syntax = "proto3"; package acl; option go_package = "github.com/nspcc-dev/neofs-api-go/acl"; option csharp_namespace = "NeoFS.API.Acl"; import "refs/types.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; option (gogoproto.stable_marshaler_all) = true; // Target of the access control rule in access control list. enum Target { // Unknown target, default value. Unknown = 0; // User target rule is applied if sender is the owner of the container. User = 1; // System target rule is applied if sender is the storage node within the // container or inner ring node. System = 2; // Others target rule is applied if sender is not user or system target. Others = 3; // PubKey target rule is applied if sender has public key provided in // extended ACL. PubKey = 4; } // EACLRecord groups information about extended ACL rule. message EACLRecord { // Operation is an enumeration of operation types. enum Operation { OPERATION_UNKNOWN = 0; GET = 1; HEAD = 2; PUT = 3; DELETE = 4; SEARCH = 5; GETRANGE = 6; GETRANGEHASH = 7; } // Operation carries type of operation. Operation operation = 1 [(gogoproto.customname) = "Operation", json_name="Operation"]; // Action is an enumeration of EACL actions. enum Action { ActionUnknown = 0; Allow = 1; Deny = 2; } // Action carries ACL target action. Action action = 2 [(gogoproto.customname) = "Action", json_name="Action"]; // FilterInfo groups information about filter. message FilterInfo { // Header is an enumeration of filtering header types. enum Header { HeaderUnknown = 0; Request = 1; ObjectSystem = 2; ObjectUser = 3; } // Header carries type of header. Header header = 1 [(gogoproto.customname) = "Header", json_name="HeaderType"]; // MatchType is an enumeration of match types. enum MatchType { MatchUnknown = 0; StringEqual = 1; StringNotEqual = 2; } // MatchType carries type of match. MatchType matchType = 2 [(gogoproto.customname) = "MatchType", json_name="MatchType"]; // HeaderName carries name of filtering header. string HeaderName = 3 [json_name="Name"]; // HeaderVal carries value of filtering header. string HeaderVal = 4 [json_name="Value"]; } // Filters carries set of filters. repeated FilterInfo Filters = 3 [json_name="Filters"]; // TargetInfo groups information about extended ACL target. message TargetInfo { // Target carries target of ACL rule. acl.Target Target = 1 [json_name="Role"]; // KeyList carries public keys of ACL target. repeated bytes KeyList = 2 [json_name="Keys"]; } // Targets carries information about extended ACL target list. repeated TargetInfo Targets = 4 [json_name="Targets"]; } // EACLRecord carries the information about extended ACL rules. message EACLTable { // Carries identifier of the container that should use given access control rules. refs.ContainerID ContainerID = 1 [json_name="ContainerID"]; // Records carries list of extended ACL rule records. repeated EACLRecord Records = 2 [json_name="Records"]; }