forked from TrueCloudLab/frostfs-api
18b698d429
With new ACL conception, access control lists in NeoFS defined as a required basic ACL and optional extended ACL. Basic ACL must be set up in container structure. It is a bit mask stored in 32-bit unsigned integer. Seven nibbles represent seven object operations: get, put, head, search, delete, range, range-hash. Every nibble defines access rules for three targets: user, owner, others and has permission bit for bearer token. There is a permission bit for extended ACL and three unused bits.
24 lines
1.1 KiB
Protocol Buffer
24 lines
1.1 KiB
Protocol Buffer
syntax = "proto3";
|
|
package container;
|
|
option go_package = "github.com/nspcc-dev/neofs-api-go/container";
|
|
option csharp_namespace = "NeoFS.API.Container";
|
|
|
|
import "github.com/nspcc-dev/netmap/selector.proto";
|
|
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
|
|
|
option (gogoproto.stable_marshaler_all) = true;
|
|
|
|
// The Container service definition.
|
|
message Container {
|
|
// OwnerID is a wallet address.
|
|
bytes OwnerID = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
|
|
// Salt is a nonce for unique container id calculation.
|
|
bytes Salt = 2 [(gogoproto.customtype) = "UUID", (gogoproto.nullable) = false];
|
|
// Capacity defines amount of data that can be stored in the container (doesn't used for now).
|
|
uint64 Capacity = 3;
|
|
// Rules define storage policy for the object inside the container.
|
|
netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
|
|
// BasicACL with access control rules for owner, system, others and
|
|
// permission bits for bearer token and extended ACL.
|
|
uint32 BasicACL = 5;
|
|
}
|