forked from TrueCloudLab/frostfs-api
Move BearerToken type to acl package
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
This commit is contained in:
parent
54778a86ed
commit
7d72061fb3
7 changed files with 68 additions and 58 deletions
|
@ -133,3 +133,34 @@ message EACLTable {
|
||||||
// Records carries list of extended ACL rule records.
|
// Records carries list of extended ACL rule records.
|
||||||
repeated EACLRecord records = 2 [json_name="Records"];
|
repeated EACLRecord records = 2 [json_name="Records"];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BearerToken has information about request ACL rules with limited lifetime
|
||||||
|
message BearerToken {
|
||||||
|
// Bearer Token body
|
||||||
|
message Body {
|
||||||
|
// EACLTable carries table of extended ACL rules
|
||||||
|
EACLTable eacl_table = 1;
|
||||||
|
|
||||||
|
// OwnerID carries identifier of the token owner
|
||||||
|
neo.fs.v2.refs.OwnerID owner_id = 2;
|
||||||
|
|
||||||
|
// Lifetime parameters of the token. Filed names taken from rfc7519.
|
||||||
|
message TokenLifetime {
|
||||||
|
// Expiration Epoch
|
||||||
|
uint64 exp = 1;
|
||||||
|
|
||||||
|
// Not valid before Epoch
|
||||||
|
uint64 nbf = 2;
|
||||||
|
|
||||||
|
// Issued at Epoch
|
||||||
|
uint64 iat = 3;
|
||||||
|
}
|
||||||
|
// Token expiration and valid time period parameters
|
||||||
|
TokenLifetime lifetime = 3;
|
||||||
|
}
|
||||||
|
// Bearer Token body
|
||||||
|
Body body = 1;
|
||||||
|
|
||||||
|
// Signature of BearerToken body
|
||||||
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
|
}
|
||||||
|
|
|
@ -50,7 +50,7 @@ message PutRequest {
|
||||||
container.Container container = 1;
|
container.Container container = 1;
|
||||||
|
|
||||||
//Signature of stable-marshalled container according to RFC-6979.
|
//Signature of stable-marshalled container according to RFC-6979.
|
||||||
neo.fs.v2.service.Signature signature =2;
|
neo.fs.v2.refs.Signature signature =2;
|
||||||
}
|
}
|
||||||
// Body of container put request message.
|
// Body of container put request message.
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
@ -94,7 +94,7 @@ message DeleteRequest {
|
||||||
neo.fs.v2.refs.ContainerID container_id = 1;
|
neo.fs.v2.refs.ContainerID container_id = 1;
|
||||||
|
|
||||||
// Signature of container id according to RFC-6979.
|
// Signature of container id according to RFC-6979.
|
||||||
neo.fs.v2.service.Signature signature = 2;
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
}
|
}
|
||||||
// Body of container delete request message.
|
// Body of container delete request message.
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
@ -216,7 +216,7 @@ message SetExtendedACLRequest {
|
||||||
neo.fs.v2.acl.EACLTable eacl = 1;
|
neo.fs.v2.acl.EACLTable eacl = 1;
|
||||||
|
|
||||||
// Signature of stable-marshalled Extended ACL according to RFC-6979.
|
// Signature of stable-marshalled Extended ACL according to RFC-6979.
|
||||||
neo.fs.v2.service.Signature signature = 2;
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
}
|
}
|
||||||
// Body of set extended acl request message.
|
// Body of set extended acl request message.
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
@ -278,7 +278,7 @@ message GetExtendedACLResponse {
|
||||||
neo.fs.v2.acl.EACLTable eacl = 1;
|
neo.fs.v2.acl.EACLTable eacl = 1;
|
||||||
|
|
||||||
// Signature of stable-marshalled Extended ACL according to RFC-6979.
|
// Signature of stable-marshalled Extended ACL according to RFC-6979.
|
||||||
neo.fs.v2.service.Signature signature = 2;
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
}
|
}
|
||||||
// Body of get extended acl response message.
|
// Body of get extended acl response message.
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
|
|
@ -85,7 +85,7 @@ message GetResponse {
|
||||||
neo.fs.v2.refs.ObjectID object_id = 1;
|
neo.fs.v2.refs.ObjectID object_id = 1;
|
||||||
|
|
||||||
// Object signature
|
// Object signature
|
||||||
neo.fs.v2.service.Signature signature =2;
|
neo.fs.v2.refs.Signature signature =2;
|
||||||
|
|
||||||
// Object header.
|
// Object header.
|
||||||
Header header = 3;
|
Header header = 3;
|
||||||
|
@ -122,7 +122,7 @@ message PutRequest {
|
||||||
neo.fs.v2.refs.ObjectID object_id = 1;
|
neo.fs.v2.refs.ObjectID object_id = 1;
|
||||||
|
|
||||||
// Object signature, were available
|
// Object signature, were available
|
||||||
neo.fs.v2.service.Signature signature =2;
|
neo.fs.v2.refs.Signature signature =2;
|
||||||
|
|
||||||
// Header of the object to save in the system.
|
// Header of the object to save in the system.
|
||||||
Header header = 3;
|
Header header = 3;
|
||||||
|
|
|
@ -100,7 +100,7 @@ message Header {
|
||||||
neo.fs.v2.refs.ObjectID previous = 2;
|
neo.fs.v2.refs.ObjectID previous = 2;
|
||||||
|
|
||||||
// `signature` field of the parent object. Used to reconstruct parent.
|
// `signature` field of the parent object. Used to reconstruct parent.
|
||||||
neo.fs.v2.service.Signature parent_signature = 3;
|
neo.fs.v2.refs.Signature parent_signature = 3;
|
||||||
|
|
||||||
// `header` field of the parent object. Used to reconstruct parent.
|
// `header` field of the parent object. Used to reconstruct parent.
|
||||||
Header parent_header = 4;
|
Header parent_header = 4;
|
||||||
|
@ -121,7 +121,7 @@ message Object {
|
||||||
neo.fs.v2.refs.ObjectID object_id = 1;
|
neo.fs.v2.refs.ObjectID object_id = 1;
|
||||||
|
|
||||||
// Signed object_id
|
// Signed object_id
|
||||||
neo.fs.v2.service.Signature signature = 2;
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
|
|
||||||
// Object metadata headers
|
// Object metadata headers
|
||||||
Header header = 3;
|
Header header = 3;
|
||||||
|
|
|
@ -39,3 +39,11 @@ message Version {
|
||||||
// Minor API version.
|
// Minor API version.
|
||||||
uint32 minor = 2;
|
uint32 minor = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Signature of something in NeoFS
|
||||||
|
message Signature {
|
||||||
|
// Public key used for signing.
|
||||||
|
bytes key = 1;
|
||||||
|
// Signature
|
||||||
|
bytes sign = 2;
|
||||||
|
}
|
||||||
|
|
|
@ -17,18 +17,6 @@ message XHeader {
|
||||||
string value = 2;
|
string value = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lifetime parameters of the token. Filed names taken from rfc7519.
|
|
||||||
message TokenLifetime {
|
|
||||||
// Expiration Epoch
|
|
||||||
uint64 exp = 1;
|
|
||||||
|
|
||||||
// Not valid before Epoch
|
|
||||||
uint64 nbf = 2;
|
|
||||||
|
|
||||||
// Issued at Epoch
|
|
||||||
uint64 iat = 3;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Context information for Session Tokens related to ObjectService requests
|
// Context information for Session Tokens related to ObjectService requests
|
||||||
message ObjectSessionContext {
|
message ObjectSessionContext {
|
||||||
// Object request verbs
|
// Object request verbs
|
||||||
|
@ -74,6 +62,17 @@ message SessionToken {
|
||||||
// OwnerID carries identifier of the session initiator.
|
// OwnerID carries identifier of the session initiator.
|
||||||
neo.fs.v2.refs.OwnerID owner_id = 2;
|
neo.fs.v2.refs.OwnerID owner_id = 2;
|
||||||
|
|
||||||
|
// Lifetime parameters of the token. Filed names taken from rfc7519.
|
||||||
|
message TokenLifetime {
|
||||||
|
// Expiration Epoch
|
||||||
|
uint64 exp = 1;
|
||||||
|
|
||||||
|
// Not valid before Epoch
|
||||||
|
uint64 nbf = 2;
|
||||||
|
|
||||||
|
// Issued at Epoch
|
||||||
|
uint64 iat = 3;
|
||||||
|
}
|
||||||
// Lifetime is a lifetime of the session
|
// Lifetime is a lifetime of the session
|
||||||
TokenLifetime lifetime = 3;
|
TokenLifetime lifetime = 3;
|
||||||
|
|
||||||
|
@ -90,27 +89,7 @@ message SessionToken {
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
|
||||||
// Signature is a signature of session token information
|
// Signature is a signature of session token information
|
||||||
Signature signature = 2;
|
neo.fs.v2.refs.Signature signature = 2;
|
||||||
}
|
|
||||||
|
|
||||||
// BearerToken has information about request ACL rules with limited lifetime
|
|
||||||
message BearerToken {
|
|
||||||
// Bearer Token body
|
|
||||||
message Body {
|
|
||||||
// EACLTable carries table of extended ACL rules
|
|
||||||
neo.fs.v2.acl.EACLTable eacl_table = 1;
|
|
||||||
|
|
||||||
// OwnerID carries identifier of the token owner
|
|
||||||
neo.fs.v2.refs.OwnerID owner_id = 2;
|
|
||||||
|
|
||||||
// Token expiration and valid time period parameters
|
|
||||||
TokenLifetime lifetime = 3;
|
|
||||||
}
|
|
||||||
// Bearer Token body
|
|
||||||
Body body = 1;
|
|
||||||
|
|
||||||
// Signature of BearerToken body
|
|
||||||
Signature signature = 2;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Information about the request
|
// Information about the request
|
||||||
|
@ -131,7 +110,7 @@ message RequestMetaHeader {
|
||||||
SessionToken session_token = 5;
|
SessionToken session_token = 5;
|
||||||
|
|
||||||
// Bearer is a Bearer token of the request
|
// Bearer is a Bearer token of the request
|
||||||
BearerToken bearer_token = 6;
|
neo.fs.v2.acl.BearerToken bearer_token = 6;
|
||||||
|
|
||||||
// RequestMetaHeader of the origin request.
|
// RequestMetaHeader of the origin request.
|
||||||
RequestMetaHeader origin = 7;
|
RequestMetaHeader origin = 7;
|
||||||
|
@ -155,22 +134,15 @@ message ResponseMetaHeader {
|
||||||
ResponseMetaHeader origin = 5;
|
ResponseMetaHeader origin = 5;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Signature of something in NeoFS
|
|
||||||
message Signature {
|
|
||||||
// Public key used for signing.
|
|
||||||
bytes key = 1;
|
|
||||||
// Signature
|
|
||||||
bytes sign = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verification info for request signed by all intermediate nodes
|
// Verification info for request signed by all intermediate nodes
|
||||||
message RequestVerificationHeader {
|
message RequestVerificationHeader {
|
||||||
// Request Body signature. Should be generated once by request initiator.
|
// Request Body signature. Should be generated once by request initiator.
|
||||||
Signature body_signature = 1;
|
neo.fs.v2.refs.Signature body_signature = 1;
|
||||||
// Request Meta signature is added and signed by any intermediate node
|
// Request Meta signature is added and signed by any intermediate node
|
||||||
Signature meta_signature = 2;
|
neo.fs.v2.refs.Signature meta_signature = 2;
|
||||||
// Sign previous hops
|
// Sign previous hops
|
||||||
Signature origin_signature = 3;
|
neo.fs.v2.refs.Signature origin_signature = 3;
|
||||||
|
|
||||||
// Chain of previous hops signatures
|
// Chain of previous hops signatures
|
||||||
RequestVerificationHeader origin = 4;
|
RequestVerificationHeader origin = 4;
|
||||||
|
@ -179,11 +151,11 @@ message RequestVerificationHeader {
|
||||||
// Verification info for response signed by all intermediate nodes
|
// Verification info for response signed by all intermediate nodes
|
||||||
message ResponseVerificationHeader {
|
message ResponseVerificationHeader {
|
||||||
// Response Body signature. Should be generated once by answering node.
|
// Response Body signature. Should be generated once by answering node.
|
||||||
Signature body_signature = 1;
|
neo.fs.v2.refs.Signature body_signature = 1;
|
||||||
// Response Meta signature is added and signed by any intermediate node
|
// Response Meta signature is added and signed by any intermediate node
|
||||||
Signature meta_signature = 2;
|
neo.fs.v2.refs.Signature meta_signature = 2;
|
||||||
// Sign previous hops
|
// Sign previous hops
|
||||||
Signature origin_signature = 3;
|
neo.fs.v2.refs.Signature origin_signature = 3;
|
||||||
|
|
||||||
// Chain of previous hops signatures
|
// Chain of previous hops signatures
|
||||||
ResponseVerificationHeader origin = 4;
|
ResponseVerificationHeader origin = 4;
|
||||||
|
|
|
@ -20,9 +20,8 @@ message CreateRequest {
|
||||||
message Body {
|
message Body {
|
||||||
// Carries an identifier of a session initiator.
|
// Carries an identifier of a session initiator.
|
||||||
neo.fs.v2.refs.OwnerID owner_id = 1;
|
neo.fs.v2.refs.OwnerID owner_id = 1;
|
||||||
|
// Expiration Epoch
|
||||||
// Carries a lifetime of the session.
|
uint64 expiration = 2;
|
||||||
neo.fs.v2.service.TokenLifetime lifetime = 2;
|
|
||||||
}
|
}
|
||||||
// Body of create session token request message.
|
// Body of create session token request message.
|
||||||
Body body = 1;
|
Body body = 1;
|
||||||
|
|
Loading…
Reference in a new issue