Merge pull request #60 from nspcc-dev/bump/api-v-0-6-0

Update neo-api library to v0.6.0
This commit is contained in:
Evgeniy Kulikov 2020-04-02 18:38:43 +03:00 committed by GitHub
commit 08fe4f8383
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 106 additions and 81 deletions

View file

@ -1,4 +1,4 @@
PROTO_VERSION=v0.5.0 PROTO_VERSION=v0.6.0
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
B=\033[0;1m B=\033[0;1m

BIN
acl/types.pb.go Normal file

Binary file not shown.

27
acl/types.proto Normal file
View file

@ -0,0 +1,27 @@
syntax = "proto3";
package acl;
option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
option csharp_namespace = "NeoFS.API.Acl";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
option (gogoproto.stable_marshaler_all) = true;
// Target of the access control rule in access control list.
enum Target {
// Unknown target, default value.
Unknown = 0;
// User target rule is applied if sender is the owner of the container.
User = 1;
// System target rule is applied if sender is the storage node within the
// container or inner ring node.
System = 2;
// Others target rule is applied if sender is not user or system target.
Others = 3;
// PubKey target rule is applied if sender has public key provided in
// extended ACL.
PubKey = 4;
}

View file

@ -31,9 +31,11 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
err error err error
buf = new(bytes.Buffer) buf = new(bytes.Buffer)
capBytes = make([]byte, 8) capBytes = make([]byte, 8)
aclBytes = make([]byte, 4)
) )
binary.BigEndian.PutUint64(capBytes, m.Capacity) binary.BigEndian.PutUint64(capBytes, m.Capacity)
binary.BigEndian.PutUint32(capBytes, m.BasicACL)
if _, err = buf.Write(m.MessageID.Bytes()); err != nil { if _, err = buf.Write(m.MessageID.Bytes()); err != nil {
return nil, errors.Wrap(err, "could not write message id") return nil, errors.Wrap(err, "could not write message id")
@ -45,6 +47,8 @@ func (m *PutRequest) PrepareData() ([]byte, error) {
return nil, errors.Wrap(err, "could not marshal placement") return nil, errors.Wrap(err, "could not marshal placement")
} else if _, err = buf.Write(data); err != nil { } else if _, err = buf.Write(data); err != nil {
return nil, errors.Wrap(err, "could not write placement") return nil, errors.Wrap(err, "could not write placement")
} else if _, err = buf.Write(aclBytes); err != nil {
return nil, errors.Wrap(err, "could not write basic acl")
} }
return buf.Bytes(), nil return buf.Bytes(), nil

Binary file not shown.

View file

@ -42,8 +42,8 @@ message PutRequest {
// Rules define storage policy for the object inside the container. // Rules define storage policy for the object inside the container.
netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false]; netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false];
// Container ACL. // BasicACL of the container.
AccessGroup Group = 5 [(gogoproto.nullable) = false]; uint32 BasicACL = 5;
// RequestMetaHeader contains information about request meta headers (should be embedded into message) // RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];

View file

@ -11,19 +11,6 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// AccessMode is a container access mode type.
type AccessMode uint32
const (
// AccessModeRead is a read access mode.
AccessModeRead AccessMode = 1 << iota
// AccessModeWrite is a write access mode.
AccessModeWrite
)
// AccessModeReadWrite is a read/write container access mode.
const AccessModeReadWrite = AccessModeRead | AccessModeWrite
var ( var (
_ internal.Custom = (*Container)(nil) _ internal.Custom = (*Container)(nil)
@ -31,8 +18,8 @@ var (
emptyOwner = (OwnerID{}).Bytes() emptyOwner = (OwnerID{}).Bytes()
) )
// New creates new user container based on capacity, OwnerID and PlacementRules. // New creates new user container based on capacity, OwnerID, ACL and PlacementRules.
func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, error) { func New(cap uint64, owner OwnerID, acl uint32, rules netmap.PlacementRule) (*Container, error) {
if bytes.Equal(owner[:], emptyOwner) { if bytes.Equal(owner[:], emptyOwner) {
return nil, refs.ErrEmptyOwner return nil, refs.ErrEmptyOwner
} else if cap == 0 { } else if cap == 0 {
@ -49,6 +36,7 @@ func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, err
Salt: UUID(salt), Salt: UUID(salt),
Capacity: cap, Capacity: cap,
Rules: rules, Rules: rules,
BasicACL: acl,
}, nil }, nil
} }
@ -90,7 +78,7 @@ func NewTestContainer() (*Container, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
return New(100, owner, netmap.PlacementRule{ return New(100, owner, 0xFFFFFFFF, netmap.PlacementRule{
ReplFactor: 2, ReplFactor: 2,
SFGroups: []netmap.SFGroup{ SFGroups: []netmap.SFGroup{
{ {

Binary file not shown.

View file

@ -18,18 +18,7 @@ message Container {
uint64 Capacity = 3; uint64 Capacity = 3;
// Rules define storage policy for the object inside the container. // Rules define storage policy for the object inside the container.
netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false]; netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
// Container ACL. // BasicACL with access control rules for owner, system, others and
AccessControlList List = 5 [(gogoproto.nullable) = false]; // permission bits for bearer token and extended ACL.
} uint32 BasicACL = 5;
message AccessGroup {
// Group access mode.
uint32 AccessMode = 1;
// Group members.
repeated bytes UserGroup = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
}
message AccessControlList {
// List of access groups.
repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
} }

View file

@ -36,7 +36,7 @@ func TestCID(t *testing.T) {
owner, err := refs.NewOwnerID(&key.PublicKey) owner, err := refs.NewOwnerID(&key.PublicKey)
require.NoError(t, err) require.NoError(t, err)
c1, err := New(10, owner, rules) c1, err := New(10, owner, 0xDEADBEEF, rules)
require.NoError(t, err) require.NoError(t, err)
data, err := proto.Marshal(c1) data, err := proto.Marshal(c1)
@ -55,23 +55,3 @@ func TestCID(t *testing.T) {
require.Equal(t, cid1, cid2) require.Equal(t, cid1, cid2)
}) })
} }
func TestAccessMode(t *testing.T) {
t.Run("read access to read/write mode", func(t *testing.T) {
require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead)
})
t.Run("write access to read/write mode", func(t *testing.T) {
require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite)
})
t.Run("read(write) access to write(read) mode", func(t *testing.T) {
require.Zero(t, AccessModeRead&AccessModeWrite)
})
t.Run("access to same mode", func(t *testing.T) {
require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite)
require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead)
require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite)
})
}

62
docs/acl.md Normal file
View file

@ -0,0 +1,62 @@
# Protocol Documentation
<a name="top"></a>
## Table of Contents
- [acl/types.proto](#acl/types.proto)
- [Scalar Value Types](#scalar-value-types)
<a name="acl/types.proto"></a>
<p align="right"><a href="#top">Top</a></p>
## acl/types.proto
<!-- end services -->
<!-- end messages -->
<a name="acl.Target"></a>
### Target
Target of the access control rule in access control list.
| Name | Number | Description |
| ---- | ------ | ----------- |
| Unknown | 0 | Unknown target, default value. |
| User | 1 | User target rule is applied if sender is the owner of the container. |
| System | 2 | System target rule is applied if sender is the storage node within the container or inner ring node. |
| Others | 3 | Others target rule is applied if sender is not user or system target. |
| PubKey | 4 | PubKey target rule is applied if sender has public key provided in extended ACL. |
<!-- end enums -->
## Scalar Value Types
| .proto Type | Notes | C++ Type | Java Type | Python Type |
| ----------- | ----- | -------- | --------- | ----------- |
| <a name="double" /> double | | double | double | float |
| <a name="float" /> float | | float | float | float |
| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
| <a name="bool" /> bool | | bool | boolean | boolean |
| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |

View file

@ -21,8 +21,6 @@
- [container/types.proto](#container/types.proto) - [container/types.proto](#container/types.proto)
- Messages - Messages
- [AccessControlList](#container.AccessControlList)
- [AccessGroup](#container.AccessGroup)
- [Container](#container.Container) - [Container](#container.Container)
@ -166,7 +164,7 @@ via consensus in inner ring nodes
| Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). | | Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
| OwnerID | [bytes](#bytes) | | OwnerID is a wallet address | | OwnerID | [bytes](#bytes) | | OwnerID is a wallet address |
| rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. | | rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. |
| Group | [AccessGroup](#container.AccessGroup) | | Container ACL. | | BasicACL | [uint32](#uint32) | | BasicACL of the container. |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -196,29 +194,6 @@ via consensus in inner ring nodes
<!-- end services --> <!-- end services -->
<a name="container.AccessControlList"></a>
### Message AccessControlList
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. |
<a name="container.AccessGroup"></a>
### Message AccessGroup
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| AccessMode | [uint32](#uint32) | | Group access mode. |
| UserGroup | [bytes](#bytes) | repeated | Group members. |
<a name="container.Container"></a> <a name="container.Container"></a>
### Message Container ### Message Container
@ -231,7 +206,7 @@ The Container service definition.
| Salt | [bytes](#bytes) | | Salt is a nonce for unique container id calculation. | | Salt | [bytes](#bytes) | | Salt is a nonce for unique container id calculation. |
| Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). | | Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
| Rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. | | Rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. |
| List | [AccessControlList](#container.AccessControlList) | | Container ACL. | | BasicACL | [uint32](#uint32) | | BasicACL with access control rules for owner, system, others and permission bits for bearer token and extended ACL. |
<!-- end messages --> <!-- end messages -->