frostfs-api/session/types.proto
Leonard Lyubich dbd5ed1978 [#156] session: Define structure of container session context
Define `session.ContainerSessionContext` message with context information of
container service RPCs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-03 11:36:17 +03:00

210 lines
6.8 KiB
Protocol Buffer

syntax = "proto3";
package neo.fs.v2.session;
option go_package = "github.com/nspcc-dev/neofs-api-go/v2/session/grpc;session";
option csharp_namespace = "Neo.FileStorage.API.Session";
import "refs/types.proto";
import "acl/types.proto";
// Context information for Session Tokens related to ObjectService requests
message ObjectSessionContext {
// Object request verbs
enum Verb {
// Unknown verb
VERB_UNSPECIFIED = 0;
// Refers to object.Put RPC call
PUT = 1;
// Refers to object.Get RPC call
GET = 2;
// Refers to object.Head RPC call
HEAD = 3;
// Refers to object.Search RPC call
SEARCH = 4;
// Refers to object.Delete RPC call
DELETE = 5;
// Refers to object.GetRange RPC call
RANGE = 6;
// Refers to object.GetRangeHash RPC call
RANGEHASH = 7;
}
// Type of request for which the token is issued
Verb verb = 1 [json_name = "verb"];
// Related Object address
neo.fs.v2.refs.Address address = 2 [json_name = "address"];
}
// Context information for Session Tokens related to ContainerService requests.
message ContainerSessionContext {
// Container request verbs
enum Verb {
// Unknown verb
VERB_UNSPECIFIED = 0;
// Refers to container.Put RPC call
PUT = 1;
// Refers to container.Delete RPC call
DELETE = 2;
// Refers to container.SetExtendedACL RPC call
SETEACL = 3;
}
// Type of request for which the token is issued
Verb verb = 1 [json_name = "verb"];
// Spreads the action to all owner containers.
// If set, container_id field is ignored.
bool wildcard = 2 [json_name = "wildcard"];
// Particular container to which the action applies.
// Ignored if wildcard flag is set.
refs.ContainerID container_id = 3 [json_name = "containerID"];
}
// NeoFS Session Token.
message SessionToken {
// Session Token body
message Body {
// Token identifier is a valid UUIDv4 in binary form
bytes id = 1 [json_name = "id"];
// Identifier of the session initiator
neo.fs.v2.refs.OwnerID owner_id = 2 [json_name = "ownerID"];
// Lifetime parameters of the token. Field names taken from rfc7519.
message TokenLifetime {
// Expiration Epoch
uint64 exp = 1 [json_name = "exp"];
// Not valid before Epoch
uint64 nbf = 2 [json_name = "nbf"];
// Issued at Epoch
uint64 iat = 3 [json_name = "iat"];
}
// Lifetime of the session
TokenLifetime lifetime = 3 [json_name = "lifetime"];
// Public key used in session
bytes session_key = 4 [json_name = "sessionKey"];
// Session Context information
oneof context {
// ObjectService session context
ObjectSessionContext object = 5 [json_name = "object"];
}
}
// Session Token contains the proof of trust between peers to be attached in
// requests for further verification. Please see corresponding section of
// NeoFS Technical Specification for details.
Body body = 1 [json_name = "body"];
// Signature of `SessionToken` information
neo.fs.v2.refs.Signature signature = 2 [json_name = "signature"];
}
// Extended headers for Request/Response. May contain any user-defined headers
// to be interpreted on application level.
//
// Key name must be unique valid UTF-8 string. Value can't be empty. Requests or
// Responses with duplicated header names or headers with empty values will be
// considered invalid.
//
// There are some "well-known" headers starting with `__NEOFS__` prefix that
// affect system behaviour:
//
// * __NEOFS__NETMAP_EPOCH \
// Netmap epoch to use for object placement calculation. The `value` is string
// encoded `uint64` in decimal presentation. If set to '0' or not set, the
// current epoch only will be used.
// * __NEOFS__NETMAP_LOOKUP_DEPTH \
// If object can't be found using current epoch's netmap, this header limits
// how many past epochs back the node can lookup. The `value` is string
// encoded `uint64` in decimal presentation. If set to '0' or not set, the
// current epoch only will be used.
message XHeader {
// Key of the X-Header
string key = 1 [json_name = "key"];
// Value of the X-Header
string value = 2 [json_name = "value"];
}
// Meta information attached to the request. When forwarded between peers,
// request meta headers are folded in matryoshka style.
message RequestMetaHeader {
// Peer's API version used
neo.fs.v2.refs.Version version = 1 [json_name = "version"];
// Peer's local epoch number. Set to 0 if unknown.
uint64 epoch = 2 [json_name = "epoch"];
// Maximum number of intermediate nodes in the request route
uint32 ttl = 3 [json_name = "ttl"];
// Request X-Headers
repeated XHeader x_headers = 4 [json_name = "xHeaders"];
// Session token within which the request is sent
SessionToken session_token = 5 [json_name = "sessionToken"];
// `BearerToken` with eACL overrides for the request
neo.fs.v2.acl.BearerToken bearer_token = 6 [json_name = "bearerToken"];
// `RequestMetaHeader` of the origin request
RequestMetaHeader origin = 7 [json_name = "origin"];
}
// Information about the response
message ResponseMetaHeader {
// Peer's API version used
neo.fs.v2.refs.Version version = 1 [json_name = "version"];
// Peer's local epoch number
uint64 epoch = 2 [json_name = "epoch"];
// Maximum number of intermediate nodes in the request route
uint32 ttl = 3 [json_name = "ttl"];
// Response X-Headers
repeated XHeader x_headers = 4 [json_name = "xHeaders"];
// `ResponseMetaHeader` of the origin request
ResponseMetaHeader origin = 5 [json_name = "origin"];
}
// Verification info for request signed by all intermediate nodes.
message RequestVerificationHeader {
// Request Body signature. Should be generated once by request initiator.
neo.fs.v2.refs.Signature body_signature = 1 [json_name = "bodySignature"];
// Request Meta signature is added and signed by each intermediate node
neo.fs.v2.refs.Signature meta_signature = 2 [json_name = "metaSignature"];
// Signature of previous hops
neo.fs.v2.refs.Signature origin_signature = 3 [json_name = "originSignature"];
// Chain of previous hops signatures
RequestVerificationHeader origin = 4 [json_name = "origin"];
}
// Verification info for response signed by all intermediate nodes
message ResponseVerificationHeader {
// Response Body signature. Should be generated once by answering node.
neo.fs.v2.refs.Signature body_signature = 1 [json_name = "bodySignature"];
// Response Meta signature is added and signed by each intermediate node
neo.fs.v2.refs.Signature meta_signature = 2 [json_name = "metaSignature"];
// Signature of previous hops
neo.fs.v2.refs.Signature origin_signature = 3 [json_name = "originSignature"];
// Chain of previous hops signatures
ResponseVerificationHeader origin = 4 [json_name = "origin"];
}