diff --git a/Makefile b/Makefile
index 3dcd690..159c7e3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-PROTO_VERSION=v1.0.0
+PROTO_VERSION=v1.1.0
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
B=\033[0;1m
diff --git a/container/service.pb.go b/container/service.pb.go
index 6131254..f49f79f 100644
Binary files a/container/service.pb.go and b/container/service.pb.go differ
diff --git a/container/service.proto b/container/service.proto
index 7df2c66..b174052 100644
--- a/container/service.proto
+++ b/container/service.proto
@@ -27,6 +27,12 @@ service Service {
// List returns all user's containers
rpc List(ListRequest) returns (ListResponse);
+
+ // SetExtendedACL changes extended ACL rules of the container
+ rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+
+ // GetExtendedACL returns extended ACL rules of the container
+ rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
}
message PutRequest {
@@ -99,3 +105,42 @@ message ListResponse {
// CID (container id) is list of SHA256 hashes of the container structures
repeated bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
}
+
+message ExtendedACLKey {
+ // ID (container id) is a SHA256 hash of the container structure
+ bytes ID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
+
+message ExtendedACLValue {
+ // EACL carries binary representation of the table of extended ACL rules
+ bytes EACL = 1;
+ // Signature carries EACL field signature
+ bytes Signature = 2;
+}
+
+message SetExtendedACLRequest {
+ // Key carries key to extended ACL information
+ ExtendedACLKey Key = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+ // Value carries extended ACL information
+ ExtendedACLValue Value = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+ // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+ service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+ // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+ service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message SetExtendedACLResponse {}
+
+message GetExtendedACLRequest {
+ // Key carries key to extended ACL information
+ ExtendedACLKey Key = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+ // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+ service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+ // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+ service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetExtendedACLResponse {
+ // ACL carries extended ACL information
+ ExtendedACLValue ACL = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
diff --git a/container/types.go b/container/types.go
index f340aa5..38bdcff 100644
--- a/container/types.go
+++ b/container/types.go
@@ -158,3 +158,23 @@ func (m ListRequest) GetOwnerID() OwnerID {
func (m *ListRequest) SetOwnerID(owner OwnerID) {
m.OwnerID = owner
}
+
+// GetID is an ID field getter.
+func (m ExtendedACLKey) GetID() CID {
+ return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *ExtendedACLKey) SetID(v CID) {
+ m.ID = v
+}
+
+// SetEACL is an EACL field setter.
+func (m *ExtendedACLValue) SetEACL(v []byte) {
+ m.EACL = v
+}
+
+// SetSignature is a Signature field setter.
+func (m *ExtendedACLValue) SetSignature(sig []byte) {
+ m.Signature = sig
+}
diff --git a/container/types_test.go b/container/types_test.go
index cc171cb..76bbe1c 100644
--- a/container/types_test.go
+++ b/container/types_test.go
@@ -140,3 +140,23 @@ func TestListRequestGettersSetters(t *testing.T) {
require.Equal(t, owner, m.GetOwnerID())
})
}
+
+func TestExtendedACLKey(t *testing.T) {
+ s := new(ExtendedACLKey)
+
+ id := CID{1, 2, 3}
+ s.SetID(id)
+ require.Equal(t, id, s.GetID())
+}
+
+func TestExtendedACLValue(t *testing.T) {
+ s := new(ExtendedACLValue)
+
+ acl := []byte{1, 2, 3}
+ s.SetEACL(acl)
+ require.Equal(t, acl, s.GetEACL())
+
+ sig := []byte{4, 5, 6}
+ s.SetSignature(sig)
+ require.Equal(t, sig, s.GetSignature())
+}
diff --git a/docs/container.md b/docs/container.md
index f0188ca..fd89acd 100644
--- a/docs/container.md
+++ b/docs/container.md
@@ -10,12 +10,18 @@
- Messages
- [DeleteRequest](#container.DeleteRequest)
- [DeleteResponse](#container.DeleteResponse)
+ - [ExtendedACLKey](#container.ExtendedACLKey)
+ - [ExtendedACLValue](#container.ExtendedACLValue)
+ - [GetExtendedACLRequest](#container.GetExtendedACLRequest)
+ - [GetExtendedACLResponse](#container.GetExtendedACLResponse)
- [GetRequest](#container.GetRequest)
- [GetResponse](#container.GetResponse)
- [ListRequest](#container.ListRequest)
- [ListResponse](#container.ListResponse)
- [PutRequest](#container.PutRequest)
- [PutResponse](#container.PutResponse)
+ - [SetExtendedACLRequest](#container.SetExtendedACLRequest)
+ - [SetExtendedACLResponse](#container.SetExtendedACLResponse)
- [container/types.proto](#container/types.proto)
@@ -46,6 +52,8 @@ rpc Put(PutRequest) returns (PutResponse);
rpc Delete(DeleteRequest) returns (DeleteResponse);
rpc Get(GetRequest) returns (GetResponse);
rpc List(ListRequest) returns (ListResponse);
+rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
+rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
```
@@ -80,6 +88,20 @@ List returns all user's containers
| Name | Input | Output |
| ---- | ----- | ------ |
| List | [ListRequest](#container.ListRequest) | [ListResponse](#container.ListResponse) |
+#### Method SetExtendedACL
+
+SetExtendedACL changes extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| SetExtendedACL | [SetExtendedACLRequest](#container.SetExtendedACLRequest) | [SetExtendedACLResponse](#container.SetExtendedACLResponse) |
+#### Method GetExtendedACL
+
+GetExtendedACL returns extended ACL rules of the container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| GetExtendedACL | [GetExtendedACLRequest](#container.GetExtendedACLRequest) | [GetExtendedACLResponse](#container.GetExtendedACLResponse) |
@@ -104,6 +126,53 @@ via consensus in inner ring nodes
+
+
+### Message ExtendedACLKey
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) | | ID (container id) is a SHA256 hash of the container structure |
+
+
+
+
+### Message ExtendedACLValue
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| EACL | [bytes](#bytes) | | EACL carries binary representation of the table of extended ACL rules |
+| Signature | [bytes](#bytes) | | Signature carries EACL field signature |
+
+
+
+
+### Message GetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) | | Key carries key to extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+
+
+### Message GetExtendedACLResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACL | [ExtendedACLValue](#container.ExtendedACLValue) | | ACL carries extended ACL information |
+
+
### Message GetRequest
@@ -179,6 +248,27 @@ via consensus in inner ring nodes
| ----- | ---- | ----- | ----------- |
| CID | [bytes](#bytes) | | CID (container id) is a SHA256 hash of the container structure |
+
+
+
+### Message SetExtendedACLRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [ExtendedACLKey](#container.ExtendedACLKey) | | Key carries key to extended ACL information |
+| Value | [ExtendedACLValue](#container.ExtendedACLValue) | | Value carries extended ACL information |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+
+
+### Message SetExtendedACLResponse
+
+
+
diff --git a/docs/service.md b/docs/service.md
index 0765f04..223ddd1 100644
--- a/docs/service.md
+++ b/docs/service.md
@@ -6,6 +6,8 @@
- [service/meta.proto](#service/meta.proto)
- Messages
+ - [RequestExtendedHeader](#service.RequestExtendedHeader)
+ - [RequestExtendedHeader.KV](#service.RequestExtendedHeader.KV)
- [RequestMetaHeader](#service.RequestMetaHeader)
- [ResponseMetaHeader](#service.ResponseMetaHeader)
@@ -13,6 +15,8 @@
- [service/verify.proto](#service/verify.proto)
- Messages
+ - [BearerTokenMsg](#service.BearerTokenMsg)
+ - [BearerTokenMsg.Info](#service.BearerTokenMsg.Info)
- [RequestVerificationHeader](#service.RequestVerificationHeader)
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
- [Token](#service.Token)
@@ -39,6 +43,29 @@
+
+
+### Message RequestExtendedHeader
+RequestExtendedHeader contains extended headers of request
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Headers | [RequestExtendedHeader.KV](#service.RequestExtendedHeader.KV) | repeated | Headers carries list of key-value headers |
+
+
+
+
+### Message RequestExtendedHeader.KV
+KV contains string key-value pair
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| K | [string](#string) | | K carries extended header key |
+| V | [string](#string) | | V carries extended header value |
+
+
### Message RequestMetaHeader
@@ -52,6 +79,7 @@ RequestMetaHeader contains information about request meta headers
| Epoch | [uint64](#uint64) | | Epoch for user can be empty, because node sets epoch to the actual value |
| Version | [uint32](#uint32) | | Version defines protocol version TODO: not used for now, should be implemented in future |
| Raw | [bool](#bool) | | Raw determines whether the request is raw or not |
+| ExtendedHeader | [RequestExtendedHeader](#service.RequestExtendedHeader) | | ExtendedHeader carries extended headers of the request |
@@ -81,6 +109,32 @@ ResponseMetaHeader contains meta information based on request processing by serv
+
+
+### Message BearerTokenMsg
+BearerTokenMsg carries information about request ACL rules with limited lifetime
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) | | TokenInfo is a grouped information about token |
+| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner |
+| Signature | [bytes](#bytes) | | Signature is a signature of token information |
+
+
+
+
+### Message BearerTokenMsg.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ACLRules | [bytes](#bytes) | | ACLRules carries a binary representation of the table of extended ACL rules |
+| OwnerID | [bytes](#bytes) | | OwnerID is an owner of token |
+| ValidUntil | [uint64](#uint64) | | ValidUntil carries a last epoch of token lifetime |
+
+
### Message RequestVerificationHeader
@@ -92,6 +146,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| ----- | ---- | ----- | ----------- |
| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent |
+| Bearer | [BearerTokenMsg](#service.BearerTokenMsg) | | Bearer is a Bearer token of the request |
diff --git a/service/bearer.go b/service/bearer.go
index bc8aaa5..6013e03 100644
--- a/service/bearer.go
+++ b/service/bearer.go
@@ -94,3 +94,33 @@ func copyBearerTokenSignedData(buf []byte, token BearerTokenInfo) {
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
off += 8
}
+
+// SetACLRules is an ACLRules field setter.
+func (m *BearerTokenMsg_Info) SetACLRules(v []byte) {
+ m.ACLRules = v
+}
+
+// SetValidUntil is a ValidUntil field setter.
+func (m *BearerTokenMsg_Info) SetValidUntil(v uint64) {
+ m.ValidUntil = v
+}
+
+// GetOwnerID if an OwnerID field getter.
+func (m BearerTokenMsg_Info) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *BearerTokenMsg_Info) SetOwnerID(v OwnerID) {
+ m.OwnerID = v
+}
+
+// SetOwnerKey is an OwnerKey field setter.
+func (m *BearerTokenMsg) SetOwnerKey(v []byte) {
+ m.OwnerKey = v
+}
+
+// SetSignature is a Signature field setter.
+func (m *BearerTokenMsg) SetSignature(v []byte) {
+ m.Signature = v
+}
diff --git a/service/bearer_test.go b/service/bearer_test.go
index da359f2..9ece9c8 100644
--- a/service/bearer_test.go
+++ b/service/bearer_test.go
@@ -170,3 +170,27 @@ func TestSignVerifyBearerToken(t *testing.T) {
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
}
}
+
+func TestBearerTokenMsg_Setters(t *testing.T) {
+ s := new(BearerTokenMsg)
+
+ aclRules := []byte{1, 2, 3}
+ s.SetACLRules(aclRules)
+ require.Equal(t, aclRules, s.GetACLRules())
+
+ validUntil := uint64(6)
+ s.SetValidUntil(validUntil)
+ require.Equal(t, validUntil, s.GetValidUntil())
+
+ ownerID := OwnerID{1, 2, 3}
+ s.SetOwnerID(ownerID)
+ require.Equal(t, ownerID, s.GetOwnerID())
+
+ ownerKey := []byte{4, 5, 6}
+ s.SetOwnerKey(ownerKey)
+ require.Equal(t, ownerKey, s.GetOwnerKey())
+
+ sig := []byte{7, 8, 9}
+ s.SetSignature(sig)
+ require.Equal(t, sig, s.GetSignature())
+}
diff --git a/service/meta.go b/service/meta.go
index f1b4613..e838cec 100644
--- a/service/meta.go
+++ b/service/meta.go
@@ -69,3 +69,18 @@ func (s extHdrSrcWrapper) ReadSignedData(p []byte) (int, error) {
return sz, nil
}
+
+// SetK is a K field setter.
+func (m *RequestExtendedHeader_KV) SetK(v string) {
+ m.K = v
+}
+
+// SetV is a V field setter.
+func (m *RequestExtendedHeader_KV) SetV(v string) {
+ m.V = v
+}
+
+// SetHeaders is a Headers field setter.
+func (m *RequestExtendedHeader) SetHeaders(v []RequestExtendedHeader_KV) {
+ m.Headers = v
+}
diff --git a/service/meta.pb.go b/service/meta.pb.go
index 25a5469..0d63077 100644
Binary files a/service/meta.pb.go and b/service/meta.pb.go differ
diff --git a/service/meta.proto b/service/meta.proto
index 093f118..8171980 100644
--- a/service/meta.proto
+++ b/service/meta.proto
@@ -19,6 +19,8 @@ message RequestMetaHeader {
uint32 Version = 3;
// Raw determines whether the request is raw or not
bool Raw = 4;
+ // ExtendedHeader carries extended headers of the request
+ RequestExtendedHeader ExtendedHeader = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
}
// ResponseMetaHeader contains meta information based on request processing by server
@@ -30,3 +32,18 @@ message ResponseMetaHeader {
// TODO: not used for now, should be implemented in future
uint32 Version = 2;
}
+
+// RequestExtendedHeader contains extended headers of request
+message RequestExtendedHeader {
+ // KV contains string key-value pair
+ message KV {
+ // K carries extended header key
+ string K = 1;
+
+ // V carries extended header value
+ string V = 2;
+ }
+
+ // Headers carries list of key-value headers
+ repeated KV Headers = 1 [(gogoproto.nullable) = false];
+}
diff --git a/service/meta_test.go b/service/meta_test.go
index a0b85ef..7c3853a 100644
--- a/service/meta_test.go
+++ b/service/meta_test.go
@@ -23,3 +23,31 @@ func TestCutRestoreMeta(t *testing.T) {
require.Equal(t, item(), v1)
}
}
+
+func TestRequestExtendedHeader_KV_Setters(t *testing.T) {
+ s := new(RequestExtendedHeader_KV)
+
+ key := "key"
+ s.SetK(key)
+ require.Equal(t, key, s.GetK())
+
+ val := "val"
+ s.SetV(val)
+ require.Equal(t, val, s.GetV())
+}
+
+func TestRequestExtendedHeader_SetHeaders(t *testing.T) {
+ s := new(RequestExtendedHeader)
+
+ hdr := RequestExtendedHeader_KV{}
+ hdr.SetK("key")
+ hdr.SetV("val")
+
+ hdrs := []RequestExtendedHeader_KV{
+ hdr,
+ }
+
+ s.SetHeaders(hdrs)
+
+ require.Equal(t, hdrs, s.GetHeaders())
+}
diff --git a/service/verify.go b/service/verify.go
index 62db2f5..0673a01 100644
--- a/service/verify.go
+++ b/service/verify.go
@@ -67,6 +67,11 @@ func (m *RequestVerificationHeader) SetToken(token *Token) {
m.Token = token
}
+// SetBearer is a Bearer field setter.
+func (m *RequestVerificationHeader) SetBearer(v *BearerTokenMsg) {
+ m.Bearer = v
+}
+
// testCustomField for test usage only.
type testCustomField [8]uint32
diff --git a/service/verify.pb.go b/service/verify.pb.go
index d198302..02f3f39 100644
Binary files a/service/verify.pb.go and b/service/verify.pb.go differ
diff --git a/service/verify.proto b/service/verify.proto
index a6619a6..a7e694f 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -23,6 +23,9 @@ message RequestVerificationHeader {
// Token is a token of the session within which the request is sent
Token Token = 2;
+
+ // Bearer is a Bearer token of the request
+ BearerTokenMsg Bearer = 3;
}
// User token granting rights for object manipulation
@@ -91,3 +94,26 @@ message TokenLifetime {
// uint32 Version = 2;
// bytes Data = 3;
// }
+
+// BearerTokenMsg carries information about request ACL rules with limited lifetime
+message BearerTokenMsg {
+ message Info {
+ // ACLRules carries a binary representation of the table of extended ACL rules
+ bytes ACLRules = 1;
+
+ // OwnerID is an owner of token
+ bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+ // ValidUntil carries a last epoch of token lifetime
+ uint64 ValidUntil = 3;
+ }
+
+ // TokenInfo is a grouped information about token
+ Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+ // OwnerKey is a public key of the token owner
+ bytes OwnerKey = 2;
+
+ // Signature is a signature of token information
+ bytes Signature = 3;
+}
diff --git a/service/verify_test.go b/service/verify_test.go
index e13f316..55ec65f 100644
--- a/service/verify_test.go
+++ b/service/verify_test.go
@@ -115,3 +115,16 @@ func TestRequestVerificationHeader_SetToken(t *testing.T) {
require.Equal(t, token, h.GetToken())
}
+
+func TestRequestVerificationHeader_SetBearer(t *testing.T) {
+ aclRules := []byte{1, 2, 3}
+
+ token := new(BearerTokenMsg)
+ token.SetACLRules(aclRules)
+
+ h := new(RequestVerificationHeader)
+
+ h.SetBearer(token)
+
+ require.Equal(t, token, h.GetBearer())
+}