From 07eb6a438cdb57fab8b1a219c112a572b9e8c6b8 Mon Sep 17 00:00:00 2001 From: Airat Arifullin Date: Tue, 5 Mar 2024 12:36:58 +0300 Subject: [PATCH] [#40] status: Introduce CONTAINER_ACCESS_DENIED status * Add a new status CONTAINER_ACCESS_DENIED. * Fix descriptions for methods of container and object services. * Also regenerate md docs. Signed-off-by: Airat Arifullin --- container/service.proto | 24 +++-- object/service.proto | 16 +++ proto-docs/accounting.md | 3 +- proto-docs/acl.md | 8 +- proto-docs/container.md | 155 ++++++++++++++------------- proto-docs/lock.md | 5 +- proto-docs/netmap.md | 114 +++++++++++--------- proto-docs/object.md | 220 +++++++++++++++++++++++++++++++++------ proto-docs/refs.md | 38 +++---- proto-docs/session.md | 18 ++-- proto-docs/status.md | 1 + status/types.proto | 3 + 12 files changed, 411 insertions(+), 194 deletions(-) diff --git a/container/service.proto b/container/service.proto index fa45703..5695b66 100644 --- a/container/service.proto +++ b/container/service.proto @@ -23,7 +23,9 @@ service ContainerService { // Statuses: // - **OK** (0, SECTION_SUCCESS): \ // request to save the container has been sent to the sidechain; - // - Common failures (SECTION_FAILURE_COMMON). + // - Common failures (SECTION_FAILURE_COMMON); + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // container create access denied. rpc Put(PutRequest) returns (PutResponse); // `Delete` invokes `Container` smart contract's `Delete` method and returns @@ -34,7 +36,9 @@ service ContainerService { // Statuses: // - **OK** (0, SECTION_SUCCESS): \ // request to remove the container has been sent to the sidechain; - // - Common failures (SECTION_FAILURE_COMMON). + // - Common failures (SECTION_FAILURE_COMMON); + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // container delete access denied. rpc Delete(DeleteRequest) returns (DeleteResponse); // Returns container structure from `Container` smart contract storage. @@ -44,7 +48,9 @@ service ContainerService { // container has been successfully read; // - Common failures (SECTION_FAILURE_COMMON); // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ - // requested container not found. + // requested container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied. rpc Get(GetRequest) returns (GetResponse); // Returns all owner's containers from 'Container` smart contract' storage. @@ -52,7 +58,9 @@ service ContainerService { // Statuses: // - **OK** (0, SECTION_SUCCESS): \ // container list has been successfully read; - // - Common failures (SECTION_FAILURE_COMMON). + // - Common failures (SECTION_FAILURE_COMMON); + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // container list access denied. rpc List(ListRequest) returns (ListResponse); // Invokes 'SetEACL' method of 'Container` smart contract and returns response @@ -62,7 +70,9 @@ service ContainerService { // Statuses: // - **OK** (0, SECTION_SUCCESS): \ // request to save container eACL has been sent to the sidechain; - // - Common failures (SECTION_FAILURE_COMMON). + // - Common failures (SECTION_FAILURE_COMMON); + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // set container eACL access denied. rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse); // Returns Extended ACL table and signature from `Container` smart contract @@ -75,7 +85,9 @@ service ContainerService { // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // container not found; // - **EACL_NOT_FOUND** (3073, SECTION_CONTAINER): \ - // eACL table not found. + // eACL table not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container eACL is denied. rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse); // Announces the space values used by the container for P2P synchronization. diff --git a/object/service.proto b/object/service.proto index 3f727f4..bbf0fc3 100644 --- a/object/service.proto +++ b/object/service.proto @@ -45,6 +45,8 @@ service ObjectService { // the requested object has been marked as deleted; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc Get(GetRequest) returns (stream GetResponse); @@ -78,6 +80,8 @@ service ObjectService { // type other than REGULAR is prohibited; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object storage container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \ // (for trusted object preparation) session private key does not exist or // has @@ -110,6 +114,8 @@ service ObjectService { // deleting a locked object is prohibited; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc Delete(DeleteRequest) returns (DeleteResponse); @@ -138,6 +144,8 @@ service ObjectService { // the requested object has been marked as deleted; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc Head(HeadRequest) returns (HeadResponse); @@ -162,6 +170,8 @@ service ObjectService { // access to operation SEARCH of the object is denied; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // search container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc Search(SearchRequest) returns (stream SearchResponse); @@ -197,6 +207,8 @@ service ObjectService { // the requested range is out of bounds; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc GetRange(GetRangeRequest) returns (stream GetRangeResponse); @@ -230,6 +242,8 @@ service ObjectService { // the requested range is out of bounds; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ // provided session token has expired. rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse); @@ -260,6 +274,8 @@ service ObjectService { // type other than REGULAR is prohibited; // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ // object storage container not found; + // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + // access to container is denied; // - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \ // (for trusted object preparation) session private key does not exist or // has diff --git a/proto-docs/accounting.md b/proto-docs/accounting.md index 94de765..9ed7186 100644 --- a/proto-docs/accounting.md +++ b/proto-docs/accounting.md @@ -105,7 +105,8 @@ BalanceResponse message ### Message BalanceResponse.Body The amount of funds in GAS token for the `OwnerID`'s account requested. -Balance is given in the `Decimal` format to avoid precision issues with rounding. +Balance is given in the `Decimal` format to avoid precision issues with +rounding. | Field | Type | Label | Description | diff --git a/proto-docs/acl.md b/proto-docs/acl.md index c32f958..69d1d3d 100644 --- a/proto-docs/acl.md +++ b/proto-docs/acl.md @@ -38,8 +38,8 @@ like [JWT](https://jwt.io), it has a limited lifetime and scope, hence can be used in the similar use cases, like providing authorisation to externally authenticated party. -BearerToken can be issued only by the container's owner and must be signed using -the key associated with the container's `OwnerID`. +BearerToken can be issued only by the container's owner and must be signed +using the key associated with the container's `OwnerID`. | Field | Type | Label | Description | @@ -51,8 +51,8 @@ the key associated with the container's `OwnerID`. ### Message BearerToken.Body -Bearer Token body structure contains Extended ACL table issued by the container -owner with additional information preventing token abuse. +Bearer Token body structure contains Extended ACL table issued by the +container owner with additional information preventing token abuse. | Field | Type | Label | Description | diff --git a/proto-docs/container.md b/proto-docs/container.md index 6368889..024057f 100644 --- a/proto-docs/container.md +++ b/proto-docs/container.md @@ -3,50 +3,50 @@ ## Table of Contents -- [Protocol Documentation](#protocol-documentation) - - [Table of Contents](#table-of-contents) - - [container/service.proto](#containerserviceproto) - - [Service "neo.fs.v2.container.ContainerService"](#service-neofsv2containercontainerservice) - - [Method Put](#method-put) - - [Method Delete](#method-delete) - - [Method Get](#method-get) - - [Method List](#method-list) - - [Method SetExtendedACL](#method-setextendedacl) - - [Method GetExtendedACL](#method-getextendedacl) - - [Method AnnounceUsedSpace](#method-announceusedspace) - - [Message AnnounceUsedSpaceRequest](#message-announceusedspacerequest) - - [Message AnnounceUsedSpaceRequest.Body](#message-announceusedspacerequestbody) - - [Message AnnounceUsedSpaceRequest.Body.Announcement](#message-announceusedspacerequestbodyannouncement) - - [Message AnnounceUsedSpaceResponse](#message-announceusedspaceresponse) - - [Message AnnounceUsedSpaceResponse.Body](#message-announceusedspaceresponsebody) - - [Message DeleteRequest](#message-deleterequest) - - [Message DeleteRequest.Body](#message-deleterequestbody) - - [Message DeleteResponse](#message-deleteresponse) - - [Message DeleteResponse.Body](#message-deleteresponsebody) - - [Message GetExtendedACLRequest](#message-getextendedaclrequest) - - [Message GetExtendedACLRequest.Body](#message-getextendedaclrequestbody) - - [Message GetExtendedACLResponse](#message-getextendedaclresponse) - - [Message GetExtendedACLResponse.Body](#message-getextendedaclresponsebody) - - [Message GetRequest](#message-getrequest) - - [Message GetRequest.Body](#message-getrequestbody) - - [Message GetResponse](#message-getresponse) - - [Message GetResponse.Body](#message-getresponsebody) - - [Message ListRequest](#message-listrequest) - - [Message ListRequest.Body](#message-listrequestbody) - - [Message ListResponse](#message-listresponse) - - [Message ListResponse.Body](#message-listresponsebody) - - [Message PutRequest](#message-putrequest) - - [Message PutRequest.Body](#message-putrequestbody) - - [Message PutResponse](#message-putresponse) - - [Message PutResponse.Body](#message-putresponsebody) - - [Message SetExtendedACLRequest](#message-setextendedaclrequest) - - [Message SetExtendedACLRequest.Body](#message-setextendedaclrequestbody) - - [Message SetExtendedACLResponse](#message-setextendedaclresponse) - - [Message SetExtendedACLResponse.Body](#message-setextendedaclresponsebody) - - [container/types.proto](#containertypesproto) - - [Message Container](#message-container) - - [Message Container.Attribute](#message-containerattribute) - - [Scalar Value Types](#scalar-value-types) +- [container/service.proto](#container/service.proto) + - Services + - [ContainerService](#neo.fs.v2.container.ContainerService) + + - Messages + - [AnnounceUsedSpaceRequest](#neo.fs.v2.container.AnnounceUsedSpaceRequest) + - [AnnounceUsedSpaceRequest.Body](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body) + - [AnnounceUsedSpaceRequest.Body.Announcement](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body.Announcement) + - [AnnounceUsedSpaceResponse](#neo.fs.v2.container.AnnounceUsedSpaceResponse) + - [AnnounceUsedSpaceResponse.Body](#neo.fs.v2.container.AnnounceUsedSpaceResponse.Body) + - [DeleteRequest](#neo.fs.v2.container.DeleteRequest) + - [DeleteRequest.Body](#neo.fs.v2.container.DeleteRequest.Body) + - [DeleteResponse](#neo.fs.v2.container.DeleteResponse) + - [DeleteResponse.Body](#neo.fs.v2.container.DeleteResponse.Body) + - [GetExtendedACLRequest](#neo.fs.v2.container.GetExtendedACLRequest) + - [GetExtendedACLRequest.Body](#neo.fs.v2.container.GetExtendedACLRequest.Body) + - [GetExtendedACLResponse](#neo.fs.v2.container.GetExtendedACLResponse) + - [GetExtendedACLResponse.Body](#neo.fs.v2.container.GetExtendedACLResponse.Body) + - [GetRequest](#neo.fs.v2.container.GetRequest) + - [GetRequest.Body](#neo.fs.v2.container.GetRequest.Body) + - [GetResponse](#neo.fs.v2.container.GetResponse) + - [GetResponse.Body](#neo.fs.v2.container.GetResponse.Body) + - [ListRequest](#neo.fs.v2.container.ListRequest) + - [ListRequest.Body](#neo.fs.v2.container.ListRequest.Body) + - [ListResponse](#neo.fs.v2.container.ListResponse) + - [ListResponse.Body](#neo.fs.v2.container.ListResponse.Body) + - [PutRequest](#neo.fs.v2.container.PutRequest) + - [PutRequest.Body](#neo.fs.v2.container.PutRequest.Body) + - [PutResponse](#neo.fs.v2.container.PutResponse) + - [PutResponse.Body](#neo.fs.v2.container.PutResponse.Body) + - [SetExtendedACLRequest](#neo.fs.v2.container.SetExtendedACLRequest) + - [SetExtendedACLRequest.Body](#neo.fs.v2.container.SetExtendedACLRequest.Body) + - [SetExtendedACLResponse](#neo.fs.v2.container.SetExtendedACLResponse) + - [SetExtendedACLResponse.Body](#neo.fs.v2.container.SetExtendedACLResponse.Body) + + +- [container/types.proto](#container/types.proto) + + - Messages + - [Container](#neo.fs.v2.container.Container) + - [Container.Attribute](#neo.fs.v2.container.Container.Attribute) + + +- [Scalar Value Types](#scalar-value-types) @@ -81,13 +81,15 @@ rpc AnnounceUsedSpace(AnnounceUsedSpaceRequest) returns (AnnounceUsedSpaceRespon `Put` invokes `Container` smart contract's `Put` method and returns response immediately. After a new block is issued in sidechain, request is -verified by Inner Ring nodes. After one more block in sidechain, the container -is added into smart contract storage. +verified by Inner Ring nodes. After one more block in sidechain, the +container is added into smart contract storage. Statuses: - **OK** (0, SECTION_SUCCESS): \ request to save the container has been sent to the sidechain; -- Common failures (SECTION_FAILURE_COMMON). +- Common failures (SECTION_FAILURE_COMMON); +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + container create access denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -96,13 +98,15 @@ Statuses: `Delete` invokes `Container` smart contract's `Delete` method and returns response immediately. After a new block is issued in sidechain, request is -verified by Inner Ring nodes. After one more block in sidechain, the container -is added into smart contract storage. +verified by Inner Ring nodes. After one more block in sidechain, the +container is added into smart contract storage. Statuses: - **OK** (0, SECTION_SUCCESS): \ request to remove the container has been sent to the sidechain; -- Common failures (SECTION_FAILURE_COMMON). +- Common failures (SECTION_FAILURE_COMMON); +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + container delete access denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -116,7 +120,9 @@ Statuses: container has been successfully read; - Common failures (SECTION_FAILURE_COMMON); - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ - requested container not found. + requested container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -128,7 +134,9 @@ Returns all owner's containers from 'Container` smart contract' storage. Statuses: - **OK** (0, SECTION_SUCCESS): \ container list has been successfully read; -- Common failures (SECTION_FAILURE_COMMON). +- Common failures (SECTION_FAILURE_COMMON); +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + container list access denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -136,13 +144,15 @@ Statuses: #### Method SetExtendedACL Invokes 'SetEACL' method of 'Container` smart contract and returns response -immediately. After one more block in sidechain, changes in an Extended ACL are -added into smart contract storage. +immediately. After one more block in sidechain, changes in an Extended ACL +are added into smart contract storage. Statuses: - **OK** (0, SECTION_SUCCESS): \ request to save container eACL has been sent to the sidechain; -- Common failures (SECTION_FAILURE_COMMON). +- Common failures (SECTION_FAILURE_COMMON); +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + set container eACL access denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -159,7 +169,9 @@ Statuses: - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ container not found; - **EACL_NOT_FOUND** (3073, SECTION_CONTAINER): \ - eACL table not found. + eACL table not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container eACL is denied. | Name | Input | Output | | ---- | ----- | ------ | @@ -327,8 +339,8 @@ Get Extended ACL ### Message GetExtendedACLResponse.Body Get Extended ACL Response body can be empty if the requested container does -not have Extended ACL Table attached or Extended ACL has not been allowed at -the time of container creation. +not have Extended ACL Table attached or Extended ACL has not been allowed +at the time of container creation. | Field | Type | Label | Description | @@ -536,8 +548,8 @@ Set Extended ACL ### Message SetExtendedACLResponse.Body `SetExtendedACLResponse` has an empty body because the operation is -asynchronous and the update should be reflected in `Container` smart contract's -storage after next block is issued in sidechain. +asynchronous and the update should be reflected in `Container` smart +contract's storage after next block is issued in sidechain. @@ -560,8 +572,8 @@ storage after next block is issued in sidechain. ### Message Container Container is a structure that defines object placement behaviour. Objects can be stored only within containers. They define placement rule, attributes and -access control information. An ID of a container is a 32 byte long SHA256 hash -of stable-marshalled container message. +access control information. An ID of a container is a 32 byte long SHA256 +hash of stable-marshalled container message. | Field | Type | Label | Description | @@ -578,8 +590,8 @@ of stable-marshalled container message. ### Message Container.Attribute `Attribute` is a user-defined Key-Value metadata pair attached to the -container. Container attributes are immutable. They are set at the moment of -container creation and can never be added or updated. +container. Container attributes are immutable. They are set at the moment +of container creation and can never be added or updated. Key name must be a container-unique valid UTF-8 string. Value can't be empty. Containers with duplicated attribute names or attributes with empty @@ -593,15 +605,16 @@ There are some "well-known" attributes affecting system behaviour: NNS contract. * [ __SYSTEM__ZONE ] \ (`__NEOFS__ZONE` is deprecated) \ - String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated). Used as a TLD of a domain name in NNS - contract. If no zone is specified, use default zone: `container`. + String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated). + Used as a TLD of a domain name in NNS contract. If no zone is specified, + use default zone: `container`. * [ __SYSTEM__DISABLE_HOMOMORPHIC_HASHING ] \ (`__NEOFS__DISABLE_HOMOMORPHIC_HASHING` is deprecated) \ - Disables homomorphic hashing for the container if the value equals "true" string. - Any other values are interpreted as missing attribute. Container could be - accepted in a NeoFS network only if the global network hashing configuration - value corresponds with that attribute's value. After container inclusion, network - setting is ignored. + Disables homomorphic hashing for the container if the value equals "true" + string. Any other values are interpreted as missing attribute. Container + could be accepted in a NeoFS network only if the global network hashing + configuration value corresponds with that attribute's value. After + container inclusion, network setting is ignored. And some well-known attributes used by applications only: diff --git a/proto-docs/lock.md b/proto-docs/lock.md index 5ed9780..2e730f8 100644 --- a/proto-docs/lock.md +++ b/proto-docs/lock.md @@ -27,8 +27,9 @@ ### Message Lock Lock objects protects a list of objects from being deleted. The lifetime of a lock object is limited similar to regular objects in -`__SYSTEM__EXPIRATION_EPOCH` (`__NEOFS__EXPIRATION_EPOCH` is deprecated) attribute. Lock object MUST have expiration epoch. -It is impossible to delete a lock object via ObjectService.Delete RPC call. +`__SYSTEM__EXPIRATION_EPOCH` (`__NEOFS__EXPIRATION_EPOCH` is deprecated) +attribute. Lock object MUST have expiration epoch. It is impossible to delete +a lock object via ObjectService.Delete RPC call. | Field | Type | Label | Description | diff --git a/proto-docs/netmap.md b/proto-docs/netmap.md index 19b8bd2..45fd764 100644 --- a/proto-docs/netmap.md +++ b/proto-docs/netmap.md @@ -3,40 +3,41 @@ ## Table of Contents -- [Protocol Documentation](#protocol-documentation) - - [Table of Contents](#table-of-contents) - - [netmap/service.proto](#netmapserviceproto) - - [Service "neo.fs.v2.netmap.NetmapService"](#service-neofsv2netmapnetmapservice) - - [Method LocalNodeInfo](#method-localnodeinfo) - - [Method NetworkInfo](#method-networkinfo) - - [Method NetmapSnapshot](#method-netmapsnapshot) - - [Message LocalNodeInfoRequest](#message-localnodeinforequest) - - [Message LocalNodeInfoRequest.Body](#message-localnodeinforequestbody) - - [Message LocalNodeInfoResponse](#message-localnodeinforesponse) - - [Message LocalNodeInfoResponse.Body](#message-localnodeinforesponsebody) - - [Message NetmapSnapshotRequest](#message-netmapsnapshotrequest) - - [Message NetmapSnapshotRequest.Body](#message-netmapsnapshotrequestbody) - - [Message NetmapSnapshotResponse](#message-netmapsnapshotresponse) - - [Message NetmapSnapshotResponse.Body](#message-netmapsnapshotresponsebody) - - [Message NetworkInfoRequest](#message-networkinforequest) - - [Message NetworkInfoRequest.Body](#message-networkinforequestbody) - - [Message NetworkInfoResponse](#message-networkinforesponse) - - [Message NetworkInfoResponse.Body](#message-networkinforesponsebody) - - [netmap/types.proto](#netmaptypesproto) - - [Message Filter](#message-filter) - - [Message Netmap](#message-netmap) - - [Message NetworkConfig](#message-networkconfig) - - [Message NetworkConfig.Parameter](#message-networkconfigparameter) - - [Message NetworkInfo](#message-networkinfo) - - [Message NodeInfo](#message-nodeinfo) - - [Message NodeInfo.Attribute](#message-nodeinfoattribute) - - [Message PlacementPolicy](#message-placementpolicy) - - [Message Replica](#message-replica) - - [Message Selector](#message-selector) - - [Clause](#clause) - - [NodeInfo.State](#nodeinfostate) - - [Operation](#operation) - - [Scalar Value Types](#scalar-value-types) +- [netmap/service.proto](#netmap/service.proto) + - Services + - [NetmapService](#neo.fs.v2.netmap.NetmapService) + + - Messages + - [LocalNodeInfoRequest](#neo.fs.v2.netmap.LocalNodeInfoRequest) + - [LocalNodeInfoRequest.Body](#neo.fs.v2.netmap.LocalNodeInfoRequest.Body) + - [LocalNodeInfoResponse](#neo.fs.v2.netmap.LocalNodeInfoResponse) + - [LocalNodeInfoResponse.Body](#neo.fs.v2.netmap.LocalNodeInfoResponse.Body) + - [NetmapSnapshotRequest](#neo.fs.v2.netmap.NetmapSnapshotRequest) + - [NetmapSnapshotRequest.Body](#neo.fs.v2.netmap.NetmapSnapshotRequest.Body) + - [NetmapSnapshotResponse](#neo.fs.v2.netmap.NetmapSnapshotResponse) + - [NetmapSnapshotResponse.Body](#neo.fs.v2.netmap.NetmapSnapshotResponse.Body) + - [NetworkInfoRequest](#neo.fs.v2.netmap.NetworkInfoRequest) + - [NetworkInfoRequest.Body](#neo.fs.v2.netmap.NetworkInfoRequest.Body) + - [NetworkInfoResponse](#neo.fs.v2.netmap.NetworkInfoResponse) + - [NetworkInfoResponse.Body](#neo.fs.v2.netmap.NetworkInfoResponse.Body) + + +- [netmap/types.proto](#netmap/types.proto) + + - Messages + - [Filter](#neo.fs.v2.netmap.Filter) + - [Netmap](#neo.fs.v2.netmap.Netmap) + - [NetworkConfig](#neo.fs.v2.netmap.NetworkConfig) + - [NetworkConfig.Parameter](#neo.fs.v2.netmap.NetworkConfig.Parameter) + - [NetworkInfo](#neo.fs.v2.netmap.NetworkInfo) + - [NodeInfo](#neo.fs.v2.netmap.NodeInfo) + - [NodeInfo.Attribute](#neo.fs.v2.netmap.NodeInfo.Attribute) + - [PlacementPolicy](#neo.fs.v2.netmap.PlacementPolicy) + - [Replica](#neo.fs.v2.netmap.Replica) + - [Selector](#neo.fs.v2.netmap.Selector) + + +- [Scalar Value Types](#scalar-value-types) @@ -51,10 +52,10 @@ ### Service "neo.fs.v2.netmap.NetmapService" -`NetmapService` provides methods to work with `Network Map` and the information -required to build it. The resulting `Network Map` is stored in sidechain -`Netmap` smart contract, while related information can be obtained from other -NeoFS nodes. +`NetmapService` provides methods to work with `Network Map` and the +information required to build it. The resulting `Network Map` is stored in +sidechain `Netmap` smart contract, while related information can be obtained +from other NeoFS nodes. ``` rpc LocalNodeInfo(LocalNodeInfoRequest) returns (LocalNodeInfoResponse); @@ -65,11 +66,12 @@ rpc NetmapSnapshot(NetmapSnapshotRequest) returns (NetmapSnapshotResponse); #### Method LocalNodeInfo -Get NodeInfo structure from the particular node directly. -Node information can be taken from `Netmap` smart contract. In some cases, though, -one may want to get recent information directly or to talk to the node not yet -present in the `Network Map` to find out what API version can be used for -further communication. This can be also used to check if a node is up and running. +Get NodeInfo structure from the particular node directly. +Node information can be taken from `Netmap` smart contract. In some cases, +though, one may want to get recent information directly or to talk to the +node not yet present in the `Network Map` to find out what API version can +be used for further communication. This can be also used to check if a node +is up and running. Statuses: - **OK** (0, SECTION_SUCCESS): @@ -257,8 +259,8 @@ Information about the network. ### Message Filter -This filter will return the subset of nodes from `NetworkMap` or another filter's -results that will satisfy filter's conditions. +This filter will return the subset of nodes from `NetworkMap` or another +filter's results that will satisfy filter's conditions. | Field | Type | Label | Description | @@ -330,6 +332,12 @@ System parameters: - **WithdrawFee** \ Fee paid for withdrawal of funds paid by the account owner. Value: little-endian integer. Default: 0. +- **MaxECDataCount** \ + Maximum number of data shards for EC placement policy. + Value: little-endian integer. Default: 0. +- **MaxECParityCount** \ + Maximum number of parity shards for EC placement policy. + Value: little-endian integer. Default: 0. | Field | Type | Label | Description | @@ -375,15 +383,15 @@ Administrator-defined Attributes of the NeoFS Storage Node. string. Value can't be empty. Attributes can be constructed into a chain of attributes: any attribute can -have a parent attribute and a child attribute (except the first and the last -one). A string representation of the chain of attributes in NeoFS Storage -Node configuration uses ":" and "/" symbols, e.g.: +have a parent attribute and a child attribute (except the first and the +last one). A string representation of the chain of attributes in NeoFS +Storage Node configuration uses ":" and "/" symbols, e.g.: `NEOFS_NODE_ATTRIBUTE_1=key1:val1/key2:val2` -Therefore the string attribute representation in the Node configuration must -use "\:", "\/" and "\\" escaped symbols if any of them appears in an attribute's -key or value. +Therefore the string attribute representation in the Node configuration +must use "\:", "\/" and "\\" escaped symbols if any of them appears in an +attribute's key or value. Node's attributes are mostly used during Storage Policy evaluation to calculate object's placement and find a set of nodes satisfying policy @@ -459,6 +467,7 @@ storage policy definition languages. | container_backup_factor | [uint32](#uint32) | | Container backup factor controls how deep NeoFS will search for nodes alternatives to include into container's nodes subset | | selectors | [Selector](#neo.fs.v2.netmap.Selector) | repeated | Set of Selectors to form the container's nodes subset | | filters | [Filter](#neo.fs.v2.netmap.Filter) | repeated | List of named filters to reference in selectors | +| unique | [bool](#bool) | | Unique flag defines non-overlapping application for replicas | @@ -473,6 +482,8 @@ default. | ----- | ---- | ----- | ----------- | | count | [uint32](#uint32) | | How many object replicas to put | | selector | [string](#string) | | Named selector bucket to put replicas | +| ec_data_count | [uint32](#uint32) | | Data shards count | +| ec_parity_count | [uint32](#uint32) | | Parity shards count | @@ -538,6 +549,7 @@ Operations on filters | LE | 6 | Less or equal | | OR | 7 | Logical OR | | AND | 8 | Logical AND | +| NOT | 9 | Logical negation | diff --git a/proto-docs/object.md b/proto-docs/object.md index 8b5f460..f080e4a 100644 --- a/proto-docs/object.md +++ b/proto-docs/object.md @@ -35,6 +35,10 @@ - [PutRequest.Body.Init](#neo.fs.v2.object.PutRequest.Body.Init) - [PutResponse](#neo.fs.v2.object.PutResponse) - [PutResponse.Body](#neo.fs.v2.object.PutResponse.Body) + - [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest) + - [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body) + - [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse) + - [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body) - [Range](#neo.fs.v2.object.Range) - [SearchRequest](#neo.fs.v2.object.SearchRequest) - [SearchRequest.Body](#neo.fs.v2.object.SearchRequest.Body) @@ -46,8 +50,11 @@ - [object/types.proto](#object/types.proto) - Messages + - [ECInfo](#neo.fs.v2.object.ECInfo) + - [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk) - [Header](#neo.fs.v2.object.Header) - [Header.Attribute](#neo.fs.v2.object.Header.Attribute) + - [Header.EC](#neo.fs.v2.object.Header.EC) - [Header.Split](#neo.fs.v2.object.Header.Split) - [Object](#neo.fs.v2.object.Object) - [ShortHeader](#neo.fs.v2.object.ShortHeader) @@ -80,17 +87,18 @@ rpc Head(HeadRequest) returns (HeadResponse); rpc Search(SearchRequest) returns (stream SearchResponse); rpc GetRange(GetRangeRequest) returns (stream GetRangeResponse); rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse); +rpc PutSingle(PutSingleRequest) returns (PutSingleResponse); ``` #### Method Get Receive full object structure, including Headers and payload. Response uses -gRPC stream. First response message carries the object with the requested address. -Chunk messages are parts of the object's payload if it is needed. All -messages, except the first one, carry payload chunks. The requested object can -be restored by concatenation of object message payload and all chunks -keeping the receiving order. +gRPC stream. First response message carries the object with the requested +address. Chunk messages are parts of the object's payload if it is needed. +All messages, except the first one, carry payload chunks. The requested +object can be restored by concatenation of object message payload and all +chunks keeping the receiving order. Extended headers can change `Get` behaviour: * [ __SYSTEM__NETMAP_EPOCH ] \ @@ -99,9 +107,10 @@ Extended headers can change `Get` behaviour: calculation. * [ __SYSTEM__NETMAP_LOOKUP_DEPTH ] \ (`__NEOFS__NETMAP_LOOKUP_DEPTH` is deprecated) \ - Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH` (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or - the latest one otherwise) of Network Map to find an object until the depth - limit is reached. + Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH` + (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or the latest one + otherwise) of Network Map to find an object until the depth limit is + reached. Please refer to detailed `XHeader` description. @@ -117,6 +126,8 @@ Statuses: the requested object has been marked as deleted; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -147,15 +158,18 @@ Statuses: - **ACCESS_DENIED** (2048, SECTION_OBJECT): \ write access to the container is denied; - **LOCKED** (2050, SECTION_OBJECT): \ - placement of an object of type TOMBSTONE that includes at least one locked - object is prohibited; + placement of an object of type TOMBSTONE that includes at least one + locked object is prohibited; - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \ placement of an object of type LOCK that includes at least one object of type other than REGULAR is prohibited; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object storage container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \ - (for trusted object preparation) session private key does not exist or has + (for trusted object preparation) session private key does not exist or + has been deleted; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -182,10 +196,15 @@ Statuses: - Common failures (SECTION_FAILURE_COMMON); - **ACCESS_DENIED** (2048, SECTION_OBJECT): \ delete access to the object is denied; +- **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \ + the object could not be deleted because it has not been \ + found within the container; - **LOCKED** (2050, SECTION_OBJECT): \ deleting a locked object is prohibited; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -218,6 +237,8 @@ Statuses: the requested object has been marked as deleted; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -246,6 +267,8 @@ Statuses: access to operation SEARCH of the object is denied; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ search container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -256,8 +279,8 @@ Statuses: Get byte range of data payload. Range is set as an (offset, length) tuple. Like in `Get` method, the response uses gRPC stream. Requested range can be -restored by concatenation of all received payload chunks keeping the receiving -order. +restored by concatenation of all received payload chunks keeping the +receiving order. Extended headers can change `GetRange` behaviour: * [ __SYSTEM__NETMAP_EPOCH ] \ @@ -285,6 +308,8 @@ Statuses: the requested range is out of bounds; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. @@ -322,12 +347,54 @@ Statuses: the requested range is out of bounds; - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ object container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ provided session token has expired. | Name | Input | Output | | ---- | ----- | ------ | | GetRangeHash | [GetRangeHashRequest](#neo.fs.v2.object.GetRangeHashRequest) | [GetRangeHashResponse](#neo.fs.v2.object.GetRangeHashResponse) | +#### Method PutSingle + +Put the prepared object into container. +`ContainerID`, `ObjectID`, `OwnerID`, `PayloadHash` and `PayloadLength` of +an object MUST be set. + +Extended headers can change `Put` behaviour: +* [ __SYSTEM__NETMAP_EPOCH \ + (`__NEOFS__NETMAP_EPOCH` is deprecated) \ + Will use the requested version of Network Map for object placement + calculation. + +Please refer to detailed `XHeader` description. + +Statuses: +- **OK** (0, SECTION_SUCCESS): \ + object has been successfully saved in the container; +- Common failures (SECTION_FAILURE_COMMON); +- **ACCESS_DENIED** (2048, SECTION_OBJECT): \ + write access to the container is denied; +- **LOCKED** (2050, SECTION_OBJECT): \ + placement of an object of type TOMBSTONE that includes at least one + locked object is prohibited; +- **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \ + placement of an object of type LOCK that includes at least one object of + type other than REGULAR is prohibited; +- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \ + object storage container not found; +- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \ + access to container is denied; +- **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \ + (for trusted object preparation) session private key does not exist or + has +been deleted; +- **TOKEN_EXPIRED** (4097, SECTION_SESSION): \ + provided session token has expired. + +| Name | Input | Output | +| ---- | ----- | ------ | +| PutSingle | [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest) | [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse) | @@ -484,6 +551,7 @@ chunks. | ----- | ---- | ----- | ----------- | | chunk | [bytes](#bytes) | | Chunked object payload's range. | | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) | | Meta information of split hierarchy. | +| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) | | Meta information for EC object assembly. | @@ -535,6 +603,7 @@ GET Object Response body | init | [GetResponse.Body.Init](#neo.fs.v2.object.GetResponse.Body.Init) | | Initial part of the object stream | | chunk | [bytes](#bytes) | | Chunked object payload | | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) | | Meta information of split hierarchy for object assembly. | +| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) | | Meta information for EC object assembly. | @@ -601,6 +670,7 @@ Object HEAD response body | header | [HeaderWithSignature](#neo.fs.v2.object.HeaderWithSignature) | | Full object's `Header` with `ObjectID` signature | | short_header | [ShortHeader](#neo.fs.v2.object.ShortHeader) | | Short object header | | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) | | Meta information of split hierarchy. | +| ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) | | Meta information for EC object assembly. | @@ -685,6 +755,51 @@ PUT Object response body | object_id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) | | Identifier of the saved object | + + +### Message PutSingleRequest +Object PUT Single request + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| body | [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body) | | Body of put single object request message. | +| meta_header | [neo.fs.v2.session.RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) | | Carries request meta information. Header data is used only to regulate message transport and does not affect request execution. | +| verify_header | [neo.fs.v2.session.RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) | | Carries request verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | + + + + +### Message PutSingleRequest.Body +PUT Single request body + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| object | [Object](#neo.fs.v2.object.Object) | | Prepared object with payload. | +| copies_number | [uint32](#uint32) | repeated | Number of copies of the object to store within the RPC call. By default, object is processed according to the container's placement policy. Every number is treated as a minimal number of nodes in a corresponding placement vector that must store an object to complete the request successfully. The length MUST equal the placement vectors number, otherwise request is considered malformed. | + + + + +### Message PutSingleResponse +Object PUT Single response + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| body | [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body) | | Body of put single object response message. | +| meta_header | [neo.fs.v2.session.ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) | | Carries response meta information. Header data is used only to regulate message transport and does not affect request execution. | +| verify_header | [neo.fs.v2.session.ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) | | Carries response verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | + + + + +### Message PutSingleResponse.Body +PUT Single Object response body + + + ### Message Range @@ -726,11 +841,11 @@ Object Search request body ### Message SearchRequest.Body.Filter -Filter structure checks if the object header field or the attribute content -matches a value. +Filter structure checks if the object header field or the attribute +content matches a value. If no filters are set, search request will return all objects of the -container, including Regular object, Tombstones and Storage Group +container, including Regular object and Tombstone objects. Most human users expect to get only object they can directly work with. In that case, `$Object:ROOT` filter should be used. @@ -765,11 +880,11 @@ There are some well-known filter aliases to match objects by certain properties: * $Object:ROOT \ - Returns only `REGULAR` type objects that are not split or that are the top - level root objects in a split hierarchy. This includes objects not + Returns only `REGULAR` type objects that are not split or that are the + top level root objects in a split hierarchy. This includes objects not present physically, like large objects split into smaller objects without a separate top-level root object. Objects of other types like - StorageGroups and Tombstones will not be shown. This filter may be + Locks and Tombstones will not be shown. This filter may be useful for listing objects like `ls` command of some virtual file system. This filter is activated if the `key` exists, disregarding the value and matcher type. @@ -778,8 +893,8 @@ properties: activated if the `key` exists, disregarding the value and matcher type. Note: using filters with a key with prefix `$Object:` and match type -`NOT_PRESENT `is not recommended since this is not a cross-version approach. -Behavior when processing this kind of filters is undefined. +`NOT_PRESENT `is not recommended since this is not a cross-version +approach. Behavior when processing this kind of filters is undefined. | Field | Type | Label | Description | @@ -827,6 +942,30 @@ Object Search response body + + +### Message ECInfo +Meta information for the erasure-encoded object. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| chunks | [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk) | repeated | Chunk stored on the node. | + + + + +### Message ECInfo.Chunk + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) | | Object ID of the chunk. | +| index | [uint32](#uint32) | | Index of the chunk. | +| total | [uint32](#uint32) | | Total number of chunks in this split. | + + ### Message Header @@ -846,6 +985,7 @@ Object Header | session_token | [neo.fs.v2.session.SessionToken](#neo.fs.v2.session.SessionToken) | | Session token, if it was used during Object creation. Need it to verify integrity and authenticity out of Request scope. | | attributes | [Header.Attribute](#neo.fs.v2.object.Header.Attribute) | repeated | User-defined object attributes | | split | [Header.Split](#neo.fs.v2.object.Header.Split) | | Position of the object in the split hierarchy | +| ec | [Header.EC](#neo.fs.v2.object.Header.EC) | | Erasure code chunk information. | @@ -858,15 +998,16 @@ Key name must be an object-unique valid UTF-8 string. Value can't be empty. Objects with duplicated attribute names or attributes with empty values will be considered invalid. -There are some "well-known" attributes starting with `__SYSTEM__` (`__NEOFS__` is deprecated) prefix -that affect system behaviour: +There are some "well-known" attributes starting with `__SYSTEM__` +(`__NEOFS__` is deprecated) prefix that affect system behaviour: * [ __SYSTEM__UPLOAD_ID ] \ (`__NEOFS__UPLOAD_ID` is deprecated) \ Marks smaller parts of a split bigger object * [ __SYSTEM__EXPIRATION_EPOCH ] \ (`__NEOFS__EXPIRATION_EPOCH` is deprecated) \ - Tells GC to delete object after that epoch + The epoch after which object with no LOCKs on it becomes unavailable. + Locked object continues to be available until each of the LOCKs expire. * [ __SYSTEM__TICK_EPOCH ] \ (`__NEOFS__TICK_EPOCH` is deprecated) \ Decimal number that defines what epoch must produce @@ -905,6 +1046,23 @@ corresponding section in NeoFS Technical Specification. | value | [string](#string) | | string value of the object attribute | + + +### Message Header.EC +Erasure code can be applied to any object. +Information about encoded object structure is stored in `EC` header. +All objects belonging to a single EC group have the same `parent` field. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| parent | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) | | Identifier of the origin object. Known to all chunks. | +| index | [uint32](#uint32) | | Index of this chunk. | +| total | [uint32](#uint32) | | Total number of chunks in this split. | +| header_length | [uint32](#uint32) | | Total length of a parent header. Used to trim padding zeroes. | +| header | [bytes](#bytes) | | Chunk of a parent header. | + + ### Message Header.Split @@ -928,8 +1086,8 @@ must be within the same container. ### Message Object Object structure. Object is immutable and content-addressed. It means -`ObjectID` will change if the header or the payload changes. It's calculated as a -hash of header field which contains hash of the object's payload. +`ObjectID` will change if the header or the payload changes. It's calculated +as a hash of header field which contains hash of the object's payload. For non-regular object types payload format depends on object type specified in the header. @@ -965,8 +1123,8 @@ Short header fields ### Message SplitInfo Meta information of split hierarchy for object assembly. With the last part one can traverse linked list of split hierarchy back to the first part and -assemble the original object. With a linking object one can assemble an object -right from the object parts. +assemble the original object. With a linking object one can assemble an +object right from the object parts. | Field | Type | Label | Description | @@ -997,20 +1155,18 @@ Type of match expression ### ObjectType Type of the object payload content. Only `REGULAR` type objects can be split, -hence `TOMBSTONE`, `STORAGE_GROUP` and `LOCK` payload is limited by the maximum -object size. +hence `TOMBSTONE` and `LOCK` payload is limited by the +maximum object size. String presentation of object type is the same as definition: * REGULAR * TOMBSTONE -* STORAGE_GROUP * LOCK | Name | Number | Description | | ---- | ------ | ----------- | | REGULAR | 0 | Just a normal object | | TOMBSTONE | 1 | Used internally to identify deleted objects | -| STORAGE_GROUP | 2 | StorageGroup information | | LOCK | 3 | Object lock | diff --git a/proto-docs/refs.md b/proto-docs/refs.md index 7d66e5a..d688387 100644 --- a/proto-docs/refs.md +++ b/proto-docs/refs.md @@ -3,20 +3,20 @@ ## Table of Contents -- [Protocol Documentation](#protocol-documentation) - - [Table of Contents](#table-of-contents) - - [refs/types.proto](#refstypesproto) - - [Message Address](#message-address) - - [Message Checksum](#message-checksum) - - [Message ContainerID](#message-containerid) - - [Message ObjectID](#message-objectid) - - [Message OwnerID](#message-ownerid) - - [Message Signature](#message-signature) - - [Message SignatureRFC6979](#message-signaturerfc6979) - - [Message Version](#message-version) - - [ChecksumType](#checksumtype) - - [SignatureScheme](#signaturescheme) - - [Scalar Value Types](#scalar-value-types) +- [refs/types.proto](#refs/types.proto) + + - Messages + - [Address](#neo.fs.v2.refs.Address) + - [Checksum](#neo.fs.v2.refs.Checksum) + - [ContainerID](#neo.fs.v2.refs.ContainerID) + - [ObjectID](#neo.fs.v2.refs.ObjectID) + - [OwnerID](#neo.fs.v2.refs.OwnerID) + - [Signature](#neo.fs.v2.refs.Signature) + - [SignatureRFC6979](#neo.fs.v2.refs.SignatureRFC6979) + - [Version](#neo.fs.v2.refs.Version) + + +- [Scalar Value Types](#scalar-value-types) @@ -95,8 +95,8 @@ It means `ObjectID` will change if the `header` or the `payload` changes. `ObjectID` is a 32 byte long [SHA256](https://csrc.nist.gov/publications/detail/fips/180/4/final) hash of -the object's `header` field, which, in it's turn, contains the hash of the object's -payload. +the object's `header` field, which, in it's turn, contains the hash of the +object's payload. String presentation is a [base58](https://tools.ietf.org/html/draft-msporny-base58-02) encoded string. @@ -169,7 +169,8 @@ RFC 6979 signature. API version used by a node. String presentation is a Semantic Versioning 2.0.0 compatible version string -with 'v' prefix. i.e. `vX.Y`, where `X` is the major number, `Y` is the minor number. +with 'v' prefix. i.e. `vX.Y`, where `X` is the major number, `Y` is the minor +number. | Field | Type | Label | Description | @@ -196,7 +197,8 @@ Checksum algorithm type. ### SignatureScheme -Signature scheme describes digital signing scheme used for (key, signature) pair. +Signature scheme describes digital signing scheme used for (key, signature) +pair. | Name | Number | Description | | ---- | ------ | ----------- | diff --git a/proto-docs/session.md b/proto-docs/session.md index facb292..0c4cb8e 100644 --- a/proto-docs/session.md +++ b/proto-docs/session.md @@ -278,15 +278,15 @@ Lifetime parameters of the token. Field names taken from rfc7519. ### Message XHeader -Extended headers for Request/Response. They may contain any user-defined headers -to be interpreted on application level. +Extended headers for Request/Response. They may contain any user-defined +headers to be interpreted on application level. -Key name must be a unique valid UTF-8 string. Value can't be empty. Requests or -Responses with duplicated header names or headers with empty values will be -considered invalid. +Key name must be a unique valid UTF-8 string. Value can't be empty. Requests +or Responses with duplicated header names or headers with empty values will +be considered invalid. -There are some "well-known" headers starting with `__SYSTEM__` (`__NEOFS__` is deprecated) prefix that -affect system behaviour: +There are some "well-known" headers starting with `__SYSTEM__` (`__NEOFS__` +is deprecated) prefix that affect system behaviour: * [ __SYSTEM__NETMAP_EPOCH ] \ (`__NEOFS__NETMAP_EPOCH` is deprecated) \ @@ -297,8 +297,8 @@ affect system behaviour: (`__NEOFS__NETMAP_LOOKUP_DEPTH` is deprecated) \ If object can't be found using current epoch's netmap, this header limits how many past epochs the node can look up through. The `value` is string - encoded `uint64` in decimal presentation. If set to '0' or not set, only the - current epoch will be used. + encoded `uint64` in decimal presentation. If set to '0' or not set, only + the current epoch will be used. | Field | Type | Label | Description | diff --git a/proto-docs/status.md b/proto-docs/status.md index b426326..d809daf 100644 --- a/proto-docs/status.md +++ b/proto-docs/status.md @@ -102,6 +102,7 @@ Section of statuses for container-related operations. | ---- | ------ | ----------- | | CONTAINER_NOT_FOUND | 0 | [**3072**] Container not found. | | EACL_NOT_FOUND | 1 | [**3073**] eACL table not found. | +| CONTAINER_ACCESS_DENIED | 2 | [**3074**] Container access denied. | diff --git a/status/types.proto b/status/types.proto index 60dfd94..52a7214 100644 --- a/status/types.proto +++ b/status/types.proto @@ -133,6 +133,9 @@ enum Container { // [**3073**] eACL table not found. EACL_NOT_FOUND = 1; + + // [**3074**] Container access denied. + CONTAINER_ACCESS_DENIED = 2; } // Section of statuses for session-related operations.