syntax = "proto3"; package neo.fs.v2.acl; option go_package = "github.com/nspcc-dev/neofs-api-go/v2/acl/grpc;acl"; option csharp_namespace = "NeoFS.API.v2.Acl"; import "refs/types.proto"; // Target of the access control rule in access control list. enum Target { // Unspecified target, default value. TARGET_UNSPECIFIED= 0; // User target rule is applied if sender is the owner of the container. USER = 1; // System target rule is applied if sender is the storage node within the // container or inner ring node. SYSTEM = 2; // Others target rule is applied if sender is not user or system target. OTHERS = 3; } // MatchType is an enumeration of match types. enum MatchType { // Unspecified match type, default value. MATCH_TYPE_UNSPECIFIED = 0; // Return true if strings are equal STRING_EQUAL = 1; // Return true if strings are different STRING_NOT_EQUAL = 2; } // Operation is an enumeration of operation types. enum Operation { // Unspecified operation, default value. OPERATION_UNSPECIFIED = 0; // Get GET = 1; // Head HEAD = 2; // Put PUT = 3; // Delete DELETE = 4; // Search SEARCH = 5; // GetRange GETRANGE = 6; // GetRangeHash GETRANGEHASH = 7; } // Action is an enumeration of EACL actions. enum Action { // Unspecified action, default value. ACTION_UNSPECIFIED = 0; // Allow action ALLOW = 1; // Deny action DENY = 2; } // Header is an enumeration of filtering header types. enum HeaderType { // Unspecified header, default value. HEADER_UNSPECIFIED = 0; // Filter request headers REQUEST = 1; // Filter object headers OBJECT = 2; } // EACLRecord groups information about extended ACL rule. message EACLRecord { // Operation carries type of operation. Operation operation = 1 [json_name = "Operation"]; // Action carries ACL target action. Action action = 2 [json_name = "Action"]; // FilterInfo groups information about filter. message FilterInfo { // Header carries type of header. HeaderType header = 1 [json_name = "HeaderType"]; // MatchType carries type of match. MatchType match_type = 2 [json_name = "MatchType"]; // header_name carries name of filtering header. string header_name = 3 [json_name="Name"]; // header_val carries value of filtering header. string header_val = 4 [json_name="Value"]; } // filters carries set of filters. repeated FilterInfo filters = 3 [json_name="Filters"]; // TargetInfo groups information about extended ACL target. message TargetInfo { // target carries target of ACL rule. Target target = 1 [json_name="Role"]; // key_list carries public keys of ACL target. repeated bytes key_list = 2 [json_name="Keys"]; } // targets carries information about extended ACL target list. repeated TargetInfo targets = 4 [json_name="Targets"]; } // EACLRecord carries the information about extended ACL rules. message EACLTable { // Carries identifier of the container that should use given // access control rules. neo.fs.v2.refs.ContainerID container_id = 1 [json_name="ContainerID"]; // Records carries list of extended ACL rule records. repeated EACLRecord records = 2 [json_name="Records"]; } // BearerToken has information about request ACL rules with limited lifetime message BearerToken { // Bearer Token body message Body { // EACLTable carries table of extended ACL rules EACLTable eacl_table = 1; // OwnerID carries identifier of the token owner neo.fs.v2.refs.OwnerID owner_id = 2; // Lifetime parameters of the token. Filed names taken from rfc7519. message TokenLifetime { // Expiration Epoch uint64 exp = 1; // Not valid before Epoch uint64 nbf = 2; // Issued at Epoch uint64 iat = 3; } // Token expiration and valid time period parameters TokenLifetime lifetime = 3; } // Bearer Token body Body body = 1; // Signature of BearerToken body neo.fs.v2.refs.Signature signature = 2; }