frostfs-api/proto-docs/acl.md
Stanislav Bogatyrev 79baf3b637 [#61] acl: Add version field to eACL Table
eACL Table is stored in SC storage, hence format version may be needed to
correctly process it in future.

Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
2020-09-02 15:03:03 +03:00

8 KiB

Protocol Documentation

Table of Contents

Top

acl/types.proto

Message BearerToken

BearerToken has information about request ACL rules with limited lifetime

Field Type Label Description
body BearerToken.Body Bearer Token body
signature neo.fs.v2.refs.Signature Signature of BearerToken body

Message BearerToken.Body

Bearer Token body

Field Type Label Description
eacl_table EACLTable EACLTable carries table of extended ACL rules
owner_id neo.fs.v2.refs.OwnerID OwnerID carries identifier of the token owner
lifetime BearerToken.Body.TokenLifetime Token expiration and valid time period parameters

Message BearerToken.Body.TokenLifetime

Lifetime parameters of the token. Filed names taken from rfc7519.

Field Type Label Description
exp uint64 Expiration Epoch
nbf uint64 Not valid before Epoch
iat uint64 Issued at Epoch

Message EACLRecord

EACLRecord groups information about extended ACL rule.

Field Type Label Description
operation Operation Operation carries type of operation.
action Action Action carries ACL target action.
filters EACLRecord.FilterInfo repeated filters carries set of filters.
targets EACLRecord.TargetInfo repeated targets carries information about extended ACL target list.

Message EACLRecord.FilterInfo

FilterInfo groups information about filter.

Field Type Label Description
header HeaderType Header carries type of header.
match_type MatchType MatchType carries type of match.
header_name string header_name carries name of filtering header.
header_val string header_val carries value of filtering header.

Message EACLRecord.TargetInfo

TargetInfo groups information about extended ACL target.

Field Type Label Description
target Target target carries target of ACL rule.
key_list bytes repeated key_list carries public keys of ACL target.

Message EACLTable

EACLRecord carries the information about extended ACL rules.

Field Type Label Description
version neo.fs.v2.refs.Version eACL format version. Effectively the version of API library used to create eACL Table
container_id neo.fs.v2.refs.ContainerID Carries identifier of the container that should use given access control rules.
records EACLRecord repeated Records carries list of extended ACL rule records.

Action

Action is an enumeration of EACL actions.

Name Number Description
ACTION_UNSPECIFIED 0 Unspecified action, default value.
ALLOW 1 Allow action
DENY 2 Deny action

HeaderType

Header is an enumeration of filtering header types.

Name Number Description
HEADER_UNSPECIFIED 0 Unspecified header, default value.
REQUEST 1 Filter request headers
OBJECT 2 Filter object headers

MatchType

MatchType is an enumeration of match types.

Name Number Description
MATCH_TYPE_UNSPECIFIED 0 Unspecified match type, default value.
STRING_EQUAL 1 Return true if strings are equal
STRING_NOT_EQUAL 2 Return true if strings are different

Operation

Operation is an enumeration of operation types.

Name Number Description
OPERATION_UNSPECIFIED 0 Unspecified operation, default value.
GET 1 Get
HEAD 2 Head
PUT 3 Put
DELETE 4 Delete
SEARCH 5 Search
GETRANGE 6 GetRange
GETRANGEHASH 7 GetRangeHash

Target

Target of the access control rule in access control list.

Name Number Description
TARGET_UNSPECIFIED 0 Unspecified target, default value.
USER 1 User target rule is applied if sender is the owner of the container.
SYSTEM 2 System target rule is applied if sender is the storage node within the container or inner ring node.
OTHERS 3 Others target rule is applied if sender is not user or system target.

Scalar Value Types

.proto Type Notes C++ Type Java Type Python Type
double double double float
float float float float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long
uint32 Uses variable-length encoding. uint32 int int/long
uint64 Uses variable-length encoding. uint64 long int/long
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long
sfixed32 Always four bytes. int32 int int
sfixed64 Always eight bytes. int64 long int/long
bool bool boolean boolean
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode
bytes May contain any arbitrary sequence of bytes. string ByteString str