# Protocol Documentation ## Table of Contents - [session/service.proto](#session/service.proto) - Services - [SessionService](#frost.fs.session.SessionService) - Messages - [CreateRequest](#frost.fs.session.CreateRequest) - [CreateRequest.Body](#frost.fs.session.CreateRequest.Body) - [CreateResponse](#frost.fs.session.CreateResponse) - [CreateResponse.Body](#frost.fs.session.CreateResponse.Body) - [session/types.proto](#session/types.proto) - Messages - [ContainerSessionContext](#frost.fs.session.ContainerSessionContext) - [ObjectSessionContext](#frost.fs.session.ObjectSessionContext) - [ObjectSessionContext.Target](#frost.fs.session.ObjectSessionContext.Target) - [RequestMetaHeader](#frost.fs.session.RequestMetaHeader) - [RequestVerificationHeader](#frost.fs.session.RequestVerificationHeader) - [ResponseMetaHeader](#frost.fs.session.ResponseMetaHeader) - [ResponseVerificationHeader](#frost.fs.session.ResponseVerificationHeader) - [SessionToken](#frost.fs.session.SessionToken) - [SessionToken.Body](#frost.fs.session.SessionToken.Body) - [SessionToken.Body.TokenLifetime](#frost.fs.session.SessionToken.Body.TokenLifetime) - [XHeader](#frost.fs.session.XHeader) - [Scalar Value Types](#scalar-value-types)

Top

## session/service.proto ### Service "frost.fs.session.SessionService" `SessionService` allows to establish a temporary trust relationship between two peer nodes and generate a `SessionToken` as the proof of trust to be attached in requests for further verification. Please see corresponding section of FrostFS Technical Specification for details. ``` rpc Create(CreateRequest) returns (CreateResponse); ``` #### Method Create Open a new session between two peers. Statuses: - **OK** (0, SECTION_SUCCESS): session has been successfully opened; - Common failures (SECTION_FAILURE_COMMON). | Name | Input | Output | | ---- | ----- | ------ | | Create | [CreateRequest](#frost.fs.session.CreateRequest) | [CreateResponse](#frost.fs.session.CreateResponse) | ### Message CreateRequest Information necessary for opening a session. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [CreateRequest.Body](#frost.fs.session.CreateRequest.Body) | | Body of a create session token request message. | | meta_header | [RequestMetaHeader](#frost.fs.session.RequestMetaHeader) | | Carries request meta information. Header data is used only to regulate message transport and does not affect request execution. | | verify_header | [RequestVerificationHeader](#frost.fs.session.RequestVerificationHeader) | | Carries request verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | ### Message CreateRequest.Body Session creation request body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | owner_id | [frost.fs.refs.OwnerID](#frost.fs.refs.OwnerID) | | Session initiating user's or node's key derived `OwnerID` | | expiration | [uint64](#uint64) | | Session expiration `Epoch` | ### Message CreateResponse Information about the opened session. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [CreateResponse.Body](#frost.fs.session.CreateResponse.Body) | | Body of create session token response message. | | meta_header | [ResponseMetaHeader](#frost.fs.session.ResponseMetaHeader) | | Carries response meta information. Header data is used only to regulate message transport and does not affect request execution. | | verify_header | [ResponseVerificationHeader](#frost.fs.session.ResponseVerificationHeader) | | Carries response verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | ### Message CreateResponse.Body Session creation response body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | id | [bytes](#bytes) | | Identifier of a newly created session | | session_key | [bytes](#bytes) | | Public key used for session |

Top

## session/types.proto ### Message ContainerSessionContext Context information for Session Tokens related to ContainerService requests. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | verb | [ContainerSessionContext.Verb](#frost.fs.session.ContainerSessionContext.Verb) | | Type of request for which the token is issued | | wildcard | [bool](#bool) | | Spreads the action to all owner containers. If set, container_id field is ignored. | | container_id | [frost.fs.refs.ContainerID](#frost.fs.refs.ContainerID) | | Particular container to which the action applies. Ignored if wildcard flag is set. | ### Message ObjectSessionContext Context information for Session Tokens related to ObjectService requests | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | verb | [ObjectSessionContext.Verb](#frost.fs.session.ObjectSessionContext.Verb) | | Type of request for which the token is issued | | target | [ObjectSessionContext.Target](#frost.fs.session.ObjectSessionContext.Target) | | Object session target. MUST be correctly formed and set. If `objects` field is not empty, then the session applies only to these elements, otherwise, to all objects from the specified container. | ### Message ObjectSessionContext.Target Carries objects involved in the object session. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | container | [frost.fs.refs.ContainerID](#frost.fs.refs.ContainerID) | | Indicates which container the session is spread to. Field MUST be set and correct. | | objects | [frost.fs.refs.ObjectID](#frost.fs.refs.ObjectID) | repeated | Indicates which objects the session is spread to. Objects are expected to be stored in the FrostFS container referenced by `container` field. Each element MUST have correct format. | ### Message RequestMetaHeader Meta information attached to the request. When forwarded between peers, request meta headers are folded in matryoshka style. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | version | [frost.fs.refs.Version](#frost.fs.refs.Version) | | Peer's API version used | | epoch | [uint64](#uint64) | | Peer's local epoch number. Set to 0 if unknown. | | ttl | [uint32](#uint32) | | Maximum number of intermediate nodes in the request route | | x_headers | [XHeader](#frost.fs.session.XHeader) | repeated | Request X-Headers | | session_token | [SessionToken](#frost.fs.session.SessionToken) | | Session token within which the request is sent | | bearer_token | [frost.fs.acl.BearerToken](#frost.fs.acl.BearerToken) | | `BearerToken` with eACL overrides for the request | | origin | [RequestMetaHeader](#frost.fs.session.RequestMetaHeader) | | `RequestMetaHeader` of the origin request | | magic_number | [uint64](#uint64) | | FrostFS network magic. Must match the value for the network that the server belongs to. | ### Message RequestVerificationHeader Verification info for the request signed by all intermediate nodes. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Request Body signature. Should be generated once by the request initiator. | | meta_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Request Meta signature is added and signed by each intermediate node | | origin_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Signature of previous hops | | origin | [RequestVerificationHeader](#frost.fs.session.RequestVerificationHeader) | | Chain of previous hops signatures | ### Message ResponseMetaHeader Information about the response | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | version | [frost.fs.refs.Version](#frost.fs.refs.Version) | | Peer's API version used | | epoch | [uint64](#uint64) | | Peer's local epoch number | | ttl | [uint32](#uint32) | | Maximum number of intermediate nodes in the request route | | x_headers | [XHeader](#frost.fs.session.XHeader) | repeated | Response X-Headers | | origin | [ResponseMetaHeader](#frost.fs.session.ResponseMetaHeader) | | `ResponseMetaHeader` of the origin request | | status | [frost.fs.status.Status](#frost.fs.status.Status) | | Status return | ### Message ResponseVerificationHeader Verification info for the response signed by all intermediate nodes | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Response Body signature. Should be generated once by an answering node. | | meta_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Response Meta signature is added and signed by each intermediate node | | origin_signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Signature of previous hops | | origin | [ResponseVerificationHeader](#frost.fs.session.ResponseVerificationHeader) | | Chain of previous hops signatures | ### Message SessionToken FrostFS Session Token. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [SessionToken.Body](#frost.fs.session.SessionToken.Body) | | Session Token contains the proof of trust between peers to be attached in requests for further verification. Please see corresponding section of FrostFS Technical Specification for details. | | signature | [frost.fs.refs.Signature](#frost.fs.refs.Signature) | | Signature of `SessionToken` information | ### Message SessionToken.Body Session Token body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | id | [bytes](#bytes) | | Token identifier is a valid UUIDv4 in binary form | | owner_id | [frost.fs.refs.OwnerID](#frost.fs.refs.OwnerID) | | Identifier of the session initiator | | lifetime | [SessionToken.Body.TokenLifetime](#frost.fs.session.SessionToken.Body.TokenLifetime) | | Lifetime of the session | | session_key | [bytes](#bytes) | | Public key used in session | | object | [ObjectSessionContext](#frost.fs.session.ObjectSessionContext) | | ObjectService session context | | container | [ContainerSessionContext](#frost.fs.session.ContainerSessionContext) | | ContainerService session context | ### Message SessionToken.Body.TokenLifetime Lifetime parameters of the token. Field names taken from rfc7519. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | exp | [uint64](#uint64) | | Expiration Epoch | | nbf | [uint64](#uint64) | | Not valid before Epoch | | iat | [uint64](#uint64) | | Issued at Epoch | ### Message XHeader Extended headers for Request/Response. They may contain any user-defined headers to be interpreted on application level. Key name must be a unique valid UTF-8 string. Value can't be empty. Requests or Responses with duplicated header names or headers with empty values will be considered invalid. There are some "well-known" headers starting with `__SYSTEM__` prefix that affect system behaviour: * [ __SYSTEM__NETMAP_EPOCH ] \ Netmap epoch to use for object placement calculation. The `value` is string encoded `uint64` in decimal presentation. If set to '0' or not set, the current epoch only will be used. * [ __SYSTEM__NETMAP_LOOKUP_DEPTH ] \ If object can't be found using current epoch's netmap, this header limits how many past epochs the node can look up through. The `value` is string encoded `uint64` in decimal presentation. If set to '0' or not set, only the current epoch will be used. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | key | [string](#string) | | Key of the X-Header | | value | [string](#string) | | Value of the X-Header | ### ContainerSessionContext.Verb Container request verbs | Name | Number | Description | | ---- | ------ | ----------- | | VERB_UNSPECIFIED | 0 | Unknown verb | | PUT | 1 | Refers to container.Put RPC call | | DELETE | 2 | Refers to container.Delete RPC call | | SETEACL | 3 | Refers to container.SetExtendedACL RPC call | ### ObjectSessionContext.Verb Object request verbs | Name | Number | Description | | ---- | ------ | ----------- | | VERB_UNSPECIFIED | 0 | Unknown verb | | PUT | 1 | Refers to object.Put RPC call | | GET | 2 | Refers to object.Get RPC call | | HEAD | 3 | Refers to object.Head RPC call | | SEARCH | 4 | Refers to object.Search RPC call | | DELETE | 5 | Refers to object.Delete RPC call | | RANGE | 6 | Refers to object.GetRange RPC call | | RANGEHASH | 7 | Refers to object.GetRangeHash RPC call | | PATCH | 8 | Refers to object.Patch RPC call | ## Scalar Value Types | .proto Type | Notes | C++ Type | Java Type | Python Type | | ----------- | ----- | -------- | --------- | ----------- | | double | | double | double | float | | float | | float | float | float | | int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | | int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | | uint32 | Uses variable-length encoding. | uint32 | int | int/long | | uint64 | Uses variable-length encoding. | uint64 | long | int/long | | sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | | sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | | fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | | fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | | sfixed32 | Always four bytes. | int32 | int | int | | sfixed64 | Always eight bytes. | int64 | long | int/long | | bool | | bool | boolean | boolean | | string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | | bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |