Merge pull request #28 from nspcc-dev/container-acl

Container access control type definitions
This commit is contained in:
Evgeniy Kulikov 2019-12-19 01:41:46 +03:00 committed by GitHub
commit b76841b4b8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 50 additions and 0 deletions

Binary file not shown.

View file

@ -41,6 +41,9 @@ message PutRequest {
// Rules define storage policy for the object inside the container. // Rules define storage policy for the object inside the container.
netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false]; netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false];
// Container ACL.
AccessGroup Group = 5 [(gogoproto.nullable) = false];
// RequestMetaHeader contains information about request meta headers (should be embedded into message) // RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)

View file

@ -11,6 +11,19 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// AccessMode is a container access mode type.
type AccessMode uint32
const (
// AccessModeRead is a read access mode.
AccessModeRead AccessMode = 1 << iota
// AccessModeWrite is a write access mode.
AccessModeWrite
)
// AccessModeReadWrite is a read/write container access mode.
const AccessModeReadWrite = AccessModeRead | AccessModeWrite
var ( var (
_ internal.Custom = (*Container)(nil) _ internal.Custom = (*Container)(nil)

Binary file not shown.

View file

@ -17,4 +17,18 @@ message Container {
uint64 Capacity = 3; uint64 Capacity = 3;
// Rules define storage policy for the object inside the container. // Rules define storage policy for the object inside the container.
netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false]; netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
// Container ACL.
AccessControlList List = 5 [(gogoproto.nullable) = false];
}
message AccessGroup {
// Group access mode.
uint32 AccessMode = 1;
// Group members.
repeated bytes UserGroup = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
}
message AccessControlList {
// List of access groups.
repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
} }

View file

@ -55,3 +55,23 @@ func TestCID(t *testing.T) {
require.Equal(t, cid1, cid2) require.Equal(t, cid1, cid2)
}) })
} }
func TestAccessMode(t *testing.T) {
t.Run("read access to read/write mode", func(t *testing.T) {
require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead)
})
t.Run("write access to read/write mode", func(t *testing.T) {
require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite)
})
t.Run("read(write) access to write(read) mode", func(t *testing.T) {
require.Zero(t, AccessModeRead&AccessModeWrite)
})
t.Run("access to same mode", func(t *testing.T) {
require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite)
require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead)
require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite)
})
}