Merge pull request #60 from nspcc-dev/bump/api-v-0-6-0

Update neo-api library to v0.6.0
2020-04-02 18:38:43 +03:00 · 2020-04-02 18:38:43 +03:00 · 08fe4f8383
commit 08fe4f8383
parent 70247e06ba 2fb36f8588
12 changed files with 106 additions and 81 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-PROTO_VERSION=v0.5.0
+PROTO_VERSION=v0.6.0
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz

 B=\033[0;1m
--- a/acl/types.pb.go
+++ b/acl/types.pb.go
--- a/acl/types.proto
+++ b/acl/types.proto
@ -0,0 +1,27 @@
+syntax = "proto3";
+package acl;
+option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
+option csharp_namespace = "NeoFS.API.Acl";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+option (gogoproto.stable_marshaler_all) = true;
+
+// Target of the access control rule in access control list.
+enum Target {
+    // Unknown target, default value.
+    Unknown = 0;
+
+    // User target rule is applied if sender is the owner of the container.
+    User    = 1;
+
+    // System target rule is applied if sender is the storage node within the
+    // container or inner ring node.
+    System  = 2;
+
+    // Others target rule is applied if sender is not user or system target.
+    Others  = 3;
+
+    // PubKey target rule is applied if sender has public key provided in
+    // extended ACL.
+    PubKey  = 4;
+}
--- a/container/service.go
+++ b/container/service.go
@ -31,9 +31,11 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
 		err      error
 		buf      = new(bytes.Buffer)
 		capBytes = make([]byte, 8)
+		aclBytes = make([]byte, 4)
 	)

 	binary.BigEndian.PutUint64(capBytes, m.Capacity)
+	binary.BigEndian.PutUint32(capBytes, m.BasicACL)

 	if _, err = buf.Write(m.MessageID.Bytes()); err != nil {
 		return nil, errors.Wrap(err, "could not write message id")
@ -45,6 +47,8 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
 		return nil, errors.Wrap(err, "could not marshal placement")
 	} else if _, err = buf.Write(data); err != nil {
 		return nil, errors.Wrap(err, "could not write placement")
+	} else if _, err = buf.Write(aclBytes); err != nil {
+		return nil, errors.Wrap(err, "could not write basic acl")
 	}

 	return buf.Bytes(), nil
--- a/container/service.pb.go
+++ b/container/service.pb.go
--- a/container/service.proto
+++ b/container/service.proto
@ -42,8 +42,8 @@ message PutRequest {
    // Rules define storage policy for the object inside the container.
    netmap.PlacementRule rules               = 4 [(gogoproto.nullable) = false];

-    // Container ACL.
-    AccessGroup Group                        = 5 [(gogoproto.nullable) = false];
+    // BasicACL of the container.
+    uint32 BasicACL                          = 5;

    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
--- a/container/types.go
+++ b/container/types.go
@ -11,19 +11,6 @@ import (
 	"github.com/pkg/errors"
 )

-// AccessMode is a container access mode type.
-type AccessMode uint32
-
-const (
-	// AccessModeRead is a read access mode.
-	AccessModeRead AccessMode = 1 << iota
-	// AccessModeWrite is a write access mode.
-	AccessModeWrite
-)
-
-// AccessModeReadWrite is a read/write container access mode.
-const AccessModeReadWrite = AccessModeRead | AccessModeWrite
-
 var (
 	_ internal.Custom = (*Container)(nil)

@ -31,8 +18,8 @@ var (
 	emptyOwner = (OwnerID{}).Bytes()
 )

-// New creates new user container based on capacity, OwnerID and PlacementRules.
-func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, error) {
+// New creates new user container based on capacity, OwnerID, ACL and PlacementRules.
+func New(cap uint64, owner OwnerID, acl uint32, rules netmap.PlacementRule) (*Container, error) {
 	if bytes.Equal(owner[:], emptyOwner) {
 		return nil, refs.ErrEmptyOwner
 	} else if cap == 0 {
@ -49,6 +36,7 @@ func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, err
 		Salt:     UUID(salt),
 		Capacity: cap,
 		Rules:    rules,
+		BasicACL: acl,
 	}, nil
 }

@ -90,7 +78,7 @@ func NewTestContainer() (*Container, error) {
 	if err != nil {
 		return nil, err
 	}
-	return New(100, owner, netmap.PlacementRule{
+	return New(100, owner, 0xFFFFFFFF, netmap.PlacementRule{
 		ReplFactor: 2,
 		SFGroups: []netmap.SFGroup{
 			{
--- a/container/types.pb.go
+++ b/container/types.pb.go
--- a/container/types.proto
+++ b/container/types.proto
@ -18,18 +18,7 @@ message Container {
    uint64 Capacity            = 3;
    // Rules define storage policy for the object inside the container.
    netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
-    // Container ACL.
-    AccessControlList List     = 5 [(gogoproto.nullable) = false];
-}
-
-message AccessGroup {
-    // Group access mode.
-    uint32 AccessMode         = 1;
-    // Group members.
-    repeated bytes UserGroup  = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
-}
-
-message AccessControlList {
-    // List of access groups.
-    repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
+    // BasicACL with access control rules for owner, system, others and
+    // permission bits for bearer token and extended ACL.
+    uint32 BasicACL            = 5;
 }
--- a/container/types_test.go
+++ b/container/types_test.go
@ -36,7 +36,7 @@ func TestCID(t *testing.T) {
 		owner, err := refs.NewOwnerID(&key.PublicKey)
 		require.NoError(t, err)

-		c1, err := New(10, owner, rules)
+		c1, err := New(10, owner, 0xDEADBEEF, rules)
 		require.NoError(t, err)

 		data, err := proto.Marshal(c1)
@ -55,23 +55,3 @@ func TestCID(t *testing.T) {
 		require.Equal(t, cid1, cid2)
 	})
 }
-
-func TestAccessMode(t *testing.T) {
-	t.Run("read access to read/write mode", func(t *testing.T) {
-		require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead)
-	})
-
-	t.Run("write access to read/write mode", func(t *testing.T) {
-		require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite)
-	})
-
-	t.Run("read(write) access to write(read) mode", func(t *testing.T) {
-		require.Zero(t, AccessModeRead&AccessModeWrite)
-	})
-
-	t.Run("access to same mode", func(t *testing.T) {
-		require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite)
-		require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead)
-		require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite)
-	})
-}
--- a/docs/acl.md
+++ b/docs/acl.md
@ -0,0 +1,62 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [acl/types.proto](#acl/types.proto)
+
+
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="acl/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## acl/types.proto
+
+
+ <!-- end services -->
+
+ <!-- end messages -->
+
+
+<a name="acl.Target"></a>
+
+### Target
+Target of the access control rule in access control list.
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unknown | 0 | Unknown target, default value. |
+| User | 1 | User target rule is applied if sender is the owner of the container. |
+| System | 2 | System target rule is applied if sender is the storage node within the container or inner ring node. |
+| Others | 3 | Others target rule is applied if sender is not user or system target. |
+| PubKey | 4 | PubKey target rule is applied if sender has public key provided in extended ACL. |
+
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
--- a/docs/container.md
+++ b/docs/container.md
@ -21,8 +21,6 @@
 - [container/types.proto](#container/types.proto)

  - Messages
-    - [AccessControlList](#container.AccessControlList)
-    - [AccessGroup](#container.AccessGroup)
    - [Container](#container.Container)
    

@ -166,7 +164,7 @@ via consensus in inner ring nodes
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
 | rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
-| Group | [AccessGroup](#container.AccessGroup) |  | Container ACL. |
+| BasicACL | [uint32](#uint32) |  | BasicACL of the container. |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -196,29 +194,6 @@ via consensus in inner ring nodes
 <!-- end services -->


-<a name="container.AccessControlList"></a>
-
-### Message AccessControlList
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. |
-
-
-<a name="container.AccessGroup"></a>
-
-### Message AccessGroup
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| AccessMode | [uint32](#uint32) |  | Group access mode. |
-| UserGroup | [bytes](#bytes) | repeated | Group members. |
-
-
 <a name="container.Container"></a>

 ### Message Container
@ -231,7 +206,7 @@ The Container service definition.
 | Salt | [bytes](#bytes) |  | Salt is a nonce for unique container id calculation. |
 | Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
 | Rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
-| List | [AccessControlList](#container.AccessControlList) |  | Container ACL. |
+| BasicACL | [uint32](#uint32) |  | BasicACL with access control rules for owner, system, others and permission bits for bearer token and extended ACL. |

 <!-- end messages -->