carpawell/frostfs-api
1
0
Fork 0
forked from TrueCloudLab/frostfs-api
Code Issues Pull requests Projects Releases Packages Wiki Activity
frostfs-api/acl/types.proto
Alex Vanin 27171ef753 [#21] Add container id into EACLTable message 
EACLTable message and signature stored in blockchain storage.
If owner has several containers, malicious node can return
correct EACLTable of the container other than client actually
requested. With container id field in the EACLTable, this
malicious behaviour can be detected.

ContainerID has id 1, so contract can easily cut container id
from byte sequence.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2020-08-03 18:03:34 +03:00

108 lines
3.3 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
package acl;
option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
option csharp_namespace = "NeoFS.API.Acl";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
option (gogoproto.stable_marshaler_all) = true;
// Target of the access control rule in access control list.
enum Target {
// Unknown target, default value.
Unknown = 0;
// User target rule is applied if sender is the owner of the container.
User = 1;
// System target rule is applied if sender is the storage node within the
// container or inner ring node.
System = 2;
// Others target rule is applied if sender is not user or system target.
Others = 3;
// PubKey target rule is applied if sender has public key provided in
// extended ACL.
PubKey = 4;
}
// EACLRecord groups information about extended ACL rule.
message EACLRecord {
// Operation is an enumeration of operation types.
enum Operation {
OPERATION_UNKNOWN = 0;
GET = 1;
HEAD = 2;
PUT = 3;
DELETE = 4;
SEARCH = 5;
GETRANGE = 6;
GETRANGEHASH = 7;
}
// Operation carries type of operation.
Operation operation = 1 [(gogoproto.customname) = "Operation", json_name="Operation"];
// Action is an enumeration of EACL actions.
enum Action {
ActionUnknown = 0;
Allow = 1;
Deny = 2;
}
// Action carries ACL target action.
Action action = 2 [(gogoproto.customname) = "Action", json_name="Action"];
// FilterInfo groups information about filter.
message FilterInfo {
// Header is an enumeration of filtering header types.
enum Header {
HeaderUnknown = 0;
Request = 1;
ObjectSystem = 2;
ObjectUser = 3;
}
// Header carries type of header.
Header header = 1 [(gogoproto.customname) = "Header", json_name="HeaderType"];
// MatchType is an enumeration of match types.
enum MatchType {
MatchUnknown = 0;
StringEqual = 1;
StringNotEqual = 2;
}
// MatchType carries type of match.
MatchType matchType = 2 [(gogoproto.customname) = "MatchType", json_name="MatchType"];
// HeaderName carries name of filtering header.
string HeaderName = 3 [json_name="Name"];
// HeaderVal carries value of filtering header.
string HeaderVal = 4 [json_name="Value"];
}
// Filters carries set of filters.
repeated FilterInfo Filters = 3 [json_name="Filters"];
// TargetInfo groups information about extended ACL target.
message TargetInfo {
// Target carries target of ACL rule.
acl.Target Target = 1 [json_name="Role"];
// KeyList carries public keys of ACL target.
repeated bytes KeyList = 2 [json_name="Keys"];
}
// Targets carries information about extended ACL target list.
repeated TargetInfo Targets = 4 [json_name="Targets"];
}
// EACLRecord carries the information about extended ACL rules.
message EACLTable {
// ContainerID of the container that should use given access control rules.
bytes ContainerID = 1 [json_name="ContainerID"];
// Records carries list of extended ACL rule records.
repeated EACLRecord Records = 2 [json_name="Records"];
}
Reference in a new issue View git blame Copy permalink