forked from TrueCloudLab/frostfs-api
acl: Define target of access control rules
Basic NeoFS ACL applies access rules to request sender. Request
senders are combined in groups that calls `targets`.
Basic ACL rules may be applied to these targets:
1. User - request sender is the owner of the container,
used in the request.
2. System - request sender is the storage node
within the container used in the request or
inner ring node.
3. Others - request sender is none of the above.
Extended ACL rules may be applied for targets, provided with
extra information.
4. PubKey - request sender has provided public key.
This commit is contained in:
alexvanin
parent
b48cc534f4
commit
afd55ac90b
1 changed files with 27 additions and 0 deletions
27
acl/types.proto
Normal file
27
acl/types.proto
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
syntax = "proto3";
|
||||||
|
package acl;
|
||||||
|
option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
|
||||||
|
option csharp_namespace = "NeoFS.API.Acl";
|
||||||
|
|
||||||
|
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||||
|
option (gogoproto.stable_marshaler_all) = true;
|
||||||
|
|
||||||
|
// Target of the access control rule in access control list.
|
||||||
|
enum Target {
|
||||||
|
// Unknown target, default value.
|
||||||
|
Unknown = 0;
|
||||||
|
|
||||||
|
// User target rule is applied if sender is the owner of the container.
|
||||||
|
User = 1;
|
||||||
|
|
||||||
|
// System target rule is applied if sender is the storage node within the
|
||||||
|
// container or inner ring node.
|
||||||
|
System = 2;
|
||||||
|
|
||||||
|
// Others target rule is applied if sender is not user or system target.
|
||||||
|
Others = 3;
|
||||||
|
|
||||||
|
// PubKey target rule is applied if sender has public key provided in
|
||||||
|
// extended ACL.
|
||||||
|
PubKey = 4;
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue