Update to neofs-api v1.1.0

Makefile

@@ -1,4 +1,4 @@
-PROTO_VERSION=v1.0.0
+PROTO_VERSION=v1.1.0
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
 
 B=\033[0;1m

container/service.proto

@@ -27,6 +27,12 @@ service Service {
 
     // List returns all user's containers
     rpc List(ListRequest) returns (ListResponse);
+
+    // SetExtendedACL changes extended ACL rules of the container
+    rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+
+    // GetExtendedACL returns extended ACL rules of the container
+    rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
 }
 
 message PutRequest {
@@ -99,3 +105,42 @@ message ListResponse {
     // CID (container id) is list of SHA256 hashes of the container structures
     repeated bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
 }
+
+message ExtendedACLKey {
+    // ID (container id) is a SHA256 hash of the container structure
+    bytes ID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
+
+message ExtendedACLValue {
+    // EACL carries binary representation of the table of extended ACL rules
+    bytes EACL      = 1;
+    // Signature carries EACL field signature
+    bytes Signature = 2;
+}
+
+message SetExtendedACLRequest {
+    // Key carries key to extended ACL information
+    ExtendedACLKey Key                       = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // Value carries extended ACL information
+    ExtendedACLValue Value                   = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message SetExtendedACLResponse {}
+
+message GetExtendedACLRequest {
+    // Key carries key to extended ACL information
+    ExtendedACLKey Key                       = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetExtendedACLResponse {
+    // ACL carries extended ACL information
+    ExtendedACLValue ACL = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}

container/types.go

@@ -158,3 +158,23 @@ func (m ListRequest) GetOwnerID() OwnerID {
 func (m *ListRequest) SetOwnerID(owner OwnerID) {
 	m.OwnerID = owner
 }
+
+// GetID is an ID field getter.
+func (m ExtendedACLKey) GetID() CID {
+	return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *ExtendedACLKey) SetID(v CID) {
+	m.ID = v
+}
+
+// SetEACL is an EACL field setter.
+func (m *ExtendedACLValue) SetEACL(v []byte) {
+	m.EACL = v
+}
+
+// SetSignature is a Signature field setter.
+func (m *ExtendedACLValue) SetSignature(sig []byte) {
+	m.Signature = sig
+}

container/types_test.go

@@ -140,3 +140,23 @@ func TestListRequestGettersSetters(t *testing.T) {
 		require.Equal(t, owner, m.GetOwnerID())
 	})
 }
+
+func TestExtendedACLKey(t *testing.T) {
+	s := new(ExtendedACLKey)
+
+	id := CID{1, 2, 3}
+	s.SetID(id)
+	require.Equal(t, id, s.GetID())
+}
+
+func TestExtendedACLValue(t *testing.T) {
+	s := new(ExtendedACLValue)
+
+	acl := []byte{1, 2, 3}
+	s.SetEACL(acl)
+	require.Equal(t, acl, s.GetEACL())
+
+	sig := []byte{4, 5, 6}
+	s.SetSignature(sig)
+	require.Equal(t, sig, s.GetSignature())
+}

docs/container.md

@@ -10,12 +10,18 @@
   - Messages
     - [DeleteRequest](#container.DeleteRequest)
     - [DeleteResponse](#container.DeleteResponse)
+    - [ExtendedACLKey](#container.ExtendedACLKey)
+    - [ExtendedACLValue](#container.ExtendedACLValue)
+    - [GetExtendedACLRequest](#container.GetExtendedACLRequest)
+    - [GetExtendedACLResponse](#container.GetExtendedACLResponse)
     - [GetRequest](#container.GetRequest)
     - [GetResponse](#container.GetResponse)
     - [ListRequest](#container.ListRequest)
     - [ListResponse](#container.ListResponse)
     - [PutRequest](#container.PutRequest)
     - [PutResponse](#container.PutResponse)
+    - [SetExtendedACLRequest](#container.SetExtendedACLRequest)
+    - [SetExtendedACLResponse](#container.SetExtendedACLResponse)
     
 
 - [container/types.proto](#container/types.proto)
@@ -46,6 +52,8 @@ rpc Put(PutRequest) returns (PutResponse);
 rpc Delete(DeleteRequest) returns (DeleteResponse);
 rpc Get(GetRequest) returns (GetResponse);
 rpc List(ListRequest) returns (ListResponse);
+rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
 
 ```
 
@@ -80,6 +88,20 @@ List returns all user's containers
 | Name | Input | Output |
 | ---- | ----- | ------ |
 | List | [ListRequest](#container.ListRequest) | [ListResponse](#container.ListResponse) |
+#### Method SetExtendedACL
+
+SetExtendedACL changes extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| SetExtendedACL | [SetExtendedACLRequest](#container.SetExtendedACLRequest) | [SetExtendedACLResponse](#container.SetExtendedACLResponse) |
+#### Method GetExtendedACL
+
+GetExtendedACL returns extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| GetExtendedACL | [GetExtendedACLRequest](#container.GetExtendedACLRequest) | [GetExtendedACLResponse](#container.GetExtendedACLResponse) |
  <!-- end services -->
 
 
@@ -104,6 +126,53 @@ via consensus in inner ring nodes
 
 
 
+<a name="container.ExtendedACLKey"></a>
+
+### Message ExtendedACLKey
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID (container id) is a SHA256 hash of the container structure |
+
+
+<a name="container.ExtendedACLValue"></a>
+
+### Message ExtendedACLValue
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| EACL | [bytes](#bytes) |  | EACL carries binary representation of the table of extended ACL rules |
+| Signature | [bytes](#bytes) |  | Signature carries EACL field signature |
+
+
+<a name="container.GetExtendedACLRequest"></a>
+
+### Message GetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) |  | Key carries key to extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.GetExtendedACLResponse"></a>
+
+### Message GetExtendedACLResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACL | [ExtendedACLValue](#container.ExtendedACLValue) |  | ACL carries extended ACL information |
+
+
 <a name="container.GetRequest"></a>
 
 ### Message GetRequest
@@ -179,6 +248,27 @@ via consensus in inner ring nodes
 | ----- | ---- | ----- | ----------- |
 | CID | [bytes](#bytes) |  | CID (container id) is a SHA256 hash of the container structure |
 
+
+<a name="container.SetExtendedACLRequest"></a>
+
+### Message SetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) |  | Key carries key to extended ACL information |
+| Value | [ExtendedACLValue](#container.ExtendedACLValue) |  | Value carries extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.SetExtendedACLResponse"></a>
+
+### Message SetExtendedACLResponse
+
+
+
  <!-- end messages -->
 
  <!-- end enums -->

docs/service.md

@@ -6,6 +6,8 @@
 - [service/meta.proto](#service/meta.proto)
 
   - Messages
+    - [RequestExtendedHeader](#service.RequestExtendedHeader)
+    - [RequestExtendedHeader.KV](#service.RequestExtendedHeader.KV)
     - [RequestMetaHeader](#service.RequestMetaHeader)
     - [ResponseMetaHeader](#service.ResponseMetaHeader)
     
@@ -13,6 +15,8 @@
 - [service/verify.proto](#service/verify.proto)
 
   - Messages
+    - [BearerTokenMsg](#service.BearerTokenMsg)
+    - [BearerTokenMsg.Info](#service.BearerTokenMsg.Info)
     - [RequestVerificationHeader](#service.RequestVerificationHeader)
     - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
     - [Token](#service.Token)
@@ -39,6 +43,29 @@
  <!-- end services -->
 
 
+<a name="service.RequestExtendedHeader"></a>
+
+### Message RequestExtendedHeader
+RequestExtendedHeader contains extended headers of request
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Headers | [RequestExtendedHeader.KV](#service.RequestExtendedHeader.KV) | repeated | Headers carries list of key-value headers |
+
+
+<a name="service.RequestExtendedHeader.KV"></a>
+
+### Message RequestExtendedHeader.KV
+KV contains string key-value pair
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| K | [string](#string) |  | K carries extended header key |
+| V | [string](#string) |  | V carries extended header value |
+
+
 <a name="service.RequestMetaHeader"></a>
 
 ### Message RequestMetaHeader
@@ -52,6 +79,7 @@ RequestMetaHeader contains information about request meta headers
 | Epoch | [uint64](#uint64) |  | Epoch for user can be empty, because node sets epoch to the actual value |
 | Version | [uint32](#uint32) |  | Version defines protocol version TODO: not used for now, should be implemented in future |
 | Raw | [bool](#bool) |  | Raw determines whether the request is raw or not |
+| ExtendedHeader | [RequestExtendedHeader](#service.RequestExtendedHeader) |  | ExtendedHeader carries extended headers of the request |
 
 
 <a name="service.ResponseMetaHeader"></a>
@@ -81,6 +109,32 @@ ResponseMetaHeader contains meta information based on request processing by serv
  <!-- end services -->
 
 
+<a name="service.BearerTokenMsg"></a>
+
+### Message BearerTokenMsg
+BearerTokenMsg carries information about request ACL rules with limited lifetime
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) |  | TokenInfo is a grouped information about token |
+| OwnerKey | [bytes](#bytes) |  | OwnerKey is a public key of the token owner |
+| Signature | [bytes](#bytes) |  | Signature is a signature of token information |
+
+
+<a name="service.BearerTokenMsg.Info"></a>
+
+### Message BearerTokenMsg.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACLRules | [bytes](#bytes) |  | ACLRules carries a binary representation of the table of extended ACL rules |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of token |
+| ValidUntil | [uint64](#uint64) |  | ValidUntil carries a last epoch of token lifetime |
+
+
 <a name="service.RequestVerificationHeader"></a>
 
 ### Message RequestVerificationHeader
@@ -92,6 +146,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
 | Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |
+| Bearer | [BearerTokenMsg](#service.BearerTokenMsg) |  | Bearer is a Bearer token of the request |
 
 
 <a name="service.RequestVerificationHeader.Signature"></a>

service/bearer.go

@@ -94,3 +94,33 @@ func copyBearerTokenSignedData(buf []byte, token BearerTokenInfo) {
 	tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
 	off += 8
 }
+
+// SetACLRules is an ACLRules field setter.
+func (m *BearerTokenMsg_Info) SetACLRules(v []byte) {
+	m.ACLRules = v
+}
+
+// SetValidUntil is a ValidUntil field setter.
+func (m *BearerTokenMsg_Info) SetValidUntil(v uint64) {
+	m.ValidUntil = v
+}
+
+// GetOwnerID if an OwnerID field getter.
+func (m BearerTokenMsg_Info) GetOwnerID() OwnerID {
+	return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *BearerTokenMsg_Info) SetOwnerID(v OwnerID) {
+	m.OwnerID = v
+}
+
+// SetOwnerKey is an OwnerKey field setter.
+func (m *BearerTokenMsg) SetOwnerKey(v []byte) {
+	m.OwnerKey = v
+}
+
+// SetSignature is a Signature field setter.
+func (m *BearerTokenMsg) SetSignature(v []byte) {
+	m.Signature = v
+}

service/bearer_test.go

@@ -170,3 +170,27 @@ func TestSignVerifyBearerToken(t *testing.T) {
 		require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
 	}
 }
+
+func TestBearerTokenMsg_Setters(t *testing.T) {
+	s := new(BearerTokenMsg)
+
+	aclRules := []byte{1, 2, 3}
+	s.SetACLRules(aclRules)
+	require.Equal(t, aclRules, s.GetACLRules())
+
+	validUntil := uint64(6)
+	s.SetValidUntil(validUntil)
+	require.Equal(t, validUntil, s.GetValidUntil())
+
+	ownerID := OwnerID{1, 2, 3}
+	s.SetOwnerID(ownerID)
+	require.Equal(t, ownerID, s.GetOwnerID())
+
+	ownerKey := []byte{4, 5, 6}
+	s.SetOwnerKey(ownerKey)
+	require.Equal(t, ownerKey, s.GetOwnerKey())
+
+	sig := []byte{7, 8, 9}
+	s.SetSignature(sig)
+	require.Equal(t, sig, s.GetSignature())
+}

service/meta.go

@@ -69,3 +69,18 @@ func (s extHdrSrcWrapper) ReadSignedData(p []byte) (int, error) {
 
 	return sz, nil
 }
+
+// SetK is a K field setter.
+func (m *RequestExtendedHeader_KV) SetK(v string) {
+	m.K = v
+}
+
+// SetV is a V field setter.
+func (m *RequestExtendedHeader_KV) SetV(v string) {
+	m.V = v
+}
+
+// SetHeaders is a Headers field setter.
+func (m *RequestExtendedHeader) SetHeaders(v []RequestExtendedHeader_KV) {
+	m.Headers = v
+}

service/meta.proto

@@ -19,6 +19,8 @@ message RequestMetaHeader {
     uint32 Version = 3;
     // Raw determines whether the request is raw or not
     bool Raw       = 4;
+    // ExtendedHeader carries extended headers of the request
+    RequestExtendedHeader ExtendedHeader = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
 }
 
 // ResponseMetaHeader contains meta information based on request processing by server
@@ -30,3 +32,18 @@ message ResponseMetaHeader {
     // TODO: not used for now, should be implemented in future
     uint32 Version = 2;
 }
+
+// RequestExtendedHeader contains extended headers of request
+message RequestExtendedHeader {
+    // KV contains string key-value pair
+    message KV {
+        // K carries extended header key
+        string K = 1;
+
+        // V carries extended header value
+        string V = 2;
+    }
+
+    // Headers carries list of key-value headers
+    repeated KV Headers = 1 [(gogoproto.nullable) = false];
+}

service/meta_test.go

@@ -23,3 +23,31 @@ func TestCutRestoreMeta(t *testing.T) {
 		require.Equal(t, item(), v1)
 	}
 }
+
+func TestRequestExtendedHeader_KV_Setters(t *testing.T) {
+	s := new(RequestExtendedHeader_KV)
+
+	key := "key"
+	s.SetK(key)
+	require.Equal(t, key, s.GetK())
+
+	val := "val"
+	s.SetV(val)
+	require.Equal(t, val, s.GetV())
+}
+
+func TestRequestExtendedHeader_SetHeaders(t *testing.T) {
+	s := new(RequestExtendedHeader)
+
+	hdr := RequestExtendedHeader_KV{}
+	hdr.SetK("key")
+	hdr.SetV("val")
+
+	hdrs := []RequestExtendedHeader_KV{
+		hdr,
+	}
+
+	s.SetHeaders(hdrs)
+
+	require.Equal(t, hdrs, s.GetHeaders())
+}

service/verify.go

@@ -67,6 +67,11 @@ func (m *RequestVerificationHeader) SetToken(token *Token) {
 	m.Token = token
 }
 
+// SetBearer is a Bearer field setter.
+func (m *RequestVerificationHeader) SetBearer(v *BearerTokenMsg) {
+	m.Bearer = v
+}
+
 // testCustomField for test usage only.
 type testCustomField [8]uint32
 

service/verify.proto

@@ -23,6 +23,9 @@ message RequestVerificationHeader {
 
     // Token is a token of the session within which the request is sent
     Token Token = 2;
+
+    // Bearer is a Bearer token of the request
+    BearerTokenMsg Bearer = 3;
 }
 
 // User token granting rights for object manipulation
@@ -91,3 +94,26 @@ message TokenLifetime {
 //     uint32 Version = 2;
 //     bytes Data = 3;
 // }
+
+// BearerTokenMsg carries information about request ACL rules with limited lifetime
+message BearerTokenMsg {
+    message Info {
+        // ACLRules carries a binary representation of the table of extended ACL rules
+        bytes ACLRules = 1;
+
+        // OwnerID is an owner of token
+        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+        // ValidUntil carries a last epoch of token lifetime
+        uint64 ValidUntil = 3;
+    }
+
+    // TokenInfo is a grouped information about token
+    Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+    // OwnerKey is a public key of the token owner
+    bytes OwnerKey = 2;
+
+    // Signature is a signature of token information
+    bytes Signature = 3;
+}

service/verify_test.go

@@ -115,3 +115,16 @@ func TestRequestVerificationHeader_SetToken(t *testing.T) {
 
 	require.Equal(t, token, h.GetToken())
 }
+
+func TestRequestVerificationHeader_SetBearer(t *testing.T) {
+	aclRules := []byte{1, 2, 3}
+
+	token := new(BearerTokenMsg)
+	token.SetACLRules(aclRules)
+
+	h := new(RequestVerificationHeader)
+
+	h.SetBearer(token)
+
+	require.Equal(t, token, h.GetBearer())
+}