forked from TrueCloudLab/frostfs-api
79baf3b637
eACL Table is stored in SC storage, hence format version may be needed to correctly process it in future. Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
8 KiB
8 KiB
Protocol Documentation
Table of Contents
acl/types.proto
Message BearerToken
BearerToken has information about request ACL rules with limited lifetime
Field | Type | Label | Description |
---|---|---|---|
body | BearerToken.Body | Bearer Token body | |
signature | neo.fs.v2.refs.Signature | Signature of BearerToken body |
Message BearerToken.Body
Bearer Token body
Field | Type | Label | Description |
---|---|---|---|
eacl_table | EACLTable | EACLTable carries table of extended ACL rules | |
owner_id | neo.fs.v2.refs.OwnerID | OwnerID carries identifier of the token owner | |
lifetime | BearerToken.Body.TokenLifetime | Token expiration and valid time period parameters |
Message BearerToken.Body.TokenLifetime
Lifetime parameters of the token. Filed names taken from rfc7519.
Field | Type | Label | Description |
---|---|---|---|
exp | uint64 | Expiration Epoch | |
nbf | uint64 | Not valid before Epoch | |
iat | uint64 | Issued at Epoch |
Message EACLRecord
EACLRecord groups information about extended ACL rule.
Field | Type | Label | Description |
---|---|---|---|
operation | Operation | Operation carries type of operation. | |
action | Action | Action carries ACL target action. | |
filters | EACLRecord.FilterInfo | repeated | filters carries set of filters. |
targets | EACLRecord.TargetInfo | repeated | targets carries information about extended ACL target list. |
Message EACLRecord.FilterInfo
FilterInfo groups information about filter.
Field | Type | Label | Description |
---|---|---|---|
header | HeaderType | Header carries type of header. | |
match_type | MatchType | MatchType carries type of match. | |
header_name | string | header_name carries name of filtering header. | |
header_val | string | header_val carries value of filtering header. |
Message EACLRecord.TargetInfo
TargetInfo groups information about extended ACL target.
Field | Type | Label | Description |
---|---|---|---|
target | Target | target carries target of ACL rule. | |
key_list | bytes | repeated | key_list carries public keys of ACL target. |
Message EACLTable
EACLRecord carries the information about extended ACL rules.
Field | Type | Label | Description |
---|---|---|---|
version | neo.fs.v2.refs.Version | eACL format version. Effectively the version of API library used to create eACL Table | |
container_id | neo.fs.v2.refs.ContainerID | Carries identifier of the container that should use given access control rules. | |
records | EACLRecord | repeated | Records carries list of extended ACL rule records. |
Action
Action is an enumeration of EACL actions.
Name | Number | Description |
---|---|---|
ACTION_UNSPECIFIED | 0 | Unspecified action, default value. |
ALLOW | 1 | Allow action |
DENY | 2 | Deny action |
HeaderType
Header is an enumeration of filtering header types.
Name | Number | Description |
---|---|---|
HEADER_UNSPECIFIED | 0 | Unspecified header, default value. |
REQUEST | 1 | Filter request headers |
OBJECT | 2 | Filter object headers |
MatchType
MatchType is an enumeration of match types.
Name | Number | Description |
---|---|---|
MATCH_TYPE_UNSPECIFIED | 0 | Unspecified match type, default value. |
STRING_EQUAL | 1 | Return true if strings are equal |
STRING_NOT_EQUAL | 2 | Return true if strings are different |
Operation
Operation is an enumeration of operation types.
Name | Number | Description |
---|---|---|
OPERATION_UNSPECIFIED | 0 | Unspecified operation, default value. |
GET | 1 | Get |
HEAD | 2 | Head |
PUT | 3 | Put |
DELETE | 4 | Delete |
SEARCH | 5 | Search |
GETRANGE | 6 | GetRange |
GETRANGEHASH | 7 | GetRangeHash |
Target
Target of the access control rule in access control list.
Name | Number | Description |
---|---|---|
TARGET_UNSPECIFIED | 0 | Unspecified target, default value. |
USER | 1 | User target rule is applied if sender is the owner of the container. |
SYSTEM | 2 | System target rule is applied if sender is the storage node within the container or inner ring node. |
OTHERS | 3 | Others target rule is applied if sender is not user or system target. |
Scalar Value Types
.proto Type | Notes | C++ Type | Java Type | Python Type |
---|---|---|---|---|
double | double | double | float | |
float | float | float | float | |
int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
uint32 | Uses variable-length encoding. | uint32 | int | int/long |
uint64 | Uses variable-length encoding. | uint64 | long | int/long |
sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
sfixed32 | Always four bytes. | int32 | int | int |
sfixed64 | Always eight bytes. | int64 | long | int/long |
bool | bool | boolean | boolean | |
string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |