forked from TrueCloudLab/frostfs-api
container: Replace AccessGroup
with BasicACL
With new ACL conception, access control lists in NeoFS defined as a required basic ACL and optional extended ACL. Basic ACL must be set up in container structure. It is a bit mask stored in 32-bit unsigned integer. Seven nibbles represent seven object operations: get, put, head, search, delete, range, range-hash. Every nibble defines access rules for three targets: user, owner, others and has permission bit for bearer token. There is a permission bit for extended ACL and three unused bits.
This commit is contained in:
parent
2b667d13ec
commit
18b698d429
2 changed files with 5 additions and 16 deletions
|
@ -42,8 +42,8 @@ message PutRequest {
|
||||||
// Rules define storage policy for the object inside the container.
|
// Rules define storage policy for the object inside the container.
|
||||||
netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false];
|
netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false];
|
||||||
|
|
||||||
// Container ACL.
|
// BasicACL of the container.
|
||||||
AccessGroup Group = 5 [(gogoproto.nullable) = false];
|
uint32 BasicACL = 5;
|
||||||
|
|
||||||
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
|
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
|
||||||
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
|
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
|
||||||
|
|
|
@ -18,18 +18,7 @@ message Container {
|
||||||
uint64 Capacity = 3;
|
uint64 Capacity = 3;
|
||||||
// Rules define storage policy for the object inside the container.
|
// Rules define storage policy for the object inside the container.
|
||||||
netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
|
netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
|
||||||
// Container ACL.
|
// BasicACL with access control rules for owner, system, others and
|
||||||
AccessControlList List = 5 [(gogoproto.nullable) = false];
|
// permission bits for bearer token and extended ACL.
|
||||||
}
|
uint32 BasicACL = 5;
|
||||||
|
|
||||||
message AccessGroup {
|
|
||||||
// Group access mode.
|
|
||||||
uint32 AccessMode = 1;
|
|
||||||
// Group members.
|
|
||||||
repeated bytes UserGroup = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
|
|
||||||
}
|
|
||||||
|
|
||||||
message AccessControlList {
|
|
||||||
// List of access groups.
|
|
||||||
repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue