[#49] bearer: Add impersonate flag
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
f41860f9bd
commit
3ed3655f68
3 changed files with 36 additions and 7 deletions
|
|
@ -32,6 +32,8 @@ type Token struct {
|
||||||
|
|
||||||
sigSet bool
|
sigSet bool
|
||||||
sig refs.Signature
|
sig refs.Signature
|
||||||
|
|
||||||
|
impersonate bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// reads Token from the acl.BearerToken message. If checkFieldPresence is set,
|
// reads Token from the acl.BearerToken message. If checkFieldPresence is set,
|
||||||
|
|
@ -68,6 +70,8 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
|
||||||
return errors.New("missing token lifetime")
|
return errors.New("missing token lifetime")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
b.impersonate = body.GetImpersonate()
|
||||||
|
|
||||||
sig := m.GetSignature()
|
sig := m.GetSignature()
|
||||||
if b.sigSet = sig != nil; sig != nil {
|
if b.sigSet = sig != nil; sig != nil {
|
||||||
b.sig = *sig
|
b.sig = *sig
|
||||||
|
|
@ -112,6 +116,8 @@ func (b Token) fillBody() *acl.BearerTokenBody {
|
||||||
body.SetLifetime(&lifetime)
|
body.SetLifetime(&lifetime)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
body.SetImpersonate(b.impersonate)
|
||||||
|
|
||||||
return &body
|
return &body
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -208,6 +214,17 @@ func (b Token) EACLTable() eacl.Table {
|
||||||
return eacl.Table{}
|
return eacl.Table{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetImpersonate mark token as impersonate to consider token signer as request owner.
|
||||||
|
// If this field is true extended EACLTable in token body isn't processed.
|
||||||
|
func (b *Token) SetImpersonate(v bool) {
|
||||||
|
b.impersonate = v
|
||||||
|
}
|
||||||
|
|
||||||
|
// Impersonate returns true if token is impersonated.
|
||||||
|
func (b Token) Impersonate() bool {
|
||||||
|
return b.impersonate
|
||||||
|
}
|
||||||
|
|
||||||
// AssertContainer checks if the token is valid within the given container.
|
// AssertContainer checks if the token is valid within the given container.
|
||||||
//
|
//
|
||||||
// Note: cnr is assumed to refer to the issuer's container, otherwise the check
|
// Note: cnr is assumed to refer to the issuer's container, otherwise the check
|
||||||
|
|
|
||||||
26
go.mod
26
go.mod
|
|
@ -3,7 +3,7 @@ module git.frostfs.info/TrueCloudLab/frostfs-sdk-go
|
||||||
go 1.18
|
go 1.18
|
||||||
|
|
||||||
require (
|
require (
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.11.2-0.20230407123205-e6522d62a879
|
git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.15.1-0.20230413090614-b3ccd0166f50
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.0
|
git.frostfs.info/TrueCloudLab/hrw v1.2.0
|
||||||
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
git.frostfs.info/TrueCloudLab/tzhash v1.8.0
|
||||||
|
|
@ -12,7 +12,7 @@ require (
|
||||||
github.com/hashicorp/golang-lru/v2 v2.0.1
|
github.com/hashicorp/golang-lru/v2 v2.0.1
|
||||||
github.com/mr-tron/base58 v1.2.0
|
github.com/mr-tron/base58 v1.2.0
|
||||||
github.com/nspcc-dev/neo-go v0.100.1
|
github.com/nspcc-dev/neo-go v0.100.1
|
||||||
github.com/stretchr/testify v1.8.1
|
github.com/stretchr/testify v1.8.2
|
||||||
go.uber.org/atomic v1.10.0
|
go.uber.org/atomic v1.10.0
|
||||||
go.uber.org/zap v1.24.0
|
go.uber.org/zap v1.24.0
|
||||||
)
|
)
|
||||||
|
|
@ -20,25 +20,37 @@ require (
|
||||||
require (
|
require (
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 // indirect
|
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 // indirect
|
||||||
git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
|
git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
|
||||||
|
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
|
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
|
||||||
|
github.com/go-logr/logr v1.2.3 // indirect
|
||||||
|
github.com/go-logr/stdr v1.2.2 // indirect
|
||||||
github.com/golang/protobuf v1.5.2 // indirect
|
github.com/golang/protobuf v1.5.2 // indirect
|
||||||
github.com/gorilla/websocket v1.4.2 // indirect
|
github.com/gorilla/websocket v1.4.2 // indirect
|
||||||
|
github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
|
||||||
github.com/hashicorp/golang-lru v0.6.0 // indirect
|
github.com/hashicorp/golang-lru v0.6.0 // indirect
|
||||||
github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect
|
github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect
|
||||||
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20221202075445-cb5c18dc73eb // indirect
|
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20221202075445-cb5c18dc73eb // indirect
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0 // indirect
|
github.com/nspcc-dev/rfc6979 v0.2.0 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||||
github.com/spaolacci/murmur3 v1.1.0 // indirect
|
github.com/spaolacci/murmur3 v1.1.0 // indirect
|
||||||
|
go.opentelemetry.io/otel v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/sdk v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/otel/trace v1.14.0 // indirect
|
||||||
|
go.opentelemetry.io/proto/otlp v0.19.0 // indirect
|
||||||
go.uber.org/multierr v1.9.0 // indirect
|
go.uber.org/multierr v1.9.0 // indirect
|
||||||
golang.org/x/crypto v0.4.0 // indirect
|
golang.org/x/crypto v0.4.0 // indirect
|
||||||
golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
|
golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
|
||||||
golang.org/x/net v0.3.0 // indirect
|
golang.org/x/net v0.7.0 // indirect
|
||||||
golang.org/x/sync v0.1.0 // indirect
|
golang.org/x/sync v0.1.0 // indirect
|
||||||
golang.org/x/sys v0.3.0 // indirect
|
golang.org/x/sys v0.5.0 // indirect
|
||||||
golang.org/x/text v0.5.0 // indirect
|
golang.org/x/text v0.7.0 // indirect
|
||||||
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987 // indirect
|
google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
|
||||||
google.golang.org/grpc v1.48.0 // indirect
|
google.golang.org/grpc v1.53.0 // indirect
|
||||||
google.golang.org/protobuf v1.28.1 // indirect
|
google.golang.org/protobuf v1.28.1 // indirect
|
||||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||||
)
|
)
|
||||||
|
|
|
||||||
BIN
go.sum
BIN
go.sum
Binary file not shown.
Loading…
Reference in a new issue