From 5e1e220988677aa166738ad1f6194e8ea4132744 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Mon, 22 Jun 2020 17:26:59 +0300 Subject: [PATCH 1/9] service: sign requests on the principle of Matryoshka This commit changes SignRequestData / VerifyRequestData functions to add the list of previous public keys to a signed message for all requests. --- service/sign.go | 20 +++++++++++++++--- service/sign_test.go | 48 ++++++++++++++++++++++++++++++------------ service/types.go | 1 + service/verify.go | 50 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+), 16 deletions(-) diff --git a/service/sign.go b/service/sign.go index 50453b9..796a4cd 100644 --- a/service/sign.go +++ b/service/sign.go @@ -137,11 +137,24 @@ func verifySignatures(src SignedDataSource, items ...SignKeyPair) error { } defer bytesPool.Put(data) - for _, signKey := range items { + for i := range items { + if i > 0 { + // add previous key bytes to the signed message + + signKeyDataSrc := SignKeyPairsSignedData(items[i-1]) + + signKeyData, err := signKeyDataSrc.SignedData() + if err != nil { + return errors.Wrapf(err, "could not get signed data of key-signature #%d", i) + } + + data = append(data, signKeyData...) + } + if err := crypto.Verify( - signKey.GetPublicKey(), + items[i].GetPublicKey(), data, - signKey.GetSignature(), + items[i].GetSignature(), ); err != nil { return err } @@ -213,6 +226,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error { src.GetBearerToken(), ), ExtendedHeadersSignedData(src), + SignKeyPairsSignedData(src.GetSignKeyPairs()...), ) if err != nil { return err diff --git a/service/sign_test.go b/service/sign_test.go index 6f1e913..3c54e8c 100644 --- a/service/sign_test.go +++ b/service/sign_test.go @@ -15,13 +15,13 @@ import ( type testSignedDataSrc struct { err error data []byte - sig []byte - key *ecdsa.PublicKey token SessionToken bearer BearerToken extHdrs []ExtendedHeader + + signKeys []SignKeyPair } type testSignedDataReader struct { @@ -29,13 +29,15 @@ type testSignedDataReader struct { } func (s testSignedDataSrc) GetSignature() []byte { - return s.sig + if len(s.signKeys) > 0 { + return s.signKeys[0].GetSignature() + } + + return nil } func (s testSignedDataSrc) GetSignKeyPairs() []SignKeyPair { - return []SignKeyPair{ - newSignatureKeyPair(s.key, s.sig), - } + return s.signKeys } func (s testSignedDataSrc) SignedData() ([]byte, error) { @@ -43,8 +45,9 @@ func (s testSignedDataSrc) SignedData() ([]byte, error) { } func (s *testSignedDataSrc) AddSignKey(sig []byte, key *ecdsa.PublicKey) { - s.key = key - s.sig = sig + s.signKeys = append(s.signKeys, + newSignatureKeyPair(key, sig), + ) } func testData(t *testing.T, sz int) []byte { @@ -209,23 +212,27 @@ func TestVerifyAccumulatedSignatures(t *testing.T) { // create test private key sk := test.DecodeKey(0) + signKey := new(RequestVerificationHeader_Signature) + signKey.Peer = crypto.MarshalPublicKey(&sk.PublicKey) + // create signature source src := &testSignedDataSrc{ data: testData(t, 10), - key: &sk.PublicKey, + + signKeys: []SignKeyPair{signKey}, } var err error // calculate a signature - src.sig, err = crypto.Sign(sk, src.data) + signKey.Sign, err = crypto.Sign(sk, src.data) require.NoError(t, err) // ascertain that verification is passed require.NoError(t, VerifyAccumulatedSignatures(src)) // break the signature - src.sig[0]++ + signKey.Sign[0]++ // ascertain that verification is failed require.Error(t, VerifyAccumulatedSignatures(src)) @@ -238,9 +245,13 @@ func TestVerifySignatureWithKey(t *testing.T) { ErrEmptyDataWithSignature.Error(), ) + signKey := new(RequestVerificationHeader_Signature) + // create test signature source src := &testSignedDataSrc{ data: testData(t, 10), + + signKeys: []SignKeyPair{signKey}, } // nil public key @@ -255,14 +266,14 @@ func TestVerifySignatureWithKey(t *testing.T) { var err error // calculate a signature - src.sig, err = crypto.Sign(sk, src.data) + signKey.Sign, err = crypto.Sign(sk, src.data) require.NoError(t, err) // ascertain that verification is passed require.NoError(t, VerifySignatureWithKey(&sk.PublicKey, src)) // break the signature - src.sig[0]++ + signKey.Sign[0]++ // ascertain that verification is failed require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src)) @@ -375,4 +386,15 @@ func TestSignVerifyRequestData(t *testing.T) { // ascertain that verification is passed require.NoError(t, VerifyRequestData(rdr)) + + if len(rdr.GetSignKeyPairs()) < 2 { + // add one more signature + require.NoError(t, SignRequestData(test.DecodeKey(1), rdr)) + } + + // change key-signature order + rdr.signKeys[0], rdr.signKeys[1] = rdr.signKeys[1], rdr.signKeys[0] + + // ascertain that verification is failed + require.Error(t, VerifyRequestData(src)) } diff --git a/service/types.go b/service/types.go index 75a5a0a..785a30a 100644 --- a/service/types.go +++ b/service/types.go @@ -262,6 +262,7 @@ type RequestData interface { type RequestSignedData interface { RequestData SignKeyPairAccumulator + SignKeyPairSource } // RequestVerifyData is an interface of request information with signature read access. diff --git a/service/verify.go b/service/verify.go index e1caa06..7691220 100644 --- a/service/verify.go +++ b/service/verify.go @@ -2,11 +2,16 @@ package service import ( "crypto/ecdsa" + "io" "github.com/nspcc-dev/neofs-api-go/internal" crypto "github.com/nspcc-dev/neofs-crypto" ) +type signKeyPairsWrapper struct { + items []SignKeyPair +} + // GetSessionToken returns SessionToken interface of Token field. // // If token field value is nil, nil returns. @@ -114,3 +119,48 @@ func (m RequestVerificationHeader) GetBearerToken() BearerToken { return nil } + +// SignKeyPairsSignedData wraps passed SignKeyPair slice and returns SignedDataSource interface. +func SignKeyPairsSignedData(v ...SignKeyPair) SignedDataSource { + return &signKeyPairsWrapper{ + items: v, + } +} + +// SignedData returns signed SignKeyPair slice in a binary representation. +func (s signKeyPairsWrapper) SignedData() ([]byte, error) { + return SignedDataFromReader(s) +} + +// SignedDataSize returns the length of signed SignKeyPair slice. +func (s signKeyPairsWrapper) SignedDataSize() (sz int) { + for i := range s.items { + // add key length + sz += len( + crypto.MarshalPublicKey(s.items[i].GetPublicKey()), + ) + } + + return +} + +// ReadSignedData copies a binary representation of the signed SignKeyPair slice to passed buffer. +// +// If buffer length is less than required, io.ErrUnexpectedEOF returns. +func (s signKeyPairsWrapper) ReadSignedData(p []byte) (int, error) { + sz := s.SignedDataSize() + if len(p) < sz { + return 0, io.ErrUnexpectedEOF + } + + off := 0 + + for i := range s.items { + // copy public key bytes + off += copy(p[off:], crypto.MarshalPublicKey( + s.items[i].GetPublicKey(), + )) + } + + return off, nil +} From 1dd4d48b5f8057cfc69df599403d4087fe61cf35 Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 18:13:56 +0300 Subject: [PATCH 2/9] alc: add a rich functionality to manage Extended ACL --- acl/action.go | 38 ++++ acl/action_test.go | 76 +++++++ acl/extended.go | 120 +++++++++++ acl/header.go | 290 +++++++++++++++++++++++++ acl/headers_test.go | 59 +++++ acl/match.go | 29 +++ acl/match_test.go | 44 ++++ acl/types.go | 56 +++++ acl/types.pb.go | Bin 3241 -> 37624 bytes acl/types.proto | 79 +++++++ acl/wrappers.go | 498 +++++++++++++++++++++++++++++++++++++++++++ acl/wrappers_test.go | 139 ++++++++++++ 12 files changed, 1428 insertions(+) create mode 100644 acl/action.go create mode 100644 acl/action_test.go create mode 100644 acl/extended.go create mode 100644 acl/header.go create mode 100644 acl/headers_test.go create mode 100644 acl/match.go create mode 100644 acl/match_test.go create mode 100644 acl/types.go create mode 100644 acl/wrappers.go create mode 100644 acl/wrappers_test.go diff --git a/acl/action.go b/acl/action.go new file mode 100644 index 0000000..b2986e2 --- /dev/null +++ b/acl/action.go @@ -0,0 +1,38 @@ +package acl + +// RequestInfo is an interface of request information needed for extended ACL check. +type RequestInfo interface { + TypedHeaderSource + + // Must return the binary representation of request initiator's key. + Key() []byte + + // Must return true if request corresponds to operation type. + TypeOf(OperationType) bool + + // Must return true if request has passed target. + TargetOf(Target) bool +} + +// ExtendedACLChecker is an interface of extended ACL checking tool. +type ExtendedACLChecker interface { + // Must return an action according to the results of applying the ACL table rules to request. + // + // Must return ActionUndefined if it is unable to explicitly calculate the action. + Action(ExtendedACLTable, RequestInfo) ExtendedACLAction +} + +type extendedACLChecker struct{} + +const ( + // ActionUndefined is ExtendedACLAction used to mark value as undefined. + // Most of the tools consider ActionUndefined as incalculable. + // Using ActionUndefined in ExtendedACLRecord is unsafe. + ActionUndefined ExtendedACLAction = iota + + // ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule. + ActionAllow + + // ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule. + ActionDeny +) diff --git a/acl/action_test.go b/acl/action_test.go new file mode 100644 index 0000000..83022e3 --- /dev/null +++ b/acl/action_test.go @@ -0,0 +1,76 @@ +package acl + +type testExtendedACLTable struct { + records []ExtendedACLRecord +} + +type testRequestInfo struct { + headers []TypedHeader + key []byte + opType OperationType + target Target +} + +type testEACLRecord struct { + opType OperationType + filters []HeaderFilter + targets []ExtendedACLTarget + action ExtendedACLAction +} + +type testEACLTarget struct { + target Target + keys [][]byte +} + +func (s testEACLTarget) Target() Target { + return s.target +} + +func (s testEACLTarget) KeyList() [][]byte { + return s.keys +} + +func (s testEACLRecord) OperationType() OperationType { + return s.opType +} + +func (s testEACLRecord) HeaderFilters() []HeaderFilter { + return s.filters +} + +func (s testEACLRecord) TargetList() []ExtendedACLTarget { + return s.targets +} + +func (s testEACLRecord) Action() ExtendedACLAction { + return s.action +} + +func (s testRequestInfo) HeadersOfType(typ HeaderType) ([]Header, bool) { + res := make([]Header, 0, len(s.headers)) + + for i := range s.headers { + if s.headers[i].HeaderType() == typ { + res = append(res, s.headers[i]) + } + } + + return res, true +} + +func (s testRequestInfo) Key() []byte { + return s.key +} + +func (s testRequestInfo) TypeOf(t OperationType) bool { + return s.opType == t +} + +func (s testRequestInfo) TargetOf(t Target) bool { + return s.target == t +} + +func (s testExtendedACLTable) Records() []ExtendedACLRecord { + return s.records +} diff --git a/acl/extended.go b/acl/extended.go new file mode 100644 index 0000000..61ccbcf --- /dev/null +++ b/acl/extended.go @@ -0,0 +1,120 @@ +package acl + +import ( + "context" + + "github.com/nspcc-dev/neofs-api-go/refs" +) + +// OperationType is an enumeration of operation types for extended ACL. +type OperationType uint32 + +// HeaderType is an enumeration of header types for extended ACL. +type HeaderType uint32 + +// MatchType is an enumeration of match types for extended ACL. +type MatchType uint32 + +// ExtendedACLAction is an enumeration of extended ACL actions. +type ExtendedACLAction uint32 + +// Header is an interface of string key-value pair, +type Header interface { + // Must return string identifier of header. + Name() string + + // Must return string value of header. + Value() string +} + +// TypedHeader is an interface of Header and HeaderType pair. +type TypedHeader interface { + Header + + // Must return type of filtered header. + HeaderType() HeaderType +} + +// TypedHeaderSource is a various types of header set interface. +type TypedHeaderSource interface { + // Must return list of Header of particular type. + // Must return false if there is no ability to compose header list. + HeadersOfType(HeaderType) ([]Header, bool) +} + +// HeaderFilter is an interface of grouped information about filtered header. +type HeaderFilter interface { + // Must return match type of filter. + MatchType() MatchType + + TypedHeader +} + +// ExtendedACLTarget is an interface of grouped information about extended ACL rule target. +type ExtendedACLTarget interface { + // Must return ACL target type. + Target() Target + + // Must return public key list of ACL targets. + KeyList() [][]byte +} + +// ExtendedACLRecord is an interface of record of extended ACL rule table. +type ExtendedACLRecord interface { + // Must return operation type of extended ACL rule. + OperationType() OperationType + + // Must return list of header filters of extended ACL rule. + HeaderFilters() []HeaderFilter + + // Must return target list of extended ACL rule. + TargetList() []ExtendedACLTarget + + // Must return action of extended ACL rule. + Action() ExtendedACLAction +} + +// ExtendedACLTable is an interface of extended ACL table. +type ExtendedACLTable interface { + // Must return list of extended ACL rules. + Records() []ExtendedACLRecord +} + +// ExtendedACLSource is an interface of storage of extended ACL tables with read access. +type ExtendedACLSource interface { + // Must return extended ACL table by container ID key. + GetExtendedACLTable(context.Context, refs.CID) (ExtendedACLTable, error) +} + +// ExtendedACLStore is an interface of storage of extended ACL tables. +type ExtendedACLStore interface { + ExtendedACLSource + + // Must store extended ACL table for container ID key. + PutExtendedACLTable(context.Context, refs.CID, ExtendedACLTable) error +} + +const ( + _ OperationType = iota + + // OpTypeGet is an OperationType for object.Get RPC + OpTypeGet + + // OpTypePut is an OperationType for object.Put RPC + OpTypePut + + // OpTypeHead is an OperationType for object.Head RPC + OpTypeHead + + // OpTypeSearch is an OperationType for object.Search RPC + OpTypeSearch + + // OpTypeDelete is an OperationType for object.Delete RPC + OpTypeDelete + + // OpTypeRange is an OperationType for object.GetRange RPC + OpTypeRange + + // OpTypeRangeHash is an OperationType for object.GetRangeHash RPC + OpTypeRangeHash +) diff --git a/acl/header.go b/acl/header.go new file mode 100644 index 0000000..9dff79e --- /dev/null +++ b/acl/header.go @@ -0,0 +1,290 @@ +package acl + +import ( + "strconv" + + "github.com/nspcc-dev/neofs-api-go/object" + "github.com/nspcc-dev/neofs-api-go/service" +) + +type objectHeaderSource struct { + obj *object.Object +} + +type typedHeader struct { + n string + v string + t HeaderType +} + +type extendedHeadersWrapper struct { + hdrSrc service.ExtendedHeadersSource +} + +type typedExtendedHeader struct { + hdr service.ExtendedHeader +} + +const ( + _ HeaderType = iota + + // HdrTypeRequest is a HeaderType for request header. + HdrTypeRequest + + // HdrTypeObjSys is a HeaderType for system headers of object. + HdrTypeObjSys + + // HdrTypeObjUsr is a HeaderType for user headers of object. + HdrTypeObjUsr +) + +const ( + // HdrObjSysNameID is a name of ID field in system header of object. + HdrObjSysNameID = "ID" + + // HdrObjSysNameCID is a name of CID field in system header of object. + HdrObjSysNameCID = "CID" + + // HdrObjSysNameOwnerID is a name of OwnerID field in system header of object. + HdrObjSysNameOwnerID = "OWNER_ID" + + // HdrObjSysNameVersion is a name of Version field in system header of object. + HdrObjSysNameVersion = "VERSION" + + // HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object. + HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH" + + // HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object. + HdrObjSysNameCreatedUnix = "CREATED_UNIX" + + // HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object. + HdrObjSysNameCreatedEpoch = "CREATED_EPOCH" + + // HdrObjSysLinkPrev is a name of previous link header in extended headers of object. + HdrObjSysLinkPrev = "LINK_PREV" + + // HdrObjSysLinkNext is a name of next link header in extended headers of object. + HdrObjSysLinkNext = "LINK_NEXT" + + // HdrObjSysLinkChild is a name of child link header in extended headers of object. + HdrObjSysLinkChild = "LINK_CHILD" + + // HdrObjSysLinkPar is a name of parent link header in extended headers of object. + HdrObjSysLinkPar = "LINK_PAR" + + // HdrObjSysLinkSG is a name of storage group link header in extended headers of object. + HdrObjSysLinkSG = "LINK_SG" +) + +func newTypedHeader(name, value string, typ HeaderType) TypedHeader { + return &typedHeader{ + n: name, + v: value, + t: typ, + } +} + +// Name is a name field getter. +func (s typedHeader) Name() string { + return s.n +} + +// Value is a value field getter. +func (s typedHeader) Value() string { + return s.v +} + +// HeaderType is a type field getter. +func (s typedHeader) HeaderType() HeaderType { + return s.t +} + +// TypedHeaderSourceFromObject wraps passed object and returns TypedHeaderSource interface. +func TypedHeaderSourceFromObject(obj *object.Object) TypedHeaderSource { + return &objectHeaderSource{ + obj: obj, + } +} + +// HeaderOfType gathers object headers of passed type and returns Header list. +// +// If value of some header can not be calculated (e.g. nil extended header), it does not appear in list. +// +// Always returns true. +func (s objectHeaderSource) HeadersOfType(typ HeaderType) ([]Header, bool) { + if s.obj == nil { + return nil, true + } + + var res []Header + + switch typ { + case HdrTypeObjUsr: + objHeaders := s.obj.GetHeaders() + + res = make([]Header, 0, len(objHeaders)) // 7 system header fields + + for _, extHdr := range objHeaders { + if h := newTypedObjectExtendedHeader(extHdr); h != nil { + res = append(res, h) + } + } + case HdrTypeObjSys: + res = make([]Header, 0, 7) + + sysHdr := s.obj.GetSystemHeader() + + // ID + res = append(res, newTypedHeader( + HdrObjSysNameID, + sysHdr.ID.String(), + HdrTypeObjSys), + ) + + // CID + res = append(res, newTypedHeader( + HdrObjSysNameCID, + sysHdr.CID.String(), + HdrTypeObjSys), + ) + + // OwnerID + res = append(res, newTypedHeader( + HdrObjSysNameOwnerID, + sysHdr.OwnerID.String(), + HdrTypeObjSys), + ) + + // Version + res = append(res, newTypedHeader( + HdrObjSysNameVersion, + strconv.FormatUint(sysHdr.GetVersion(), 10), + HdrTypeObjSys), + ) + + // PayloadLength + res = append(res, newTypedHeader( + HdrObjSysNamePayloadLength, + strconv.FormatUint(sysHdr.GetPayloadLength(), 10), + HdrTypeObjSys), + ) + + created := sysHdr.GetCreatedAt() + + // CreatedAt.UnitTime + res = append(res, newTypedHeader( + HdrObjSysNameCreatedUnix, + strconv.FormatUint(uint64(created.GetUnixTime()), 10), + HdrTypeObjSys), + ) + + // CreatedAt.Epoch + res = append(res, newTypedHeader( + HdrObjSysNameCreatedEpoch, + strconv.FormatUint(created.GetEpoch(), 10), + HdrTypeObjSys), + ) + } + + return res, true +} + +func newTypedObjectExtendedHeader(h object.Header) TypedHeader { + val := h.GetValue() + if val == nil { + return nil + } + + res := new(typedHeader) + res.t = HdrTypeObjSys + + switch hdr := val.(type) { + case *object.Header_UserHeader: + if hdr.UserHeader == nil { + return nil + } + + res.t = HdrTypeObjUsr + res.n = hdr.UserHeader.GetKey() + res.v = hdr.UserHeader.GetValue() + case *object.Header_Link: + if hdr.Link == nil { + return nil + } + + switch hdr.Link.GetType() { + case object.Link_Previous: + res.n = HdrObjSysLinkPrev + case object.Link_Next: + res.n = HdrObjSysLinkNext + case object.Link_Child: + res.n = HdrObjSysLinkChild + case object.Link_Parent: + res.n = HdrObjSysLinkPar + case object.Link_StorageGroup: + res.n = HdrObjSysLinkSG + default: + return nil + } + + res.v = hdr.Link.ID.String() + default: + return nil + } + + return res +} + +// TypedHeaderSourceFromExtendedHeaders wraps passed ExtendedHeadersSource and returns TypedHeaderSource interface. +func TypedHeaderSourceFromExtendedHeaders(hdrSrc service.ExtendedHeadersSource) TypedHeaderSource { + return &extendedHeadersWrapper{ + hdrSrc: hdrSrc, + } +} + +// Name returns the result of Key method. +func (s typedExtendedHeader) Name() string { + return s.hdr.Key() +} + +// Value returns the result of Value method. +func (s typedExtendedHeader) Value() string { + return s.hdr.Value() +} + +// HeaderType always returns HdrTypeRequest. +func (s typedExtendedHeader) HeaderType() HeaderType { + return HdrTypeRequest +} + +// TypedHeaders gathers extended request headers and returns TypedHeader list. +// +// Nil headers are ignored. +// +// Always returns true. +func (s extendedHeadersWrapper) HeadersOfType(typ HeaderType) ([]Header, bool) { + if s.hdrSrc == nil { + return nil, true + } + + var res []Header + + switch typ { + case HdrTypeRequest: + hs := s.hdrSrc.ExtendedHeaders() + + res = make([]Header, 0, len(hs)) + + for i := range hs { + if hs[i] == nil { + continue + } + + res = append(res, &typedExtendedHeader{ + hdr: hs[i], + }) + } + } + + return res, true +} diff --git a/acl/headers_test.go b/acl/headers_test.go new file mode 100644 index 0000000..500d9a4 --- /dev/null +++ b/acl/headers_test.go @@ -0,0 +1,59 @@ +package acl + +import ( + "testing" + + "github.com/nspcc-dev/neofs-api-go/object" + "github.com/stretchr/testify/require" +) + +func TestNewTypedObjectExtendedHeader(t *testing.T) { + var res TypedHeader + + hdr := object.Header{} + + // nil value + require.Nil(t, newTypedObjectExtendedHeader(hdr)) + + // UserHeader + { + key := "key" + val := "val" + hdr.Value = &object.Header_UserHeader{ + UserHeader: &object.UserHeader{ + Key: key, + Value: val, + }, + } + + res = newTypedObjectExtendedHeader(hdr) + require.Equal(t, HdrTypeObjUsr, res.HeaderType()) + require.Equal(t, key, res.Name()) + require.Equal(t, val, res.Value()) + } + + { // Link + link := new(object.Link) + link.ID = object.ID{1, 2, 3} + + hdr.Value = &object.Header_Link{ + Link: link, + } + + check := func(lt object.Link_Type, name string) { + link.Type = lt + + res = newTypedObjectExtendedHeader(hdr) + + require.Equal(t, HdrTypeObjSys, res.HeaderType()) + require.Equal(t, name, res.Name()) + require.Equal(t, link.ID.String(), res.Value()) + } + + check(object.Link_Previous, HdrObjSysLinkPrev) + check(object.Link_Next, HdrObjSysLinkNext) + check(object.Link_Parent, HdrObjSysLinkPar) + check(object.Link_Child, HdrObjSysLinkChild) + check(object.Link_StorageGroup, HdrObjSysLinkSG) + } +} diff --git a/acl/match.go b/acl/match.go new file mode 100644 index 0000000..bddee89 --- /dev/null +++ b/acl/match.go @@ -0,0 +1,29 @@ +package acl + +const ( + _ MatchType = iota + StringEqual + StringNotEqual +) + +// Maps MatchType to corresponding function. +// 1st argument of function - header value, 2nd - header filter. +var mMatchFns = map[MatchType]func(Header, Header) bool{ + StringEqual: stringEqual, + + StringNotEqual: stringNotEqual, +} + +const ( + mResUndefined = iota + mResMatch + mResMismatch +) + +func stringEqual(header, filter Header) bool { + return header.Value() == filter.Value() +} + +func stringNotEqual(header, filter Header) bool { + return header.Value() != filter.Value() +} diff --git a/acl/match_test.go b/acl/match_test.go new file mode 100644 index 0000000..6975722 --- /dev/null +++ b/acl/match_test.go @@ -0,0 +1,44 @@ +package acl + +type testTypedHeader struct { + t HeaderType + k string + v string +} + +type testHeaderSrc struct { + hs []TypedHeader +} + +type testHeaderFilter struct { + TypedHeader + t MatchType +} + +func (s testHeaderFilter) MatchType() MatchType { + return s.t +} + +func (s testHeaderSrc) HeadersOfType(typ HeaderType) ([]Header, bool) { + res := make([]Header, 0, len(s.hs)) + + for i := range s.hs { + if s.hs[i].HeaderType() == typ { + res = append(res, s.hs[i]) + } + } + + return res, true +} + +func (s testTypedHeader) Name() string { + return s.k +} + +func (s testTypedHeader) Value() string { + return s.v +} + +func (s testTypedHeader) HeaderType() HeaderType { + return s.t +} diff --git a/acl/types.go b/acl/types.go new file mode 100644 index 0000000..0587b9b --- /dev/null +++ b/acl/types.go @@ -0,0 +1,56 @@ +package acl + +// SetMatchType is MatchType field setter. +func (m *EACLRecord_FilterInfo) SetMatchType(v EACLRecord_FilterInfo_MatchType) { + m.MatchType = v +} + +// SetHeader is a Header field setter. +func (m *EACLRecord_FilterInfo) SetHeader(v EACLRecord_FilterInfo_Header) { + m.Header = v +} + +// SetHeaderName is a HeaderName field setter. +func (m *EACLRecord_FilterInfo) SetHeaderName(v string) { + m.HeaderName = v +} + +// SetHeaderVal is a HeaderVal field setter. +func (m *EACLRecord_FilterInfo) SetHeaderVal(v string) { + m.HeaderVal = v +} + +// SetTarget is a Target field setter. +func (m *EACLRecord_TargetInfo) SetTarget(v Target) { + m.Target = v +} + +// SetKeyList is a KeyList field setter. +func (m *EACLRecord_TargetInfo) SetKeyList(v [][]byte) { + m.KeyList = v +} + +// SetOperation is an Operation field setter. +func (m *EACLRecord) SetOperation(v EACLRecord_Operation) { + m.Operation = v +} + +// SetAction is an Action field setter. +func (m *EACLRecord) SetAction(v EACLRecord_Action) { + m.Action = v +} + +// SetFilters is a Filters field setter. +func (m *EACLRecord) SetFilters(v []*EACLRecord_FilterInfo) { + m.Filters = v +} + +// SetTargets is a Targets field setter. +func (m *EACLRecord) SetTargets(v []*EACLRecord_TargetInfo) { + m.Targets = v +} + +// SetRecords is a Records field setter. +func (m *EACLTable) SetRecords(v []*EACLRecord) { + m.Records = v +} diff --git a/acl/types.pb.go b/acl/types.pb.go index bcbd1998e272c6b48d814cc10e11139b235079c4..24ecf2814a556e10d7cb3b1a23647c4150bebd37 100644 GIT binary patch literal 37624 zcmeHQYjYdNvHeW`in**xiik;wAV}~L(N($@W2<6IE=l%Hl}eXc01FZkUcp16;`qPc z?sIx}XI~&dk#?vnegLt%{hEGFPw(vF(IfZGxEs66coa{gdE9mFk8Uy@&&QozIk$T` zz8u%x(--dfi`VY_>9g1M%}0;iY`mCu;!_uO29M?+C-JNfl+Dda)OiG{16N`e_Fj?f!hmGmrG^)@E%}#eW(1;%PkU#Ev4)+-XIJD*ouAY3xShxf{#T^h19ZyTvT-);HfrQ+MIcsI2-A(R6kd4U)4m*!sB=>LsUC zu==x64I;jRi=3!o(jUaT^ZrouHk-xMd4D`oiQ>_0A^xV2Gx{Ugx*&OD4VyA_SaK`wZ=Q-$)VmIi& ziw7UwFpfqu_fd>52$PR)3>B#yw3cT$isLSH+7@L^y6RT-&CXcZ1seNNo$N>Y%d^?f z@pLB4n@))h;z-pzxtvDgnuP&Tfzk9b7OOx6@wbkePI%0xv84{`8=)16GH1 zuZi9t&71q1CYv~_aQ|uaZZ!TN1^~p4>&CrkF_^pe(O?nRH#dlR;lYg1ncE|_*w0W+ z3bFBIGU!WWiAT-iQC9%O96BmtBL_AFm0e5{PXiuGEMd?9gI6DC^LV&2i`jfU)qosn zkgI=)R)jT3B^=#YL>j3qQ}q#rO@%Oqi5UC9eIZ07Naj={^<6Pi4IT*@8R*o_Lg`Z; zMlIpd1dksV?Y~L@-pJ!Bnz_lMJ?MAbJAoHpeBbY?zDFPvU(Z$RUH9ah?^BjWJYjjD zxj|!^XD&vOgyWeTMw2&ilDD(DD(9EYjlEO1W!B%?+1zO8p$t#I@5^`UOOKjz#F6RI zfgF*k9Q~T%1=liWWb+n0g;~Ps)a?loayoVL*U&>_CMWjw(74HAQxA=u93FsWZ!zk) z?Q0ui&Aq~qwrh?|o$#B+^Tl*zN$q^J7(N$0YzI2o5w%LpY+u)EItr5H^_o+Jr}3;a z?N7w-gz)y8x9yMfc*nib5!C_?n!!@gi<5S%8TERHy=K%rjGOz0@yp(?%0P z%})|Mkz^@h<fBEF~vlq`VetQ1b=P&-} zxeG5QED-F$m2b~qt3`sp;9|=7%t;6bSH3%c@-)DauffF-O+qfX^5ah{a+4?u(4L-u zfByPB!e@J!;93AF>`F1;;uTIcFhXD(|uc zP?XkEfl7-^5EutZ0kY?=AU)_na_5;SY*?9Vk}@Q}!1`IFL%om;Ho$3x7cgqOc$CRL zWg1u`7nPyI;H8Fp z4qy^0*@-uRAQdh9RGJ%PX_iDxK#SaN2p$6E%1+aW51(*odJgp`hHLd{aSAGmu`I^2 zLRgG>A$&w3#xkPF6;`LIEC7}owLI_&Qr#{F3uIQBCJI>h6q$R$jPXM>?_9msb!lmF zE1iRmEbP%}DHOJWyaAb&;u7#aEUVl&CAuUwxso{l=OP+Z2Si9IJL?2vAf@NyIf<2r zR!FIAJ__h1pf>~<;BxU5jLOGYR=m>5s+9S%u*$I3$iPZ3WR7s*f)7hJuO2DPDrc`U zF+Mqtvf8|9W-Axr9u|obN;@u@>QbL^m(%fLB8@hgvZg~WAEWkoF?V580F9bLF{X>+ zMQ5%{*39y=6HTZ6SXv(%uHnj4dJE|?DwQEvdHx-3GU;@lZb_#>7Q{P^o$+M8qrHZ+ zv0q;9{9`sAoh77pfYjX41@D>kRqJJ>x11uKZly%V!@l&1Ci9P5f5!k=WjHUrmZ5Vt zZz5EqBE5kG^zBSh?)_A5qEl$XFO!%MUR=Y?%SykIcAlwv#ztQc<%g8b8y?`z+dl=; zrtanfiM9VQ+iC7h;|UdQ$R?#1#h=Z~!q!GA%MGq%I%TKPdWADhiRoWfXwui3swnh9 zDzu4_6WX862>rLe{q5rUSW;R1G46gZUNDuUOlSV(*HjGq_IEnYuDXe0E=E&nm|Twf z|B{ZG{;`8&(BZ#4=1fpJQAhfk_J>B1KM4N^m`MRJbb%>r(xMlmO9RRO{o?*Kl;SY8 zwhZN0>ptaBnK*;4mdiA?zR`YpXZ~6;fI$vx38{<>=urP4ePwB&Qj}jj%M4uF#=5hP z7u#yNfvI_Z8Vz};VY_XXsaeB5ZQc#*0hD&>Dyi9Bi-eYTyTxCI{gHIarJdRyj|V{$ z4|fL8#A}N!+HX!f(PX<_d%L+Y+EFRosWeRet&rE_SL#Fmz39o!7J=H_kp8y<{nwcr z^#__)eYa5#fxo%&Ytn%f>Z7+i3b}LuvD^jNo=rQ}u{3Kz#_Q|riy^ItB}?i%^&fyX z+;M`rR6#lfF{*fS(7GJfd3u>(Px~{;UR^6FgoF%ti9k8hY`Nks%o)e+24BBfYqSYo4LJwXo56jI5z)za#|C<*6*tQb6}nyQq6 zAQb}eqN#itbIbL@J)4Vz31pcNh8{{mH!Tk|(Yxj80>dErFJoxvB@Cr9352e!c6yjO z3nk7)fSajyYys@&Utj86p*tY+uU!v}pHlLzfnW+Q7CWTGqJhM8^|P#SC@}C7w~@+B zfufeAQcbD|KMJV>J6AG@6ry|_>Gk4Jg8B#KAU*1~1Z%~?B=CMbDZTuVs3^T5lZ**> zsiX*{f%WDc)sff;&|+J?6b!=`MM?FU(xy=qFIQ{?Amx(%EOmx=8LoGhNv6=jpULQo zQXZtWCPffT3MpR}6tBalhvb@L%qHl$ICxEUheFBh@h2HI| zpbX8`3Ze|k9oI(IGbt%(GF ztN^{9!(64-3eeXqy8_IblS+UYEL-;!rnaRe5GjPUK>74VxaHMQUbt3hDinFyHZT718Py1 za;p>uDRgCFkb>M@VGz<>u`mcx?z}KS`?stx2)W*AVUQ>MkPCytSZ-Gsq-0hq3{vph z7Y2D6x#|6;!XQPzRbh~#uUiBf>UXfbF@}cld z((AHm)WAcw*7lGLpVlBrlGh!s{hM#Rgxg?VN4kwUGoNw$UfO@x&brPSnMo4+PqlA7 z?dt6TkCU51f~IY8mDxz=5kt?-9{%havj_MG>%bemuL5Y`dUl90B_YSPHA$` z%a?ROSvgyqOp-1w0U%w5sbpEsG@O#0iAqK8v*=AOp)k>>A?h#VOG$6>RBw@QZ|Tim zrtGbqa9etE@Lv00a$}_mIZeuGi(g2UowltprI*%V!xns&2hSB5*!eZ67Z%D{Mup2o zo<)$`u}>Dbl@cTnONB_G%H`0$^7eM%ZMAKgb89;e&XHPctKbC%%y3y-PNbe{XBB!u zHBmt?g;+|DA(p3svx4WRH6JS$xjs}x<`|(8K8Pk(=`DZ0KyUftagQ6|QWead4G zd)GZ+9d-2k;emd3y879Y$0+u$yAjSG%liHPBEx;V$lOmpg!HMoR5@bj%2ZGRq)KOEvA3(Y;2p!<_=t$4+w*U$FV|!RGixnH^C?P-p_?0N+n~U=UG*96m0$ z@%;d@P$6x6kDeLE1b7wuzxYlHLavwv)?Jb~mm%pO?obIACl#(VfqcZ?w^ zVHkQGO`Dd(xMh?&0>)-*@iLEq`^rV!ZEfahLiz^A5jS) zN3YoDcOW0&J55SoVp2PTq*O2CpPJyOxCTamfgeD2l8zw7Q6NhMAETrl+5lK&!#vi8 zh#ciUEF`HDMn>Q;Yqp67W45U@kfuUT=wlR!!3apQX+cF4qKEU6<&;4S446SXFx?(L zIq*FY-2>4ki0(rz%tEFvkTcK0xDNo?;e5a$Q$;lI0S3r;=9n5li>WlIh|bEX<_P4d zs1C-l2bPlfbOcpi9Knk?rU+=v{$wBH3>h3!2PDd|GD<962M$X9O@K1ok6}8dxnm&H zWtqS`fNX$VmsSBY&KZYf&;=UJcm(Zt!IIf=4-U#vG7C|e7U57@4_2XDw`d{nII1F& zwiy`mig9%MgyZ&L83eVVgFl*zJzI4P~M2olSxgbpkJqA%0092YyG8{2R zwg-V4kotsH0fPgGB_q}mFswPr9fBx_90RQh1l9^<$%t)%1WSS*NZafUtYhyW%HWVO zOx=N81nHQfX)em%fb4VxPMn;vEnU*nU~0OC_?t4IaoXN2qJ8>4rxcEZGgKEsF!bm% zF;vQFl8}r5CJag4P!WtqEq5@q2+S;lg6I)sCrdgg;iWJUfmk)sycCy_al%wV59vZV zEIJsON6>NuW~8o}b0}#C@Jw)wgAPT3daXj#-R0gL8LKw%AaGig5&D%nN91K{VHRS+ zLX}cPrt}WjNaQO64xhQurgdnRk--E<4BX!{S?h6m!u1Smo_*>XenK^}WT%Su;ntGo z#NVWlfEO{i19|B`%#>7)F(4YV5V964!4@cRZeUcA@iF6o7rM|sjl;sr=4za$B{(xP zVQ^X}B(25blRn7=E{>xkVA^WXyFrc_hI(W{7%}uP0#dTXGS21Z`Rc$0YBo_fHvp{fq<9x6FIG?}Y5v@}0b6n3oGSF&b+=*@HQkL}zRlGJ^?DqR zNk*uTxp0d*8lA;a+3x&`jpG@)Z%}A<%Q>{g=1ozIzG`+5k07ilMBn7o-`vnG*8|<| z%`*dTMXu{jgUo{w!5;R$+a;x80Ziy_=!HVXxv$-x zHikFk$tBl+-aWte5(hB5uJLEP__aKpXWw^sfw-aA8yl+dV0S)yaR`{{SG;|T#Q!|$^MC-hnarA!y^tqNAlQ{PryNfPp?Xt6*7C~>S~e3oS!0A zgo5V3F!vEbcR(%?6PK&y^q1Ec6qpr~Y69}PA-TD=er`xmtJnl7h{{->2k|Nx+%oy3 zcf4w!W%4N*-|vxpO2v5i$;WnBr7>Mn`z0{TOPU~Q8HN=ysIv;Gs|049ypTgjOl_3Z zag9tJ=L^~OLzniyqtLY-9-mdMkR8)+8lrjD4?iqz6VKAHOkkFWW$BX4a39u6BVB0N zQgBIyUcTZ;+8*OxPv7u>M!|bq6eiDH+eKYfj^A_r_+D~YTi*~XOL$)1#47o{lSOdj z@#7;bf3afWWnDz-TJw1O{U4?0)pP%rHRbW1rb59Hq$Bx8(67Ei{ZfuB2sT({FYTR@ z?dGzOik3sNI!d$S$bBW_b6=&JumyCm4AY$G>#zLc zZwWp@Q)Jeq$@1Bk!a5&a$nr@wKb4m;$I{O*AhsL^y1w*}$IBuKk(uSoi zQ+sY%pXX^npU$(`j!|{X>Jp?OJyntK08!264Wo)qUuKbXH*S$Hb`u3B(UJH>THkty zNUG|Ud@6x9w@}-L>lIr-Xy+*Mi4`}+6sNV=xi|8CSIskUnFk<4E<7tO~1;vBh*RKm|vg}f2^ z@na{{{?~V8wP~*`q~!V9wVE~g^BnT`GSXMgWEwuWjiIU@__noP)-d<2Y?=Mi<;`Qs zAzB;B8~C5eySmZq2Bc2W(v$ztmlxqvTsfn7v#Wk@uC(>+_FnDJ?$35kCP`KR+PNl} zO!2J)8s5*~=hNx4(fq~xc-oUUq(W&L9+I9m6pvyG9_30J-uhfUuvp)2x*Ml?lFoJleRsLqj#Qz3fJq$ zgYNUiP=_ufmp5^PuGp!m@vR3s7`x1ie-w&GdQ}FN07yMzDlrdBf3jeE3p>hBgPr21 zK%6UOd6_!jtLD@Wqp|!*guZ1>xA;PR!Xy#$v2Q$kwco&`KN!T9(Li2JcIp1mbrc_5 z|In>%>8@Umeh1=sjx%|&y}TgNUxey9S|Bz~MW)QClTLVI(GrP1Ovm!Nj8s!9ijEZw z(l?QdJRU|Rq3;B>n9P^r9Fe$hy6HT9 zsG!uDRi>ObZzS$a=IYQe)c$=KibZXOm8>}aTufxc$=Zh}KiN3VGUM!L)9Kn#WXpz9 z>uAOw&Mswc=dIX>A3_|ASVt$Tvdq6?uqc>mMy83Z36LP(M}vM>3WUo!-X}Xt^3r5H zn`ft1DIQ2lVT5i9u_oyZ?$>UO88clyp6Rco$jl;lz|Avu+#iEf!;|{x>My?{*$UIx zzj4km-iX7b__f`}+u%ib>AZZJ4D_v34N4?f@+H%PoKJMeVnBZC$Lr9it%LiB3|riO ziHx4?!k}xeFpYe6kzsBiMMM%Ab}AbgJXsMLhGCImNB0~V_Jc_b4OIL3BU!BL)u6L? z^3c@BWJ`)3qWs-roen_DYSV0 zn!KP>_i;h!Q+$3!!Qa;Fb>>BAT-HE5FAA3;OZH7^d~mE@JS+Q4t3$!@y{)PjaAulY zUsi$Y*;>wSl-1L;)I(hbrgQH-t^z|Q4`CI^?rP~IJ*-=o_H$WW*l@Coi_~ED#?Mcw zYwvFnm~^o#OqE>!Y*y>(h$;=1fPAve?qzLAf7AO5rAE``Az%9@3!StpxN=)ir@~@i z&`)?+Mim=_Ozy!fnzjZ#X6a1or-jmaA=76`ha`5h*6b%O6-V}hbJY^Nh1&@azlM_a zDBtsx46)4z5B~5&8^j_%CE#8$|@~w57gwR zjfb`&UNfQXzX^Un;>*3d2YjzCHS|5M(n2N=VU4Ly}n&ZYf-5qwR~LlR{wu!P47n|M!ADKKc3o}Wpq;OhIP8p`aMf@ zze_3TaN8+)PBMJPH5tGz8fn-z$j5Jnb;Ga@w;gGRJJTvnC{&mGUkaknydbh&XJ3jS zjrq^CRjqf7Vds0SfdU@CMG5q&6RvH0tekMaY_urbm8A8=XSLD7?|uy?TRWAxom{fJ z!oX~XwWBZhkS&LbpM1H8T-u5)y@#xKrPI6pNehDeo%0XoFY8BiWAce_NrU$vBNO32)NvLVSjRrmhOvm&J)wsLPCZ?lm-h{anvX6&XUZfrTP@ z?ej(>q8{djsgnJ7%m%WhJ-7dd+=A`;qwb5|x4K;&Nl1v(Z-9^Y&VcS=uz5)&IS{yT zd6))u$+lNt6DCpghiM zr40R#XPmi`L5^gX{=EM__My-lFXX9!?gGCvx$tdf`O!&zDxf51dg4yn=q2RE1>?(j e>c;kXhEb`sV>y*Y@{|UiS&%n&`v({$pro9w)+g6!rh+HCP=Kbfj2-t!AeNJ0TKZrAu;D6 zC#36p4oFJv`g^ZlmH&Rf`SI@S@6)IG>EZsp*`I%Yz22YW$NgJ=xe0#v z*P}yIZH0we4{($}>XLLry?EKn;kZm(=_0);03Nq`iXgDx!Wo99bh+-2 Date: Tue, 7 Jul 2020 18:17:50 +0300 Subject: [PATCH 3/9] acl: fix an erroneous method name in comments --- acl/wrappers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acl/wrappers.go b/acl/wrappers.go index b0481f4..30c2ee3 100644 --- a/acl/wrappers.go +++ b/acl/wrappers.go @@ -238,7 +238,7 @@ func (s EACLTargetWrapper) SetKeyList(v [][]byte) { } } -// KeyList returns casted result of Operation field getter. +// OperationType returns casted result of Operation field getter. // // If record is not initialized, 0 returns. // From 0db55d31ae0a24a7a603d827522d6960381b582f Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 19:43:16 +0300 Subject: [PATCH 4/9] acl: remove tests --- acl/action_test.go | 76 --------------------------------------------- acl/headers_test.go | 59 ----------------------------------- acl/match_test.go | 44 -------------------------- 3 files changed, 179 deletions(-) delete mode 100644 acl/action_test.go delete mode 100644 acl/headers_test.go delete mode 100644 acl/match_test.go diff --git a/acl/action_test.go b/acl/action_test.go deleted file mode 100644 index 83022e3..0000000 --- a/acl/action_test.go +++ /dev/null @@ -1,76 +0,0 @@ -package acl - -type testExtendedACLTable struct { - records []ExtendedACLRecord -} - -type testRequestInfo struct { - headers []TypedHeader - key []byte - opType OperationType - target Target -} - -type testEACLRecord struct { - opType OperationType - filters []HeaderFilter - targets []ExtendedACLTarget - action ExtendedACLAction -} - -type testEACLTarget struct { - target Target - keys [][]byte -} - -func (s testEACLTarget) Target() Target { - return s.target -} - -func (s testEACLTarget) KeyList() [][]byte { - return s.keys -} - -func (s testEACLRecord) OperationType() OperationType { - return s.opType -} - -func (s testEACLRecord) HeaderFilters() []HeaderFilter { - return s.filters -} - -func (s testEACLRecord) TargetList() []ExtendedACLTarget { - return s.targets -} - -func (s testEACLRecord) Action() ExtendedACLAction { - return s.action -} - -func (s testRequestInfo) HeadersOfType(typ HeaderType) ([]Header, bool) { - res := make([]Header, 0, len(s.headers)) - - for i := range s.headers { - if s.headers[i].HeaderType() == typ { - res = append(res, s.headers[i]) - } - } - - return res, true -} - -func (s testRequestInfo) Key() []byte { - return s.key -} - -func (s testRequestInfo) TypeOf(t OperationType) bool { - return s.opType == t -} - -func (s testRequestInfo) TargetOf(t Target) bool { - return s.target == t -} - -func (s testExtendedACLTable) Records() []ExtendedACLRecord { - return s.records -} diff --git a/acl/headers_test.go b/acl/headers_test.go deleted file mode 100644 index 500d9a4..0000000 --- a/acl/headers_test.go +++ /dev/null @@ -1,59 +0,0 @@ -package acl - -import ( - "testing" - - "github.com/nspcc-dev/neofs-api-go/object" - "github.com/stretchr/testify/require" -) - -func TestNewTypedObjectExtendedHeader(t *testing.T) { - var res TypedHeader - - hdr := object.Header{} - - // nil value - require.Nil(t, newTypedObjectExtendedHeader(hdr)) - - // UserHeader - { - key := "key" - val := "val" - hdr.Value = &object.Header_UserHeader{ - UserHeader: &object.UserHeader{ - Key: key, - Value: val, - }, - } - - res = newTypedObjectExtendedHeader(hdr) - require.Equal(t, HdrTypeObjUsr, res.HeaderType()) - require.Equal(t, key, res.Name()) - require.Equal(t, val, res.Value()) - } - - { // Link - link := new(object.Link) - link.ID = object.ID{1, 2, 3} - - hdr.Value = &object.Header_Link{ - Link: link, - } - - check := func(lt object.Link_Type, name string) { - link.Type = lt - - res = newTypedObjectExtendedHeader(hdr) - - require.Equal(t, HdrTypeObjSys, res.HeaderType()) - require.Equal(t, name, res.Name()) - require.Equal(t, link.ID.String(), res.Value()) - } - - check(object.Link_Previous, HdrObjSysLinkPrev) - check(object.Link_Next, HdrObjSysLinkNext) - check(object.Link_Parent, HdrObjSysLinkPar) - check(object.Link_Child, HdrObjSysLinkChild) - check(object.Link_StorageGroup, HdrObjSysLinkSG) - } -} diff --git a/acl/match_test.go b/acl/match_test.go deleted file mode 100644 index 6975722..0000000 --- a/acl/match_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package acl - -type testTypedHeader struct { - t HeaderType - k string - v string -} - -type testHeaderSrc struct { - hs []TypedHeader -} - -type testHeaderFilter struct { - TypedHeader - t MatchType -} - -func (s testHeaderFilter) MatchType() MatchType { - return s.t -} - -func (s testHeaderSrc) HeadersOfType(typ HeaderType) ([]Header, bool) { - res := make([]Header, 0, len(s.hs)) - - for i := range s.hs { - if s.hs[i].HeaderType() == typ { - res = append(res, s.hs[i]) - } - } - - return res, true -} - -func (s testTypedHeader) Name() string { - return s.k -} - -func (s testTypedHeader) Value() string { - return s.v -} - -func (s testTypedHeader) HeaderType() HeaderType { - return s.t -} From d0f56e504448b2f820e1c79038796b2d2ac3b5cf Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 19:44:09 +0300 Subject: [PATCH 5/9] acl: reorganize files --- acl/action.go | 38 ------ acl/header.go | 290 ------------------------------------------- acl/match.go | 29 ----- acl/types.go | 116 +++++++++++++++++ acl/wrappers.go | 8 +- acl/wrappers_test.go | 2 +- 6 files changed, 121 insertions(+), 362 deletions(-) delete mode 100644 acl/action.go delete mode 100644 acl/header.go delete mode 100644 acl/match.go diff --git a/acl/action.go b/acl/action.go deleted file mode 100644 index b2986e2..0000000 --- a/acl/action.go +++ /dev/null @@ -1,38 +0,0 @@ -package acl - -// RequestInfo is an interface of request information needed for extended ACL check. -type RequestInfo interface { - TypedHeaderSource - - // Must return the binary representation of request initiator's key. - Key() []byte - - // Must return true if request corresponds to operation type. - TypeOf(OperationType) bool - - // Must return true if request has passed target. - TargetOf(Target) bool -} - -// ExtendedACLChecker is an interface of extended ACL checking tool. -type ExtendedACLChecker interface { - // Must return an action according to the results of applying the ACL table rules to request. - // - // Must return ActionUndefined if it is unable to explicitly calculate the action. - Action(ExtendedACLTable, RequestInfo) ExtendedACLAction -} - -type extendedACLChecker struct{} - -const ( - // ActionUndefined is ExtendedACLAction used to mark value as undefined. - // Most of the tools consider ActionUndefined as incalculable. - // Using ActionUndefined in ExtendedACLRecord is unsafe. - ActionUndefined ExtendedACLAction = iota - - // ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule. - ActionAllow - - // ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule. - ActionDeny -) diff --git a/acl/header.go b/acl/header.go deleted file mode 100644 index 9dff79e..0000000 --- a/acl/header.go +++ /dev/null @@ -1,290 +0,0 @@ -package acl - -import ( - "strconv" - - "github.com/nspcc-dev/neofs-api-go/object" - "github.com/nspcc-dev/neofs-api-go/service" -) - -type objectHeaderSource struct { - obj *object.Object -} - -type typedHeader struct { - n string - v string - t HeaderType -} - -type extendedHeadersWrapper struct { - hdrSrc service.ExtendedHeadersSource -} - -type typedExtendedHeader struct { - hdr service.ExtendedHeader -} - -const ( - _ HeaderType = iota - - // HdrTypeRequest is a HeaderType for request header. - HdrTypeRequest - - // HdrTypeObjSys is a HeaderType for system headers of object. - HdrTypeObjSys - - // HdrTypeObjUsr is a HeaderType for user headers of object. - HdrTypeObjUsr -) - -const ( - // HdrObjSysNameID is a name of ID field in system header of object. - HdrObjSysNameID = "ID" - - // HdrObjSysNameCID is a name of CID field in system header of object. - HdrObjSysNameCID = "CID" - - // HdrObjSysNameOwnerID is a name of OwnerID field in system header of object. - HdrObjSysNameOwnerID = "OWNER_ID" - - // HdrObjSysNameVersion is a name of Version field in system header of object. - HdrObjSysNameVersion = "VERSION" - - // HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object. - HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH" - - // HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object. - HdrObjSysNameCreatedUnix = "CREATED_UNIX" - - // HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object. - HdrObjSysNameCreatedEpoch = "CREATED_EPOCH" - - // HdrObjSysLinkPrev is a name of previous link header in extended headers of object. - HdrObjSysLinkPrev = "LINK_PREV" - - // HdrObjSysLinkNext is a name of next link header in extended headers of object. - HdrObjSysLinkNext = "LINK_NEXT" - - // HdrObjSysLinkChild is a name of child link header in extended headers of object. - HdrObjSysLinkChild = "LINK_CHILD" - - // HdrObjSysLinkPar is a name of parent link header in extended headers of object. - HdrObjSysLinkPar = "LINK_PAR" - - // HdrObjSysLinkSG is a name of storage group link header in extended headers of object. - HdrObjSysLinkSG = "LINK_SG" -) - -func newTypedHeader(name, value string, typ HeaderType) TypedHeader { - return &typedHeader{ - n: name, - v: value, - t: typ, - } -} - -// Name is a name field getter. -func (s typedHeader) Name() string { - return s.n -} - -// Value is a value field getter. -func (s typedHeader) Value() string { - return s.v -} - -// HeaderType is a type field getter. -func (s typedHeader) HeaderType() HeaderType { - return s.t -} - -// TypedHeaderSourceFromObject wraps passed object and returns TypedHeaderSource interface. -func TypedHeaderSourceFromObject(obj *object.Object) TypedHeaderSource { - return &objectHeaderSource{ - obj: obj, - } -} - -// HeaderOfType gathers object headers of passed type and returns Header list. -// -// If value of some header can not be calculated (e.g. nil extended header), it does not appear in list. -// -// Always returns true. -func (s objectHeaderSource) HeadersOfType(typ HeaderType) ([]Header, bool) { - if s.obj == nil { - return nil, true - } - - var res []Header - - switch typ { - case HdrTypeObjUsr: - objHeaders := s.obj.GetHeaders() - - res = make([]Header, 0, len(objHeaders)) // 7 system header fields - - for _, extHdr := range objHeaders { - if h := newTypedObjectExtendedHeader(extHdr); h != nil { - res = append(res, h) - } - } - case HdrTypeObjSys: - res = make([]Header, 0, 7) - - sysHdr := s.obj.GetSystemHeader() - - // ID - res = append(res, newTypedHeader( - HdrObjSysNameID, - sysHdr.ID.String(), - HdrTypeObjSys), - ) - - // CID - res = append(res, newTypedHeader( - HdrObjSysNameCID, - sysHdr.CID.String(), - HdrTypeObjSys), - ) - - // OwnerID - res = append(res, newTypedHeader( - HdrObjSysNameOwnerID, - sysHdr.OwnerID.String(), - HdrTypeObjSys), - ) - - // Version - res = append(res, newTypedHeader( - HdrObjSysNameVersion, - strconv.FormatUint(sysHdr.GetVersion(), 10), - HdrTypeObjSys), - ) - - // PayloadLength - res = append(res, newTypedHeader( - HdrObjSysNamePayloadLength, - strconv.FormatUint(sysHdr.GetPayloadLength(), 10), - HdrTypeObjSys), - ) - - created := sysHdr.GetCreatedAt() - - // CreatedAt.UnitTime - res = append(res, newTypedHeader( - HdrObjSysNameCreatedUnix, - strconv.FormatUint(uint64(created.GetUnixTime()), 10), - HdrTypeObjSys), - ) - - // CreatedAt.Epoch - res = append(res, newTypedHeader( - HdrObjSysNameCreatedEpoch, - strconv.FormatUint(created.GetEpoch(), 10), - HdrTypeObjSys), - ) - } - - return res, true -} - -func newTypedObjectExtendedHeader(h object.Header) TypedHeader { - val := h.GetValue() - if val == nil { - return nil - } - - res := new(typedHeader) - res.t = HdrTypeObjSys - - switch hdr := val.(type) { - case *object.Header_UserHeader: - if hdr.UserHeader == nil { - return nil - } - - res.t = HdrTypeObjUsr - res.n = hdr.UserHeader.GetKey() - res.v = hdr.UserHeader.GetValue() - case *object.Header_Link: - if hdr.Link == nil { - return nil - } - - switch hdr.Link.GetType() { - case object.Link_Previous: - res.n = HdrObjSysLinkPrev - case object.Link_Next: - res.n = HdrObjSysLinkNext - case object.Link_Child: - res.n = HdrObjSysLinkChild - case object.Link_Parent: - res.n = HdrObjSysLinkPar - case object.Link_StorageGroup: - res.n = HdrObjSysLinkSG - default: - return nil - } - - res.v = hdr.Link.ID.String() - default: - return nil - } - - return res -} - -// TypedHeaderSourceFromExtendedHeaders wraps passed ExtendedHeadersSource and returns TypedHeaderSource interface. -func TypedHeaderSourceFromExtendedHeaders(hdrSrc service.ExtendedHeadersSource) TypedHeaderSource { - return &extendedHeadersWrapper{ - hdrSrc: hdrSrc, - } -} - -// Name returns the result of Key method. -func (s typedExtendedHeader) Name() string { - return s.hdr.Key() -} - -// Value returns the result of Value method. -func (s typedExtendedHeader) Value() string { - return s.hdr.Value() -} - -// HeaderType always returns HdrTypeRequest. -func (s typedExtendedHeader) HeaderType() HeaderType { - return HdrTypeRequest -} - -// TypedHeaders gathers extended request headers and returns TypedHeader list. -// -// Nil headers are ignored. -// -// Always returns true. -func (s extendedHeadersWrapper) HeadersOfType(typ HeaderType) ([]Header, bool) { - if s.hdrSrc == nil { - return nil, true - } - - var res []Header - - switch typ { - case HdrTypeRequest: - hs := s.hdrSrc.ExtendedHeaders() - - res = make([]Header, 0, len(hs)) - - for i := range hs { - if hs[i] == nil { - continue - } - - res = append(res, &typedExtendedHeader{ - hdr: hs[i], - }) - } - } - - return res, true -} diff --git a/acl/match.go b/acl/match.go deleted file mode 100644 index bddee89..0000000 --- a/acl/match.go +++ /dev/null @@ -1,29 +0,0 @@ -package acl - -const ( - _ MatchType = iota - StringEqual - StringNotEqual -) - -// Maps MatchType to corresponding function. -// 1st argument of function - header value, 2nd - header filter. -var mMatchFns = map[MatchType]func(Header, Header) bool{ - StringEqual: stringEqual, - - StringNotEqual: stringNotEqual, -} - -const ( - mResUndefined = iota - mResMatch - mResMismatch -) - -func stringEqual(header, filter Header) bool { - return header.Value() == filter.Value() -} - -func stringNotEqual(header, filter Header) bool { - return header.Value() != filter.Value() -} diff --git a/acl/types.go b/acl/types.go index 0587b9b..6a418bc 100644 --- a/acl/types.go +++ b/acl/types.go @@ -1,5 +1,121 @@ package acl +import ( + "github.com/nspcc-dev/neofs-api-go/object" + "github.com/nspcc-dev/neofs-api-go/service" +) + +const ( + _ MatchType = iota + stringEqual + stringNotEqual +) + +const ( + // ActionUndefined is ExtendedACLAction used to mark value as undefined. + // Most of the tools consider ActionUndefined as incalculable. + // Using ActionUndefined in ExtendedACLRecord is unsafe. + ActionUndefined ExtendedACLAction = iota + + // ActionAllow is ExtendedACLAction used to mark an applicability of ACL rule. + ActionAllow + + // ActionDeny is ExtendedACLAction used to mark an inapplicability of ACL rule. + ActionDeny +) + +const ( + _ HeaderType = iota + + // HdrTypeRequest is a HeaderType for request header. + HdrTypeRequest + + // HdrTypeObjSys is a HeaderType for system headers of object. + HdrTypeObjSys + + // HdrTypeObjUsr is a HeaderType for user headers of object. + HdrTypeObjUsr +) + +const ( + // HdrObjSysNameID is a name of ID field in system header of object. + HdrObjSysNameID = "ID" + + // HdrObjSysNameCID is a name of CID field in system header of object. + HdrObjSysNameCID = "CID" + + // HdrObjSysNameOwnerID is a name of OwnerID field in system header of object. + HdrObjSysNameOwnerID = "OWNER_ID" + + // HdrObjSysNameVersion is a name of Version field in system header of object. + HdrObjSysNameVersion = "VERSION" + + // HdrObjSysNamePayloadLength is a name of PayloadLength field in system header of object. + HdrObjSysNamePayloadLength = "PAYLOAD_LENGTH" + + // HdrObjSysNameCreatedUnix is a name of CreatedAt.UnitTime field in system header of object. + HdrObjSysNameCreatedUnix = "CREATED_UNIX" + + // HdrObjSysNameCreatedEpoch is a name of CreatedAt.Epoch field in system header of object. + HdrObjSysNameCreatedEpoch = "CREATED_EPOCH" + + // HdrObjSysLinkPrev is a name of previous link header in extended headers of object. + HdrObjSysLinkPrev = "LINK_PREV" + + // HdrObjSysLinkNext is a name of next link header in extended headers of object. + HdrObjSysLinkNext = "LINK_NEXT" + + // HdrObjSysLinkChild is a name of child link header in extended headers of object. + HdrObjSysLinkChild = "LINK_CHILD" + + // HdrObjSysLinkPar is a name of parent link header in extended headers of object. + HdrObjSysLinkPar = "LINK_PAR" + + // HdrObjSysLinkSG is a name of storage group link header in extended headers of object. + HdrObjSysLinkSG = "LINK_SG" +) + +type objectHeaderSource struct { + obj *object.Object +} + +type typedHeader struct { + n string + v string + t HeaderType +} + +type extendedHeadersWrapper struct { + hdrSrc service.ExtendedHeadersSource +} + +type typedExtendedHeader struct { + hdr service.ExtendedHeader +} + +func newTypedHeader(name, value string, typ HeaderType) TypedHeader { + return &typedHeader{ + n: name, + v: value, + t: typ, + } +} + +// Name is a name field getter. +func (s typedHeader) Name() string { + return s.n +} + +// Value is a value field getter. +func (s typedHeader) Value() string { + return s.v +} + +// HeaderType is a type field getter. +func (s typedHeader) HeaderType() HeaderType { + return s.t +} + // SetMatchType is MatchType field setter. func (m *EACLRecord_FilterInfo) SetMatchType(v EACLRecord_FilterInfo_MatchType) { m.MatchType = v diff --git a/acl/wrappers.go b/acl/wrappers.go index 30c2ee3..94e420a 100644 --- a/acl/wrappers.go +++ b/acl/wrappers.go @@ -83,9 +83,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { if s.filter != nil { switch s.filter.GetMatchType() { case EACLRecord_FilterInfo_StringEqual: - res = StringEqual + res = stringEqual case EACLRecord_FilterInfo_StringNotEqual: - res = StringNotEqual + res = stringNotEqual } } @@ -102,9 +102,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { func (s EACLFilterWrapper) SetMatchType(v MatchType) { if s.filter != nil { switch v { - case StringEqual: + case stringEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringEqual) - case StringNotEqual: + case stringNotEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringNotEqual) default: s.filter.SetMatchType(EACLRecord_FilterInfo_MatchUnknown) diff --git a/acl/wrappers_test.go b/acl/wrappers_test.go index b7dbbe0..a55db8c 100644 --- a/acl/wrappers_test.go +++ b/acl/wrappers_test.go @@ -9,7 +9,7 @@ import ( func TestEACLFilterWrapper(t *testing.T) { s := WrapFilterInfo(nil) - mt := StringEqual + mt := stringEqual s.SetMatchType(mt) require.Equal(t, mt, s.MatchType()) From f82651720726fe9fdc27f7f4fffa5b56b793e4d9 Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 22:16:56 +0300 Subject: [PATCH 6/9] acl: delete unused types --- acl/extended.go | 27 --------------------------- acl/types.go | 46 ---------------------------------------------- 2 files changed, 73 deletions(-) diff --git a/acl/extended.go b/acl/extended.go index 61ccbcf..df8402a 100644 --- a/acl/extended.go +++ b/acl/extended.go @@ -1,11 +1,5 @@ package acl -import ( - "context" - - "github.com/nspcc-dev/neofs-api-go/refs" -) - // OperationType is an enumeration of operation types for extended ACL. type OperationType uint32 @@ -35,13 +29,6 @@ type TypedHeader interface { HeaderType() HeaderType } -// TypedHeaderSource is a various types of header set interface. -type TypedHeaderSource interface { - // Must return list of Header of particular type. - // Must return false if there is no ability to compose header list. - HeadersOfType(HeaderType) ([]Header, bool) -} - // HeaderFilter is an interface of grouped information about filtered header. type HeaderFilter interface { // Must return match type of filter. @@ -80,20 +67,6 @@ type ExtendedACLTable interface { Records() []ExtendedACLRecord } -// ExtendedACLSource is an interface of storage of extended ACL tables with read access. -type ExtendedACLSource interface { - // Must return extended ACL table by container ID key. - GetExtendedACLTable(context.Context, refs.CID) (ExtendedACLTable, error) -} - -// ExtendedACLStore is an interface of storage of extended ACL tables. -type ExtendedACLStore interface { - ExtendedACLSource - - // Must store extended ACL table for container ID key. - PutExtendedACLTable(context.Context, refs.CID, ExtendedACLTable) error -} - const ( _ OperationType = iota diff --git a/acl/types.go b/acl/types.go index 6a418bc..c9bbfd3 100644 --- a/acl/types.go +++ b/acl/types.go @@ -1,10 +1,5 @@ package acl -import ( - "github.com/nspcc-dev/neofs-api-go/object" - "github.com/nspcc-dev/neofs-api-go/service" -) - const ( _ MatchType = iota stringEqual @@ -75,47 +70,6 @@ const ( HdrObjSysLinkSG = "LINK_SG" ) -type objectHeaderSource struct { - obj *object.Object -} - -type typedHeader struct { - n string - v string - t HeaderType -} - -type extendedHeadersWrapper struct { - hdrSrc service.ExtendedHeadersSource -} - -type typedExtendedHeader struct { - hdr service.ExtendedHeader -} - -func newTypedHeader(name, value string, typ HeaderType) TypedHeader { - return &typedHeader{ - n: name, - v: value, - t: typ, - } -} - -// Name is a name field getter. -func (s typedHeader) Name() string { - return s.n -} - -// Value is a value field getter. -func (s typedHeader) Value() string { - return s.v -} - -// HeaderType is a type field getter. -func (s typedHeader) HeaderType() HeaderType { - return s.t -} - // SetMatchType is MatchType field setter. func (m *EACLRecord_FilterInfo) SetMatchType(v EACLRecord_FilterInfo_MatchType) { m.MatchType = v From 2fba8cb7b33f8cdc1396a143aa6684e69b230eba Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 7 Jul 2020 23:03:53 +0300 Subject: [PATCH 7/9] acl: make MatchType's constants public back --- acl/types.go | 8 ++++++-- acl/wrappers.go | 8 ++++---- acl/wrappers_test.go | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/acl/types.go b/acl/types.go index c9bbfd3..c80c9cd 100644 --- a/acl/types.go +++ b/acl/types.go @@ -2,8 +2,12 @@ package acl const ( _ MatchType = iota - stringEqual - stringNotEqual + + // StringEqual is a MatchType of string equality. + StringEqual + + // StringNotEqual is a MatchType of string inequality. + StringNotEqual ) const ( diff --git a/acl/wrappers.go b/acl/wrappers.go index 94e420a..30c2ee3 100644 --- a/acl/wrappers.go +++ b/acl/wrappers.go @@ -83,9 +83,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { if s.filter != nil { switch s.filter.GetMatchType() { case EACLRecord_FilterInfo_StringEqual: - res = stringEqual + res = StringEqual case EACLRecord_FilterInfo_StringNotEqual: - res = stringNotEqual + res = StringNotEqual } } @@ -102,9 +102,9 @@ func (s EACLFilterWrapper) MatchType() (res MatchType) { func (s EACLFilterWrapper) SetMatchType(v MatchType) { if s.filter != nil { switch v { - case stringEqual: + case StringEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringEqual) - case stringNotEqual: + case StringNotEqual: s.filter.SetMatchType(EACLRecord_FilterInfo_StringNotEqual) default: s.filter.SetMatchType(EACLRecord_FilterInfo_MatchUnknown) diff --git a/acl/wrappers_test.go b/acl/wrappers_test.go index a55db8c..b7dbbe0 100644 --- a/acl/wrappers_test.go +++ b/acl/wrappers_test.go @@ -9,7 +9,7 @@ import ( func TestEACLFilterWrapper(t *testing.T) { s := WrapFilterInfo(nil) - mt := stringEqual + mt := StringEqual s.SetMatchType(mt) require.Equal(t, mt, s.MatchType()) From 504804f80604ad8c2222300dbd5266a9b76308d6 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 8 Jul 2020 10:50:58 +0300 Subject: [PATCH 8/9] Update to neofs-api v1.2.0 --- Makefile | 2 +- acl/types.proto | 2 +- docs/acl.md | 116 +++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 117 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 159c7e3..600586e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PROTO_VERSION=v1.1.0 +PROTO_VERSION=v1.2.0 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz B=\033[0;1m diff --git a/acl/types.proto b/acl/types.proto index 6934b36..7f3efc9 100644 --- a/acl/types.proto +++ b/acl/types.proto @@ -103,4 +103,4 @@ message EACLRecord { message EACLTable { // Records carries list of extended ACL rule records. repeated EACLRecord Records = 1 [json_name="Records"]; -} \ No newline at end of file +} diff --git a/docs/acl.md b/docs/acl.md index 38f328b..f63758b 100644 --- a/docs/acl.md +++ b/docs/acl.md @@ -5,7 +5,12 @@ - [acl/types.proto](#acl/types.proto) - + - Messages + - [EACLRecord](#acl.EACLRecord) + - [EACLRecord.FilterInfo](#acl.EACLRecord.FilterInfo) + - [EACLRecord.TargetInfo](#acl.EACLRecord.TargetInfo) + - [EACLTable](#acl.EACLTable) + - [Scalar Value Types](#scalar-value-types) @@ -19,9 +24,118 @@ + + + +### Message EACLRecord +EACLRecord groups information about extended ACL rule. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| operation | [EACLRecord.Operation](#acl.EACLRecord.Operation) | | Operation carries type of operation. | +| action | [EACLRecord.Action](#acl.EACLRecord.Action) | | Action carries ACL target action. | +| Filters | [EACLRecord.FilterInfo](#acl.EACLRecord.FilterInfo) | repeated | Filters carries set of filters. | +| Targets | [EACLRecord.TargetInfo](#acl.EACLRecord.TargetInfo) | repeated | Targets carries information about extended ACL target list. | + + + + +### Message EACLRecord.FilterInfo +FilterInfo groups information about filter. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| header | [EACLRecord.FilterInfo.Header](#acl.EACLRecord.FilterInfo.Header) | | Header carries type of header. | +| matchType | [EACLRecord.FilterInfo.MatchType](#acl.EACLRecord.FilterInfo.MatchType) | | MatchType carries type of match. | +| HeaderName | [string](#string) | | HeaderName carries name of filtering header. | +| HeaderVal | [string](#string) | | HeaderVal carries value of filtering header. | + + + + +### Message EACLRecord.TargetInfo +TargetInfo groups information about extended ACL target. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| Target | [Target](#acl.Target) | | Target carries target of ACL rule. | +| KeyList | [bytes](#bytes) | repeated | KeyList carries public keys of ACL target. | + + + + +### Message EACLTable +EACLRecord carries the information about extended ACL rules. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| Records | [EACLRecord](#acl.EACLRecord) | repeated | Records carries list of extended ACL rule records. | + + + +### EACLRecord.Action +Action is an enumeration of EACL actions. + +| Name | Number | Description | +| ---- | ------ | ----------- | +| ActionUnknown | 0 | | +| Allow | 1 | | +| Deny | 2 | | + + + + + +### EACLRecord.FilterInfo.Header +Header is an enumeration of filtering header types. + +| Name | Number | Description | +| ---- | ------ | ----------- | +| HeaderUnknown | 0 | | +| Request | 1 | | +| ObjectSystem | 2 | | +| ObjectUser | 3 | | + + + + + +### EACLRecord.FilterInfo.MatchType +MatchType is an enumeration of match types. + +| Name | Number | Description | +| ---- | ------ | ----------- | +| MatchUnknown | 0 | | +| StringEqual | 1 | | +| StringNotEqual | 2 | | + + + + + +### EACLRecord.Operation +Operation is an enumeration of operation types. + +| Name | Number | Description | +| ---- | ------ | ----------- | +| OPERATION_UNKNOWN | 0 | | +| GET | 1 | | +| HEAD | 2 | | +| PUT | 3 | | +| DELETE | 4 | | +| SEARCH | 5 | | +| GETRANGE | 6 | | +| GETRANGEHASH | 7 | | + + + ### Target From 2bf5a0c30b228e68e567bbb1f12716e77b0eb46a Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 8 Jul 2020 11:09:29 +0300 Subject: [PATCH 9/9] Update changelog and readme for v1.2.0 --- CHANGELOG.md | 18 ++++++++++++++++++ README.md | 6 +++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e771c19..898dcce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,23 @@ # Changelog This is the changelog for NeoFS-API-Go +## [1.2.0] - 2020-07-08 + +### Added + +- Extended ACL types. +- Getters and setters of ```EACLTable``` and its internal messages. +- Wrappers over ```EACLTable``` and its internal messages. +- Getters, setters and marshaling methods of wrappers. + +### Changed + +- Mechanism for signing requests on the principle of Matryoshka. + +### Updated + +- NeoFS API v1.1.0 => 1.2.0 + ## [1.1.0] - 2020-06-18 ### Added @@ -357,3 +374,4 @@ Initial public release [0.7.6]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.5...v0.7.6 [1.0.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.6...v1.0.0 [1.1.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v1.0.0...v1.1.0 +[1.2.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v1.1.0...v1.2.0 diff --git a/README.md b/README.md index d44e057..4c768b2 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,11 @@ can be used for integration with NeoFS. [neofs-api v1.1.0]: https://github.com/nspcc-dev/neofs-api/releases/tag/v1.1.0 [neofs-api-go v1.1.0]: https://github.com/nspcc-dev/neofs-api-go/releases/tag/v1.1.0 -[neofs-api-go v1.1.0] supports [neofs-api v1.1.0] +* [neofs-api-go v1.1.0] supports [neofs-api v1.1.0] + +[neofs-api v1.2.0]: https://github.com/nspcc-dev/neofs-api/releases/tag/v1.2.0 +[neofs-api-go v1.2.0]: https://github.com/nspcc-dev/neofs-api-go/releases/tag/v1.2.0 +* [neofs-api-go v1.2.0] supports [neofs-api v1.2.0] ## Description