7d72061fb3
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
166 lines
3.9 KiB
Protocol Buffer
166 lines
3.9 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package neo.fs.v2.acl;
|
|
|
|
option go_package = "github.com/nspcc-dev/neofs-api-go/v2/acl/grpc;acl";
|
|
option csharp_namespace = "NeoFS.API.v2.Acl";
|
|
|
|
import "refs/types.proto";
|
|
|
|
// Target of the access control rule in access control list.
|
|
enum Target {
|
|
// Unspecified target, default value.
|
|
TARGET_UNSPECIFIED= 0;
|
|
|
|
// User target rule is applied if sender is the owner of the container.
|
|
USER = 1;
|
|
|
|
// System target rule is applied if sender is the storage node within the
|
|
// container or inner ring node.
|
|
SYSTEM = 2;
|
|
|
|
// Others target rule is applied if sender is not user or system target.
|
|
OTHERS = 3;
|
|
}
|
|
|
|
// MatchType is an enumeration of match types.
|
|
enum MatchType {
|
|
// Unspecified match type, default value.
|
|
MATCH_TYPE_UNSPECIFIED = 0;
|
|
|
|
// Return true if strings are equal
|
|
STRING_EQUAL = 1;
|
|
|
|
// Return true if strings are different
|
|
STRING_NOT_EQUAL = 2;
|
|
}
|
|
|
|
// Operation is an enumeration of operation types.
|
|
enum Operation {
|
|
// Unspecified operation, default value.
|
|
OPERATION_UNSPECIFIED = 0;
|
|
|
|
// Get
|
|
GET = 1;
|
|
|
|
// Head
|
|
HEAD = 2;
|
|
|
|
// Put
|
|
PUT = 3;
|
|
|
|
// Delete
|
|
DELETE = 4;
|
|
|
|
// Search
|
|
SEARCH = 5;
|
|
|
|
// GetRange
|
|
GETRANGE = 6;
|
|
|
|
// GetRangeHash
|
|
GETRANGEHASH = 7;
|
|
}
|
|
|
|
// Action is an enumeration of EACL actions.
|
|
enum Action {
|
|
// Unspecified action, default value.
|
|
ACTION_UNSPECIFIED = 0;
|
|
|
|
// Allow action
|
|
ALLOW = 1;
|
|
|
|
// Deny action
|
|
DENY = 2;
|
|
}
|
|
|
|
// Header is an enumeration of filtering header types.
|
|
enum HeaderType {
|
|
// Unspecified header, default value.
|
|
HEADER_UNSPECIFIED = 0;
|
|
|
|
// Filter request headers
|
|
REQUEST = 1;
|
|
|
|
// Filter object headers
|
|
OBJECT = 2;
|
|
}
|
|
|
|
// EACLRecord groups information about extended ACL rule.
|
|
message EACLRecord {
|
|
// Operation carries type of operation.
|
|
Operation operation = 1 [json_name = "Operation"];
|
|
|
|
// Action carries ACL target action.
|
|
Action action = 2 [json_name = "Action"];
|
|
|
|
// FilterInfo groups information about filter.
|
|
message FilterInfo {
|
|
// Header carries type of header.
|
|
HeaderType header = 1 [json_name = "HeaderType"];
|
|
|
|
// MatchType carries type of match.
|
|
MatchType match_type = 2 [json_name = "MatchType"];
|
|
|
|
// header_name carries name of filtering header.
|
|
string header_name = 3 [json_name="Name"];
|
|
|
|
// header_val carries value of filtering header.
|
|
string header_val = 4 [json_name="Value"];
|
|
}
|
|
|
|
// filters carries set of filters.
|
|
repeated FilterInfo filters = 3 [json_name="Filters"];
|
|
|
|
// TargetInfo groups information about extended ACL target.
|
|
message TargetInfo {
|
|
// target carries target of ACL rule.
|
|
Target target = 1 [json_name="Role"];
|
|
|
|
// key_list carries public keys of ACL target.
|
|
repeated bytes key_list = 2 [json_name="Keys"];
|
|
}
|
|
// targets carries information about extended ACL target list.
|
|
repeated TargetInfo targets = 4 [json_name="Targets"];
|
|
}
|
|
|
|
// EACLRecord carries the information about extended ACL rules.
|
|
message EACLTable {
|
|
// Carries identifier of the container that should use given
|
|
// access control rules.
|
|
neo.fs.v2.refs.ContainerID container_id = 1 [json_name="ContainerID"];
|
|
|
|
// Records carries list of extended ACL rule records.
|
|
repeated EACLRecord records = 2 [json_name="Records"];
|
|
}
|
|
|
|
// BearerToken has information about request ACL rules with limited lifetime
|
|
message BearerToken {
|
|
// Bearer Token body
|
|
message Body {
|
|
// EACLTable carries table of extended ACL rules
|
|
EACLTable eacl_table = 1;
|
|
|
|
// OwnerID carries identifier of the token owner
|
|
neo.fs.v2.refs.OwnerID owner_id = 2;
|
|
|
|
// Lifetime parameters of the token. Filed names taken from rfc7519.
|
|
message TokenLifetime {
|
|
// Expiration Epoch
|
|
uint64 exp = 1;
|
|
|
|
// Not valid before Epoch
|
|
uint64 nbf = 2;
|
|
|
|
// Issued at Epoch
|
|
uint64 iat = 3;
|
|
}
|
|
// Token expiration and valid time period parameters
|
|
TokenLifetime lifetime = 3;
|
|
}
|
|
// Bearer Token body
|
|
Body body = 1;
|
|
|
|
// Signature of BearerToken body
|
|
neo.fs.v2.refs.Signature signature = 2;
|
|
}
|