to any object.
+Information about encoded object structure is stored in `EC` header.
+All objects belonging to a single EC group have the same `parent` field.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| parent | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Identifier of the origin object. Known to all chunks. |
+| index | [uint32](#uint32) |  | Index of this chunk. |
+| total | [uint32](#uint32) |  | Total number of chunks in this split. |
+| header_length | [uint32](#uint32) |  | Total length of a parent header. Used to trim padding zeroes. |
+| header | [bytes](#bytes) |  | Chunk of a parent header. |
+
+
 <a name="neo.fs.v2.object.Header.Split"></a>

 ### Message Header.Split
@ -928,8 +1086,8 @@ must be within the same container.

 ### Message Object
 Object structure. Object is immutable and content-addressed. It means
-`ObjectID` will change if the header or the payload changes. It's calculated as a
-hash of header field which contains hash of the object's payload.
+`ObjectID` will change if the header or the payload changes. It's calculated
+as a hash of header field which contains hash of the object's payload.

 For non-regular object types payload format depends on object type specified
 in the header.
@ -965,8 +1123,8 @@ Short header fields
 ### Message SplitInfo
 Meta information of split hierarchy for object assembly. With the last part
 one can traverse linked list of split hierarchy back to the first part and
-assemble the original object. With a linking object one can assemble an object
-right from the object parts.
+assemble the original object. With a linking object one can assemble an
+object right from the object parts.


 | Field | Type | Label | Description |
@ -997,20 +1155,18 @@ Type of match expression

 ### ObjectType
 Type of the object payload content. Only `REGULAR` type objects can be split,
-hence `TOMBSTONE`, `STORAGE_GROUP` and `LOCK` payload is limited by the maximum
-object size.
+hence `TOMBSTONE` and `LOCK` payload is limited by the
+maximum object size.

 String presentation of object type is the same as definition:
 * REGULAR
 * TOMBSTONE
-* STORAGE_GROUP
 * LOCK

 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | REGULAR | 0 | Just a normal object |
 | TOMBSTONE | 1 | Used internally to identify deleted objects |
-| STORAGE_GROUP | 2 | StorageGroup information |
 | LOCK | 3 | Object lock |