This repository has been archived on 2024-09-11. You can view files and clone it, but cannot push or open issues or pull requests.
frostfs-rest-gw/static/doc/doc.md
Denis Kirillov 5bee10d096 [#15] Add docs
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-07-12 11:36:32 +03:00

3.6 KiB

neofs-rest-gw

NeoFS REST Gateway bridges NeoFS internal protocol and REST API server.

Open API specification

See full API spec.

Basic concept

Using this API you can interact with NeoFS nodes and manage containers and objects.

Container

To create container you must provide PlacementPolicy and BasicACL.

Placement policy

Placement policy allows you control where and how container (and its object) is stored. For example, you want to store 3 copy of every object, so you can use the following policy:

REP 3

More about policy.

Basic ACL

Basic ACL is a part of the container structure, and it is always created simultaneously with the container. Therefore, it is never subject to any changes. It is a 32-bit integer with a bit field in the following format:

acl-basic
Symbol Meaning Description
B Bearer Allows using Bear Token ACL rules to replace eACL rules
U User The owner of the container identified by the public key linked to the container
S System Inner Ring and/or container nodes in the current version of network map
IR nodes can only perform GetRangeHash, Head, and Search necessary for data audit.
Container nodes can only do things required for the replication.
O Others Clients that do not match any of the categories above
F Final Flag denying Extended ACL. If set, Basic ACL check is final, Extended ACL is ignored
X Sticky Flag denying different owners of the request and the object
If set, object in Put request must have one Owner and be signed with the same signature
If not set, the object must be correct but can be of any owner.
The nodes falling for SYSTEM role are exception from this rule. For them the bit is ignored.
0 Deny Denies operation of the identified category
1 Allow Allows operation of the identified category

To upload objects with bearer token your container must have Bearer bits set. For example, you can use 0x0FBFBFFF or predefined eacl-public-read-write values.

Also don't forget set appropriate eACL to restrict your container.

More about ACL.

Object

To create object you must provide containerId and fileName. Additionally, you can provide payload (base64 encoded data) and attributes.

Attribute is key value data that is stored with object. Key and value must be in utf8 format and must not be empty.

Valid attribute:

  • MyAttribute: 'some value'

Invalid attribute:

  • MyAttribute: ''

Also, you can use this attribute to further object searching.

Status codes

More about NeoFS status code you can find here.