carpawell/frostfs-api
1
0
Fork 0
forked from TrueCloudLab/frostfs-api
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #13 from nspcc-dev/change-session-create

Browse source 
Change Session.Create RPC
This commit is contained in:
Leonard Lyubich 2020-05-08 10:25:17 +03:00 committed by GitHub
commit 7921b7d0a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 49 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
proto-docs/service.md
View file

@ -17,6 +17,7 @@
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
- [Token](#service.Token) - [Token](#service.Token)
- [Token.Info](#service.Token.Info) - [Token.Info](#service.Token.Info)
- [TokenLifetime](#service.TokenLifetime)
- [Scalar Value Types](#scalar-value-types) - [Scalar Value Types](#scalar-value-types)
@ -123,10 +124,21 @@ User token granting rights for object manipulation
| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object | | OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued | | verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued |
| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued | | Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
| Created | [uint64](#uint64) | | Created is an initial epoch of token lifetime | | Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session |
| ValidUntil | [uint64](#uint64) | | ValidUntil is a last epoch of token lifetime |
| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key | | SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
<a name="service.TokenLifetime"></a>
### Message TokenLifetime
TokenLifetime carries a group of lifetime parameters of the token
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Created | [uint64](#uint64) | | Created carries an initial epoch of token lifetime |
| ValidUntil | [uint64](#uint64) | | ValidUntil carries a last epoch of token lifetime |
<!-- end messages --> <!-- end messages -->

25
proto-docs/session.md
View file

@ -30,22 +30,13 @@
``` ```
rpc Create(stream CreateRequest) returns (stream CreateResponse); rpc Create(CreateRequest) returns (CreateResponse);
``` ```
#### Method Create #### Method Create
Create is a method that used to open a trusted session to manipulate Create opens new session between the client and the server
an object. In order to put or delete object client have to obtain session
token with trusted node. Trusted node will modify client's object
(add missing headers, checksums, homomorphic hash) and sign id with
session key. Session is established during 4-step handshake in one gRPC stream
- First client stream message SHOULD BE type of `CreateRequest_Init`.
- First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
- Second client stream message SHOULD BE type of `CreateRequest_Signed`.
- Second server stream message SHOULD BE type of `CreateResponse_Result`.
| Name | Input | Output | | Name | Input | Output |
| ---- | ----- | ------ | | ---- | ----- | ------ |
@ -56,13 +47,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
<a name="session.CreateRequest"></a> <a name="session.CreateRequest"></a>
### Message CreateRequest ### Message CreateRequest
CreateRequest carries an information necessary for opening a session
| Field | Type | Label | Description | | Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- | | ----- | ---- | ----- | ----------- |
| Init | [service.Token](#service.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. | | OwnerID | [bytes](#bytes) | | OwnerID carries an identifier of a session initiator |
| Signed | [service.Token](#service.Token) | | Signed Init message response (Unsigned) from server with user private key | | Lifetime | [service.TokenLifetime](#service.TokenLifetime) | | Lifetime carries a lifetime of the session |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -70,13 +61,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
<a name="session.CreateResponse"></a> <a name="session.CreateResponse"></a>
### Message CreateResponse ### Message CreateResponse
CreateResponse carries an information about the opened session
| Field | Type | Label | Description | | Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- | | ----- | ---- | ----- | ----------- |
| Unsigned | [service.Token](#service.Token) | | Unsigned token with token ID and session public key generated on server side | | ID | [bytes](#bytes) | | ID carries an identifier of session token |
| Result | [service.Token](#service.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary | | SessionKey | [bytes](#bytes) | | SessionKey carries a session public key |
<!-- end messages --> <!-- end messages -->

18
service/verify.proto
View file

@ -58,14 +58,11 @@ message Token {
// Address is an object address for which token is issued // Address is an object address for which token is issued
refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"]; refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
// Created is an initial epoch of token lifetime // Lifetime is a lifetime of the session
uint64 Created = 5; TokenLifetime Lifetime = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// ValidUntil is a last epoch of token lifetime
uint64 ValidUntil = 6;
// SessionKey is a public key of session key // SessionKey is a public key of session key
bytes SessionKey = 7; bytes SessionKey = 6;
} }
// TokenInfo is a grouped information about token // TokenInfo is a grouped information about token
@ -75,6 +72,15 @@ message Token {
bytes Signature = 8; bytes Signature = 8;
} }
// TokenLifetime carries a group of lifetime parameters of the token
message TokenLifetime {
// Created carries an initial epoch of token lifetime
uint64 Created = 1;
// ValidUntil carries a last epoch of token lifetime
uint64 ValidUntil = 2;
}
// TODO: for variable token types and version redefine message // TODO: for variable token types and version redefine message
// Example: // Example:
// message Token { // message Token {

43
session/service.proto
View file

@ -11,42 +11,29 @@ option (gogoproto.stable_marshaler_all) = true;
service Session { service Session {
// Create is a method that used to open a trusted session to manipulate // Create opens new session between the client and the server
// an object. In order to put or delete object client have to obtain session rpc Create (CreateRequest) returns (CreateResponse);
// token with trusted node. Trusted node will modify client's object
// (add missing headers, checksums, homomorphic hash) and sign id with
// session key. Session is established during 4-step handshake in one gRPC stream
//
// - First client stream message SHOULD BE type of `CreateRequest_Init`.
// - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
// - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
// - Second server stream message SHOULD BE type of `CreateResponse_Result`.
rpc Create (stream CreateRequest) returns (stream CreateResponse);
} }
// CreateRequest carries an information necessary for opening a session
message CreateRequest { message CreateRequest {
// Message should be one of // OwnerID carries an identifier of a session initiator
oneof Message { bytes OwnerID = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
// Init is a message to initialize session opening. Carry:
// owner of manipulation object; // Lifetime carries a lifetime of the session
// ID of manipulation object; service.TokenLifetime Lifetime = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// token lifetime bounds.
service.Token Init = 1;
// Signed Init message response (Unsigned) from server with user private key
service.Token Signed = 2;
}
// RequestMetaHeader contains information about request meta headers (should be embedded into message) // RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
} }
// CreateResponse carries an information about the opened session
message CreateResponse { message CreateResponse {
oneof Message { // ID carries an identifier of session token
// Unsigned token with token ID and session public key generated on server side bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
service.Token Unsigned = 1;
// Result is a resulting token which can be used for object placing through an trusted intermediary // SessionKey carries a session public key
service.Token Result = 2; bytes SessionKey = 2;
}
} }