frostfs-api/acl/types.proto
Stanislav Bogatyrev 79baf3b637 [#61] acl: Add version field to eACL Table
eACL Table is stored in SC storage, hence format version may be needed to
correctly process it in future.

Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
2020-09-02 15:03:03 +03:00

170 lines
4.1 KiB
Protocol Buffer

syntax = "proto3";
package neo.fs.v2.acl;
option go_package = "github.com/nspcc-dev/neofs-api-go/v2/acl/grpc;acl";
option csharp_namespace = "NeoFS.API.v2.Acl";
import "refs/types.proto";
// Target of the access control rule in access control list.
enum Target {
// Unspecified target, default value.
TARGET_UNSPECIFIED= 0;
// User target rule is applied if sender is the owner of the container.
USER = 1;
// System target rule is applied if sender is the storage node within the
// container or inner ring node.
SYSTEM = 2;
// Others target rule is applied if sender is not user or system target.
OTHERS = 3;
}
// MatchType is an enumeration of match types.
enum MatchType {
// Unspecified match type, default value.
MATCH_TYPE_UNSPECIFIED = 0;
// Return true if strings are equal
STRING_EQUAL = 1;
// Return true if strings are different
STRING_NOT_EQUAL = 2;
}
// Operation is an enumeration of operation types.
enum Operation {
// Unspecified operation, default value.
OPERATION_UNSPECIFIED = 0;
// Get
GET = 1;
// Head
HEAD = 2;
// Put
PUT = 3;
// Delete
DELETE = 4;
// Search
SEARCH = 5;
// GetRange
GETRANGE = 6;
// GetRangeHash
GETRANGEHASH = 7;
}
// Action is an enumeration of EACL actions.
enum Action {
// Unspecified action, default value.
ACTION_UNSPECIFIED = 0;
// Allow action
ALLOW = 1;
// Deny action
DENY = 2;
}
// Header is an enumeration of filtering header types.
enum HeaderType {
// Unspecified header, default value.
HEADER_UNSPECIFIED = 0;
// Filter request headers
REQUEST = 1;
// Filter object headers
OBJECT = 2;
}
// EACLRecord groups information about extended ACL rule.
message EACLRecord {
// Operation carries type of operation.
Operation operation = 1 [json_name = "Operation"];
// Action carries ACL target action.
Action action = 2 [json_name = "Action"];
// FilterInfo groups information about filter.
message FilterInfo {
// Header carries type of header.
HeaderType header = 1 [json_name = "HeaderType"];
// MatchType carries type of match.
MatchType match_type = 2 [json_name = "MatchType"];
// header_name carries name of filtering header.
string header_name = 3 [json_name="Name"];
// header_val carries value of filtering header.
string header_val = 4 [json_name="Value"];
}
// filters carries set of filters.
repeated FilterInfo filters = 3 [json_name="Filters"];
// TargetInfo groups information about extended ACL target.
message TargetInfo {
// target carries target of ACL rule.
Target target = 1 [json_name="Role"];
// key_list carries public keys of ACL target.
repeated bytes key_list = 2 [json_name="Keys"];
}
// targets carries information about extended ACL target list.
repeated TargetInfo targets = 4 [json_name="Targets"];
}
// EACLRecord carries the information about extended ACL rules.
message EACLTable {
// eACL format version.
// Effectively the version of API library used to create eACL Table
neo.fs.v2.refs.Version version = 1;
// Carries identifier of the container that should use given
// access control rules.
neo.fs.v2.refs.ContainerID container_id = 2 [json_name="ContainerID"];
// Records carries list of extended ACL rule records.
repeated EACLRecord records = 3 [json_name="Records"];
}
// BearerToken has information about request ACL rules with limited lifetime
message BearerToken {
// Bearer Token body
message Body {
// EACLTable carries table of extended ACL rules
EACLTable eacl_table = 1;
// OwnerID carries identifier of the token owner
neo.fs.v2.refs.OwnerID owner_id = 2;
// Lifetime parameters of the token. Filed names taken from rfc7519.
message TokenLifetime {
// Expiration Epoch
uint64 exp = 1;
// Not valid before Epoch
uint64 nbf = 2;
// Issued at Epoch
uint64 iat = 3;
}
// Token expiration and valid time period parameters
TokenLifetime lifetime = 3;
}
// Bearer Token body
Body body = 1;
// Signature of BearerToken body
neo.fs.v2.refs.Signature signature = 2;
}