From 63e9048de6c6005a7628f142f84369c9be60767b Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Mon, 7 Jun 2021 15:37:03 +0300 Subject: [PATCH] [#XX] Added Bearer token requirements Signed-off-by: Denis Kirillov --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index 8b09de0..5ff0445 100644 --- a/README.md +++ b/README.md @@ -437,6 +437,47 @@ $ curl -F 'file=@cat.jpeg;filename=cat.jpeg' -H "Authorization: Bearer Ck4KKgoEC # } ``` +##### Note +For the token to work correctly, you need to create a container with a basic ACL that: +1. Allow PUT operation to others +2. Doesn't set "final" bit + +For example: +``` +$ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr --basic-acl 0x0FFFCFFF -r 192.168.130.72:8080 container create --policy "REP 3" --await +``` + +To deny access to the container without a token, set the eACL rules: +``` +$ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr -r 192.168.130.72:8080 container set-eacl --table eacl.json --await --cid BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K +``` + +File **eacl.json**: +``` +{ + "version": { + "major": 0, + "minor": 0 + }, + "containerID": { + "value": "mRnZWzewzxjzIPa7Fqlfqdl3TM1KpJ0YnsXsEhafJJg=" + }, + "records": [ + { + "operation": "PUT", + "action": "DENY", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + } + ] +} +``` + ### Metrics and Pprof If enabled, Prometheus metrics are available at `/metrics/` path and Pprof at