Service headers are ignored by NeoFS nodes but can be
used to save access-related information by services
built on top of NeoFS.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Extended ACL description lacks `objectID` key in filters. It's useful to control
access to specific object.
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
eACL Table is stored in SC storage, hence format version may be needed to
correctly process it in future.
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
To simplify adding more transport level protocols to neofs-api-go in future, we
need to separate currently default gRPC.
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
- Changed package names adding version
- Added documentation descriptions (sometimes useless) for all fields
- Changed enum format
- Made SessionToken and BearerToken field names more clear
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
NeoFS Object are now Content-addressed. It means the Object's address depends on
it's content. ObjectID is now calculated as hash of Header, which contains a
hash of payload. If either if Object's payload of Headers change, the ID will
also change.
Signed-off-by: Stanislav Bogatyrev <stanislav@nspcc.ru>
There is a need to remove gogoproto usage from NeoFS API since this plugin
is not cross-language. This commit removes usage from acl package.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Change the type of all fields for the container identifier to refs.ContainerID.
This will allow to follow a single format and not duplicate its description.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
EACLTable message and signature stored in blockchain storage.
If owner has several containers, malicious node can return
correct EACLTable of the container other than client actually
requested. With container id field in the EACLTable, this
malicious behaviour can be detected.
ContainerID has id 1, so contract can easily cut container id
from byte sequence.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Basic NeoFS ACL applies access rules to request sender. Request
senders are combined in groups that calls `targets`.
Basic ACL rules may be applied to these targets:
1. User - request sender is the owner of the container,
used in the request.
2. System - request sender is the storage node
within the container used in the request or
inner ring node.
3. Others - request sender is none of the above.
Extended ACL rules may be applied for targets, provided with
extra information.
4. PubKey - request sender has provided public key.
