From 4abd71f99b1830b4f58f45e10daddf9f3538a1ad Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 14:38:34 +0300 Subject: [PATCH 1/7] object: Define RequestType for object service requests --- object/types.go | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/object/types.go b/object/types.go index de909a8..cde1f25 100644 --- a/object/types.go +++ b/object/types.go @@ -28,7 +28,10 @@ type ( PRead(ctx context.Context, addr refs.Address, rng Range) ([]byte, error) } - headerType int + // RequestType of the object service requests. + RequestType int + + headerType int ) const ( @@ -71,12 +74,52 @@ const ( PublicKeyHdr ) +const ( + _ RequestType = iota + // RequestPut is a type for object put request. + RequestPut + // RequestGet is a type for object get request. + RequestGet + // RequestHead is a type for object head request. + RequestHead + // RequestSearch is a type for object search request. + RequestSearch + // RequestRange is a type for object range request. + RequestRange + // RequestRangeHash is a type for object hash range request. + RequestRangeHash + // RequestDelete is a type for object delete request. + RequestDelete +) + var ( _ internal.Custom = (*Object)(nil) emptyObject = new(Object).Bytes() ) +// String returns printable name of the request type. +func (s RequestType) String() string { + switch s { + case RequestPut: + return "PUT" + case RequestGet: + return "GET" + case RequestHead: + return "HEAD" + case RequestSearch: + return "SEARCH" + case RequestRange: + return "RANGE" + case RequestRangeHash: + return "RANGE_HASH" + case RequestDelete: + return "DELETE" + default: + return "UNKNOWN" + } +} + // Bytes returns marshaled object in a binary format. func (m Object) Bytes() []byte { data, _ := m.Marshal(); return data } From 1e513625f1564c1c0d21878057cabcd46b154207 Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 14:52:08 +0300 Subject: [PATCH 2/7] object: Add `Type()` in `Request` interface BasicACL have set of rules for every request type. ACL will be processed before any request specific handlers. Therefore we need to determine request type in generic request interface, which is used in pre-processors of object service implementation. --- object/service.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/object/service.go b/object/service.go index 589bd95..3a2ca08 100644 --- a/object/service.go +++ b/object/service.go @@ -28,12 +28,13 @@ type ( Token = session.Token // Request defines object rpc requests. - // All object operations must have TTL, Epoch, Container ID and + // All object operations must have TTL, Epoch, Type, Container ID and // permission of usage previous network map. Request interface { service.MetaHeader CID() CID + Type() RequestType AllowPreviousNetMap() bool } ) @@ -169,3 +170,24 @@ func (m *GetRangeRequest) AllowPreviousNetMap() bool { return false } // AllowPreviousNetMap returns permission to use previous network map in object get range hash request. func (m *GetRangeHashRequest) AllowPreviousNetMap() bool { return false } + +// Type returns type of the object put request. +func (m *PutRequest) Type() RequestType { return RequestPut } + +// Type returns type of the object get request. +func (m *GetRequest) Type() RequestType { return RequestGet } + +// Type returns type of the object head request. +func (m *HeadRequest) Type() RequestType { return RequestHead } + +// Type returns type of the object search request. +func (m *SearchRequest) Type() RequestType { return RequestSearch } + +// Type returns type of the object delete request. +func (m *DeleteRequest) Type() RequestType { return RequestDelete } + +// Type returns type of the object get range request. +func (m *GetRangeRequest) Type() RequestType { return RequestRange } + +// Type returns type of the object get range hash request. +func (m *GetRangeHashRequest) Type() RequestType { return RequestRangeHash } From 55b75a0dae7dfa1ab610b1f9af70d5ec0db8d324 Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 15:05:48 +0300 Subject: [PATCH 3/7] object: Add test for object request type --- object/service_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/object/service_test.go b/object/service_test.go index f06e557..46213e2 100644 --- a/object/service_test.go +++ b/object/service_test.go @@ -18,11 +18,22 @@ func TestRequest(t *testing.T) { &GetRangeHashRequest{}, } + types := []RequestType{ + RequestPut, + RequestGet, + RequestHead, + RequestSearch, + RequestDelete, + RequestRange, + RequestRangeHash, + } + for i := range cases { v := cases[i] t.Run(fmt.Sprintf("%T", v), func(t *testing.T) { require.NotPanics(t, func() { v.CID() }) + require.Equal(t, types[i], v.Type()) }) } } From 48c55886509ced36c53916ebf29eb32c47b07ea6 Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 15:15:59 +0300 Subject: [PATCH 4/7] proto: Update proto library to v0.6.0 --- Makefile | 2 +- acl/types.pb.go | 88 +++++++ acl/types.proto | 27 +++ container/service.pb.go | 128 +++++----- container/service.proto | 4 +- container/types.pb.go | 512 +++------------------------------------- container/types.proto | 17 +- 7 files changed, 214 insertions(+), 564 deletions(-) create mode 100644 acl/types.pb.go create mode 100644 acl/types.proto diff --git a/Makefile b/Makefile index 84583ff..9b02a6e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PROTO_VERSION=v0.5.0 +PROTO_VERSION=v0.6.0 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz B=\033[0;1m diff --git a/acl/types.pb.go b/acl/types.pb.go new file mode 100644 index 0000000..bcbd199 --- /dev/null +++ b/acl/types.pb.go @@ -0,0 +1,88 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: acl/types.proto + +package acl + +import ( + fmt "fmt" + _ "github.com/gogo/protobuf/gogoproto" + proto "github.com/golang/protobuf/proto" + math "math" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// Target of the access control rule in access control list. +type Target int32 + +const ( + // Unknown target, default value. + Target_Unknown Target = 0 + // User target rule is applied if sender is the owner of the container. + Target_User Target = 1 + // System target rule is applied if sender is the storage node within the + // container or inner ring node. + Target_System Target = 2 + // Others target rule is applied if sender is not user or system target. + Target_Others Target = 3 + // PubKey target rule is applied if sender has public key provided in + // extended ACL. + Target_PubKey Target = 4 +) + +var Target_name = map[int32]string{ + 0: "Unknown", + 1: "User", + 2: "System", + 3: "Others", + 4: "PubKey", +} + +var Target_value = map[string]int32{ + "Unknown": 0, + "User": 1, + "System": 2, + "Others": 3, + "PubKey": 4, +} + +func (x Target) String() string { + return proto.EnumName(Target_name, int32(x)) +} + +func (Target) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9b63aff5f3a35e32, []int{0} +} + +func init() { + proto.RegisterEnum("acl.Target", Target_name, Target_value) +} + +func init() { proto.RegisterFile("acl/types.proto", fileDescriptor_9b63aff5f3a35e32) } + +var fileDescriptor_9b63aff5f3a35e32 = []byte{ + // 216 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4f, 0x4c, 0xce, 0xd1, + 0x2f, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x4e, 0x4c, 0xce, + 0x91, 0xd2, 0x4d, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0x4f, + 0xcf, 0xd7, 0x07, 0xcb, 0x25, 0x95, 0xa6, 0x81, 0x79, 0x60, 0x0e, 0x98, 0x05, 0xd1, 0xa3, 0xe5, + 0xcc, 0xc5, 0x16, 0x92, 0x58, 0x94, 0x9e, 0x5a, 0x22, 0xc4, 0xcd, 0xc5, 0x1e, 0x9a, 0x97, 0x9d, + 0x97, 0x5f, 0x9e, 0x27, 0xc0, 0x20, 0xc4, 0xc1, 0xc5, 0x12, 0x5a, 0x9c, 0x5a, 0x24, 0xc0, 0x28, + 0xc4, 0xc5, 0xc5, 0x16, 0x5c, 0x59, 0x5c, 0x92, 0x9a, 0x2b, 0xc0, 0x04, 0x62, 0xfb, 0x97, 0x64, + 0xa4, 0x16, 0x15, 0x0b, 0x30, 0x83, 0xd8, 0x01, 0xa5, 0x49, 0xde, 0xa9, 0x95, 0x02, 0x2c, 0x4e, + 0xde, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0x78, 0xe3, 0x91, 0x1c, 0xe3, 0x83, 0x47, + 0x72, 0x8c, 0x33, 0x1e, 0xcb, 0x31, 0x44, 0xa9, 0x22, 0xb9, 0x24, 0xaf, 0xb8, 0x20, 0x39, 0x59, + 0x37, 0x25, 0xb5, 0x4c, 0x3f, 0x2f, 0x35, 0x3f, 0xad, 0x58, 0x37, 0xb1, 0x20, 0x53, 0x37, 0x3d, + 0x5f, 0x3f, 0x31, 0x39, 0x67, 0x15, 0x13, 0xaf, 0x5f, 0x6a, 0xbe, 0x5b, 0xb0, 0x9e, 0x63, 0x80, + 0xa7, 0x9e, 0x63, 0x72, 0x4e, 0x12, 0x1b, 0xd8, 0x61, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xb3, 0xda, 0x09, 0x81, 0xdf, 0x00, 0x00, 0x00, +} diff --git a/acl/types.proto b/acl/types.proto new file mode 100644 index 0000000..f20423f --- /dev/null +++ b/acl/types.proto @@ -0,0 +1,27 @@ +syntax = "proto3"; +package acl; +option go_package = "github.com/nspcc-dev/neofs-api-go/acl"; +option csharp_namespace = "NeoFS.API.Acl"; + +import "github.com/gogo/protobuf/gogoproto/gogo.proto"; +option (gogoproto.stable_marshaler_all) = true; + +// Target of the access control rule in access control list. +enum Target { + // Unknown target, default value. + Unknown = 0; + + // User target rule is applied if sender is the owner of the container. + User = 1; + + // System target rule is applied if sender is the storage node within the + // container or inner ring node. + System = 2; + + // Others target rule is applied if sender is not user or system target. + Others = 3; + + // PubKey target rule is applied if sender has public key provided in + // extended ACL. + PubKey = 4; +} diff --git a/container/service.pb.go b/container/service.pb.go index 8698925..6131254 100644 --- a/container/service.pb.go +++ b/container/service.pb.go @@ -38,8 +38,8 @@ type PutRequest struct { OwnerID OwnerID `protobuf:"bytes,3,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"` // Rules define storage policy for the object inside the container. Rules netmap.PlacementRule `protobuf:"bytes,4,opt,name=rules,proto3" json:"rules"` - // Container ACL. - Group AccessGroup `protobuf:"bytes,5,opt,name=Group,proto3" json:"Group"` + // BasicACL of the container. + BasicACL uint32 `protobuf:"varint,5,opt,name=BasicACL,proto3" json:"BasicACL,omitempty"` // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"` // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) @@ -92,11 +92,11 @@ func (m *PutRequest) GetRules() netmap.PlacementRule { return netmap.PlacementRule{} } -func (m *PutRequest) GetGroup() AccessGroup { +func (m *PutRequest) GetBasicACL() uint32 { if m != nil { - return m.Group + return m.BasicACL } - return AccessGroup{} + return 0 } type PutResponse struct { @@ -391,45 +391,45 @@ func init() { func init() { proto.RegisterFile("container/service.proto", fileDescriptor_e1fa9d7ab2e7ae06) } var fileDescriptor_e1fa9d7ab2e7ae06 = []byte{ - // 599 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x54, 0xcb, 0x6e, 0xd3, 0x40, - 0x14, 0xed, 0x34, 0xe9, 0xeb, 0xba, 0xbc, 0x86, 0x3e, 0x8c, 0x25, 0xd2, 0xca, 0xab, 0xf2, 0x88, - 0x2d, 0x42, 0x25, 0xd8, 0xb0, 0x68, 0x1a, 0x51, 0x2a, 0x51, 0x88, 0x5c, 0x09, 0x24, 0x76, 0xce, - 0xf4, 0x26, 0x58, 0x4a, 0x3c, 0xc6, 0x33, 0x0e, 0xca, 0x9f, 0xf0, 0x0d, 0x20, 0xb1, 0xe6, 0x13, - 0xba, 0xec, 0x12, 0xb1, 0x88, 0x50, 0x58, 0x22, 0xfe, 0x01, 0x79, 0xfc, 0x4c, 0x5a, 0x60, 0x59, - 0xb1, 0xb1, 0x66, 0xce, 0xb9, 0xe7, 0xbe, 0x3d, 0xb0, 0xc9, 0xb8, 0x2f, 0x5d, 0xcf, 0xc7, 0xd0, - 0x16, 0x18, 0x0e, 0x3d, 0x86, 0x56, 0x10, 0x72, 0xc9, 0xe9, 0x4a, 0x4e, 0x18, 0x34, 0x65, 0xec, - 0x01, 0x4a, 0x37, 0xa1, 0x8d, 0xb5, 0x0c, 0x1b, 0x62, 0xe8, 0x75, 0x47, 0x29, 0xba, 0x5e, 0x78, - 0x93, 0xa3, 0x00, 0x45, 0x0a, 0xdf, 0xed, 0x79, 0xf2, 0x6d, 0xd4, 0xb1, 0x18, 0x1f, 0xd8, 0xbe, - 0x08, 0x18, 0xab, 0x9f, 0xe0, 0xd0, 0xf6, 0x51, 0x0e, 0xdc, 0xc0, 0x16, 0xd8, 0x47, 0x26, 0x79, - 0x98, 0xda, 0xd6, 0x4b, 0xb6, 0x3d, 0xde, 0xe3, 0xb6, 0x82, 0x3b, 0x51, 0x57, 0xdd, 0xd4, 0x45, - 0x9d, 0x12, 0x73, 0xf3, 0xe7, 0x3c, 0x40, 0x3b, 0x92, 0x0e, 0xbe, 0x8b, 0x50, 0x48, 0x6a, 0xc3, - 0xca, 0x11, 0x0a, 0xe1, 0xf6, 0xf0, 0xb0, 0xa5, 0x93, 0x6d, 0xb2, 0xb3, 0xda, 0xbc, 0x71, 0x3a, - 0xde, 0x9a, 0xfb, 0x36, 0xde, 0x2a, 0x08, 0xa7, 0x38, 0x52, 0x03, 0x96, 0xf7, 0xdd, 0xc0, 0x65, - 0x9e, 0x1c, 0xe9, 0xf3, 0xdb, 0x64, 0xa7, 0xea, 0xe4, 0x77, 0x7a, 0x07, 0x96, 0x5e, 0xbe, 0xf7, - 0x31, 0x3c, 0x6c, 0xe9, 0x15, 0xe5, 0xea, 0x5a, 0xea, 0x2a, 0x83, 0x9d, 0xec, 0x40, 0x1f, 0xc0, - 0x42, 0x18, 0xf5, 0x51, 0xe8, 0xd5, 0x6d, 0xb2, 0xa3, 0x35, 0xd6, 0xad, 0xa4, 0x38, 0xab, 0xdd, - 0x77, 0x19, 0x0e, 0xd0, 0x97, 0x4e, 0xd4, 0xc7, 0x66, 0x35, 0xd6, 0x3b, 0x89, 0x25, 0x6d, 0xc0, - 0xc2, 0x41, 0xc8, 0xa3, 0x40, 0x5f, 0x50, 0x92, 0x0d, 0x2b, 0xef, 0x9d, 0xb5, 0xc7, 0x18, 0x0a, - 0xa1, 0xd8, 0x4c, 0xa3, 0x2e, 0xf4, 0x31, 0x54, 0x8f, 0x50, 0xba, 0x7a, 0x47, 0x49, 0x0c, 0x2b, - 0x1b, 0x59, 0x5a, 0x7e, 0xcc, 0x3d, 0x43, 0xf7, 0x04, 0xc3, 0xe6, 0x72, 0x2c, 0x3b, 0x1b, 0x6f, - 0x11, 0x47, 0x29, 0x68, 0x0b, 0x16, 0x5f, 0xa9, 0x49, 0xe9, 0x4c, 0x69, 0xcd, 0x59, 0xad, 0x62, - 0x3d, 0xe6, 0x4a, 0x8f, 0xfb, 0xe7, 0x7c, 0xa4, 0x5a, 0xf3, 0x3e, 0x68, 0xaa, 0xd9, 0x22, 0xe0, - 0xbe, 0x40, 0x7a, 0x1b, 0x2a, 0xfb, 0x79, 0x9f, 0xb5, 0xb4, 0x39, 0x31, 0xe4, 0xc4, 0x1f, 0xf3, - 0x33, 0x81, 0x2b, 0x2d, 0xec, 0xa3, 0xc4, 0x6c, 0x3c, 0x7f, 0x17, 0x5c, 0x7a, 0x79, 0xd7, 0xe1, - 0x6a, 0x96, 0x6f, 0x52, 0xa1, 0xf9, 0x89, 0x00, 0x1c, 0xa0, 0xfc, 0x4f, 0xf2, 0xdf, 0x03, 0x4d, - 0x25, 0x9b, 0x8e, 0xa7, 0x01, 0x2b, 0xfb, 0xd9, 0x4e, 0xa9, 0x9c, 0xb5, 0xc6, 0x5a, 0x69, 0xcb, - 0x72, 0xce, 0x29, 0xcc, 0xcc, 0x2f, 0x04, 0xb4, 0xe7, 0x9e, 0xc8, 0x2b, 0x2e, 0xfd, 0x03, 0xe4, - 0x1f, 0xff, 0xc0, 0x65, 0x57, 0x5f, 0x87, 0xd5, 0x24, 0xf3, 0xd9, 0xed, 0xac, 0x5c, 0x34, 0xac, - 0xc6, 0x2f, 0x02, 0x4b, 0xc7, 0x49, 0x18, 0xba, 0x0b, 0x95, 0x76, 0x24, 0xe9, 0x7a, 0xa9, 0x3b, - 0xc5, 0xa3, 0x62, 0x6c, 0xcc, 0xc2, 0x69, 0x80, 0x27, 0xb0, 0x98, 0xac, 0x0b, 0xd5, 0x4b, 0x16, - 0x53, 0x1b, 0x6f, 0xdc, 0xba, 0x80, 0x49, 0xe5, 0xbb, 0x50, 0x39, 0xc0, 0xe9, 0xa0, 0xc5, 0xaa, - 0x4d, 0x05, 0x2d, 0x0f, 0xf5, 0x11, 0x54, 0xe3, 0x2a, 0x69, 0x99, 0x2f, 0x0d, 0xcc, 0xd8, 0x3c, - 0x87, 0x27, 0xc2, 0xe6, 0xeb, 0xd3, 0x49, 0x8d, 0x9c, 0x4d, 0x6a, 0xe4, 0xeb, 0xa4, 0x46, 0xbe, - 0x4f, 0x6a, 0xe4, 0xc3, 0x8f, 0xda, 0xdc, 0x9b, 0x7b, 0x7f, 0x78, 0x9a, 0x79, 0x57, 0xd4, 0xdd, - 0xc0, 0xab, 0xf7, 0xb8, 0x9d, 0xfb, 0xfb, 0x38, 0x7f, 0xf3, 0x05, 0xf2, 0xa7, 0xc7, 0xd6, 0x5e, - 0xfb, 0xb0, 0xd8, 0x9e, 0xce, 0xa2, 0x7a, 0x89, 0x1f, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x4c, - 0xfc, 0xa5, 0x37, 0x4b, 0x06, 0x00, 0x00, + // 596 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x54, 0xcb, 0x6e, 0xd3, 0x4c, + 0x14, 0xee, 0x34, 0xe9, 0xed, 0xb8, 0xfd, 0x7f, 0x18, 0x5a, 0x6a, 0x2c, 0x91, 0x46, 0x5e, 0x85, + 0x4b, 0x6c, 0x11, 0x2a, 0xc1, 0x86, 0x45, 0x93, 0x88, 0x52, 0xa9, 0x85, 0xc8, 0x95, 0x40, 0x62, + 0x37, 0x71, 0x4f, 0x83, 0xa5, 0xc4, 0x63, 0x3c, 0xe3, 0xa2, 0xbe, 0x09, 0xcf, 0x00, 0x12, 0x6b, + 0x1e, 0xa1, 0xcb, 0x4a, 0x6c, 0x10, 0x8b, 0x08, 0x85, 0x35, 0xef, 0x80, 0x3c, 0xbe, 0x26, 0x2d, + 0xb0, 0xac, 0xd8, 0x58, 0x33, 0xdf, 0x77, 0xbe, 0x73, 0xf7, 0xc0, 0xa6, 0xcb, 0x7d, 0xc9, 0x3c, + 0x1f, 0x43, 0x5b, 0x60, 0x78, 0xe2, 0xb9, 0x68, 0x05, 0x21, 0x97, 0x9c, 0xae, 0xe4, 0x84, 0x41, + 0x53, 0xc6, 0x1e, 0xa1, 0x64, 0x09, 0x6d, 0xac, 0x67, 0xd8, 0x09, 0x86, 0xde, 0xf1, 0x69, 0x8a, + 0x6e, 0x14, 0xde, 0xe4, 0x69, 0x80, 0x22, 0x85, 0xef, 0x0e, 0x3c, 0xf9, 0x26, 0xea, 0x5b, 0x2e, + 0x1f, 0xd9, 0xbe, 0x08, 0x5c, 0xb7, 0x79, 0x84, 0x27, 0xb6, 0x8f, 0x72, 0xc4, 0x02, 0x5b, 0xe0, + 0x10, 0x5d, 0xc9, 0xc3, 0xd4, 0xb6, 0x59, 0xb2, 0x1d, 0xf0, 0x01, 0xb7, 0x15, 0xdc, 0x8f, 0x8e, + 0xd5, 0x4d, 0x5d, 0xd4, 0x29, 0x31, 0x37, 0xbf, 0xcc, 0x03, 0xf4, 0x22, 0xe9, 0xe0, 0xdb, 0x08, + 0x85, 0xa4, 0x36, 0xac, 0x1c, 0xa0, 0x10, 0x6c, 0x80, 0x7b, 0x5d, 0x9d, 0xd4, 0x49, 0x63, 0xb5, + 0x7d, 0xfd, 0x6c, 0xbc, 0x35, 0xf7, 0x6d, 0xbc, 0x55, 0x10, 0x4e, 0x71, 0xa4, 0x06, 0x2c, 0x77, + 0x58, 0xc0, 0x5c, 0x4f, 0x9e, 0xea, 0xf3, 0x75, 0xd2, 0xa8, 0x3a, 0xf9, 0x9d, 0xde, 0x81, 0xa5, + 0x17, 0xef, 0x7c, 0x0c, 0xf7, 0xba, 0x7a, 0x45, 0xb9, 0xfa, 0x3f, 0x75, 0x95, 0xc1, 0x4e, 0x76, + 0xa0, 0x0f, 0x60, 0x21, 0x8c, 0x86, 0x28, 0xf4, 0x6a, 0x9d, 0x34, 0xb4, 0xd6, 0x86, 0x95, 0x14, + 0x67, 0xf5, 0x86, 0xcc, 0xc5, 0x11, 0xfa, 0xd2, 0x89, 0x86, 0xd8, 0xae, 0xc6, 0x7a, 0x27, 0xb1, + 0x8c, 0x23, 0xb7, 0x99, 0xf0, 0xdc, 0x9d, 0xce, 0xbe, 0xbe, 0x50, 0x27, 0x8d, 0x35, 0x27, 0xbf, + 0xd3, 0xc7, 0x50, 0x3d, 0x40, 0xc9, 0xf4, 0xbe, 0xf2, 0x66, 0x58, 0xd9, 0x68, 0xd2, 0x32, 0x63, + 0xee, 0x19, 0xb2, 0x23, 0x0c, 0xdb, 0xcb, 0xb1, 0xcb, 0xf3, 0xf1, 0x16, 0x71, 0x94, 0x82, 0x76, + 0x61, 0xf1, 0xa5, 0x9a, 0x88, 0xee, 0x2a, 0xad, 0x39, 0xab, 0x55, 0xac, 0xe7, 0x32, 0xe9, 0x71, + 0xff, 0x82, 0x8f, 0x54, 0x6b, 0xde, 0x07, 0x4d, 0x35, 0x55, 0x04, 0xdc, 0x17, 0x48, 0x6f, 0x43, + 0xa5, 0x93, 0xf7, 0x53, 0x4b, 0x9b, 0x10, 0x43, 0x4e, 0xfc, 0x31, 0x3f, 0x11, 0x58, 0xeb, 0xe2, + 0x10, 0x25, 0x66, 0x63, 0xf8, 0xb3, 0xe0, 0xca, 0xcb, 0xbb, 0x06, 0xff, 0x65, 0xf9, 0x26, 0x15, + 0x9a, 0x1f, 0x09, 0xc0, 0x2e, 0xca, 0x7f, 0x24, 0xff, 0x1d, 0xd0, 0x54, 0xb2, 0xe9, 0x78, 0x5a, + 0xb0, 0xd2, 0xc9, 0xfe, 0x3b, 0x95, 0xb3, 0xd6, 0x5a, 0xb7, 0xf2, 0x3f, 0xd1, 0xca, 0x39, 0xa7, + 0x30, 0x33, 0x3f, 0x13, 0xd0, 0xf6, 0x3d, 0x91, 0x57, 0x5c, 0xda, 0x75, 0xf2, 0x97, 0x5d, 0xbf, + 0xea, 0xea, 0x9b, 0xb0, 0x9a, 0x64, 0x3e, 0xbb, 0x9d, 0x95, 0xcb, 0x86, 0xd5, 0xfa, 0x49, 0x60, + 0xe9, 0x30, 0x09, 0x43, 0xb7, 0xa1, 0xd2, 0x8b, 0x24, 0xdd, 0x28, 0x75, 0xa7, 0x78, 0x3c, 0x8c, + 0x9b, 0xb3, 0x70, 0x1a, 0xe0, 0x09, 0x2c, 0x26, 0xeb, 0x42, 0xf5, 0x92, 0xc5, 0xd4, 0xc6, 0x1b, + 0xb7, 0x2e, 0x61, 0x52, 0xf9, 0x36, 0x54, 0x76, 0x71, 0x3a, 0x68, 0xb1, 0x6a, 0x53, 0x41, 0xcb, + 0x43, 0x7d, 0x04, 0xd5, 0xb8, 0x4a, 0x5a, 0xe6, 0x4b, 0x03, 0x33, 0x36, 0x2f, 0xe0, 0x89, 0xb0, + 0xfd, 0xea, 0x6c, 0x52, 0x23, 0xe7, 0x93, 0x1a, 0xf9, 0x3a, 0xa9, 0x91, 0xef, 0x93, 0x1a, 0x79, + 0xff, 0xa3, 0x36, 0xf7, 0xfa, 0xde, 0x6f, 0x9e, 0x60, 0x7e, 0x2c, 0x9a, 0x2c, 0xf0, 0x9a, 0x03, + 0x6e, 0xe7, 0xfe, 0x3e, 0xcc, 0xdf, 0x78, 0x8e, 0xfc, 0xe9, 0xa1, 0xb5, 0xd3, 0xdb, 0x2b, 0xb6, + 0xa7, 0xbf, 0xa8, 0x5e, 0xdc, 0x87, 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x5b, 0x68, 0x23, 0x86, + 0x33, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -682,16 +682,11 @@ func (m *PutRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x6 i-- dAtA[i] = 0x92 - { - size, err := m.Group.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintService(dAtA, i, uint64(size)) + if m.BasicACL != 0 { + i = encodeVarintService(dAtA, i, uint64(m.BasicACL)) + i-- + dAtA[i] = 0x28 } - i-- - dAtA[i] = 0x2a { size, err := m.Rules.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1083,8 +1078,9 @@ func (m *PutRequest) Size() (n int) { n += 1 + l + sovService(uint64(l)) l = m.Rules.Size() n += 1 + l + sovService(uint64(l)) - l = m.Group.Size() - n += 1 + l + sovService(uint64(l)) + if m.BasicACL != 0 { + n += 1 + sovService(uint64(m.BasicACL)) + } l = m.RequestMetaHeader.Size() n += 2 + l + sovService(uint64(l)) l = m.RequestVerificationHeader.Size() @@ -1363,10 +1359,10 @@ func (m *PutRequest) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field BasicACL", wireType) } - var msglen int + m.BasicACL = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowService @@ -1376,25 +1372,11 @@ func (m *PutRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + m.BasicACL |= uint32(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { - return ErrInvalidLengthService - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthService - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Group.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex case 98: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType) diff --git a/container/service.proto b/container/service.proto index bccf924..7df2c66 100644 --- a/container/service.proto +++ b/container/service.proto @@ -42,8 +42,8 @@ message PutRequest { // Rules define storage policy for the object inside the container. netmap.PlacementRule rules = 4 [(gogoproto.nullable) = false]; - // Container ACL. - AccessGroup Group = 5 [(gogoproto.nullable) = false]; + // BasicACL of the container. + uint32 BasicACL = 5; // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; diff --git a/container/types.pb.go b/container/types.pb.go index bfb7fa7..391656c 100644 --- a/container/types.pb.go +++ b/container/types.pb.go @@ -34,11 +34,12 @@ type Container struct { Capacity uint64 `protobuf:"varint,3,opt,name=Capacity,proto3" json:"Capacity,omitempty"` // Rules define storage policy for the object inside the container. Rules netmap.PlacementRule `protobuf:"bytes,4,opt,name=Rules,proto3" json:"Rules"` - // Container ACL. - List AccessControlList `protobuf:"bytes,5,opt,name=List,proto3" json:"List"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // BasicACL with access control rules for owner, system, others and + // permission bits for bearer token and extended ACL. + BasicACL uint32 `protobuf:"varint,5,opt,name=BasicACL,proto3" json:"BasicACL,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Container) Reset() { *m = Container{} } @@ -84,138 +85,41 @@ func (m *Container) GetRules() netmap.PlacementRule { return netmap.PlacementRule{} } -func (m *Container) GetList() AccessControlList { +func (m *Container) GetBasicACL() uint32 { if m != nil { - return m.List - } - return AccessControlList{} -} - -type AccessGroup struct { - // Group access mode. - AccessMode uint32 `protobuf:"varint,1,opt,name=AccessMode,proto3" json:"AccessMode,omitempty"` - // Group members. - UserGroup []OwnerID `protobuf:"bytes,2,rep,name=UserGroup,proto3,customtype=OwnerID" json:"UserGroup"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *AccessGroup) Reset() { *m = AccessGroup{} } -func (m *AccessGroup) String() string { return proto.CompactTextString(m) } -func (*AccessGroup) ProtoMessage() {} -func (*AccessGroup) Descriptor() ([]byte, []int) { - return fileDescriptor_1432e52ab0b53e3e, []int{1} -} -func (m *AccessGroup) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AccessGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AccessGroup) XXX_Merge(src proto.Message) { - xxx_messageInfo_AccessGroup.Merge(m, src) -} -func (m *AccessGroup) XXX_Size() int { - return m.Size() -} -func (m *AccessGroup) XXX_DiscardUnknown() { - xxx_messageInfo_AccessGroup.DiscardUnknown(m) -} - -var xxx_messageInfo_AccessGroup proto.InternalMessageInfo - -func (m *AccessGroup) GetAccessMode() uint32 { - if m != nil { - return m.AccessMode + return m.BasicACL } return 0 } -type AccessControlList struct { - // List of access groups. - List []AccessGroup `protobuf:"bytes,1,rep,name=List,proto3" json:"List"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *AccessControlList) Reset() { *m = AccessControlList{} } -func (m *AccessControlList) String() string { return proto.CompactTextString(m) } -func (*AccessControlList) ProtoMessage() {} -func (*AccessControlList) Descriptor() ([]byte, []int) { - return fileDescriptor_1432e52ab0b53e3e, []int{2} -} -func (m *AccessControlList) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AccessControlList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AccessControlList) XXX_Merge(src proto.Message) { - xxx_messageInfo_AccessControlList.Merge(m, src) -} -func (m *AccessControlList) XXX_Size() int { - return m.Size() -} -func (m *AccessControlList) XXX_DiscardUnknown() { - xxx_messageInfo_AccessControlList.DiscardUnknown(m) -} - -var xxx_messageInfo_AccessControlList proto.InternalMessageInfo - -func (m *AccessControlList) GetList() []AccessGroup { - if m != nil { - return m.List - } - return nil -} - func init() { proto.RegisterType((*Container)(nil), "container.Container") - proto.RegisterType((*AccessGroup)(nil), "container.AccessGroup") - proto.RegisterType((*AccessControlList)(nil), "container.AccessControlList") } func init() { proto.RegisterFile("container/types.proto", fileDescriptor_1432e52ab0b53e3e) } var fileDescriptor_1432e52ab0b53e3e = []byte{ - // 393 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0x4d, 0x6b, 0xe2, 0x40, - 0x1c, 0xc6, 0x1d, 0x8d, 0xbb, 0xeb, 0xe8, 0xb2, 0xec, 0x2c, 0x2e, 0x41, 0x96, 0x18, 0x3c, 0x65, - 0x77, 0xc9, 0x64, 0xd7, 0x42, 0xef, 0xbe, 0xb4, 0x45, 0xe8, 0x8b, 0x44, 0xa4, 0x50, 0x7a, 0x89, - 0xe3, 0x98, 0x06, 0x62, 0x26, 0x64, 0x26, 0x2d, 0x7e, 0x93, 0x7e, 0x86, 0x7e, 0x12, 0x8f, 0x3d, - 0x96, 0x1e, 0x6c, 0x49, 0xbf, 0x48, 0xc9, 0x44, 0x53, 0xc1, 0xf6, 0x36, 0xcf, 0x33, 0xbf, 0x67, - 0xe6, 0xff, 0x02, 0xeb, 0x84, 0x05, 0xc2, 0xf1, 0x02, 0x1a, 0x59, 0x62, 0x11, 0x52, 0x8e, 0xc3, - 0x88, 0x09, 0x86, 0x2a, 0xb9, 0xdd, 0xf8, 0xe3, 0x7a, 0xe2, 0x2a, 0x9e, 0x60, 0xc2, 0xe6, 0x56, - 0xc0, 0x43, 0x42, 0xcc, 0x29, 0xbd, 0xb6, 0x02, 0x2a, 0xe6, 0x4e, 0x68, 0x71, 0xea, 0x53, 0x22, - 0x58, 0x94, 0xc5, 0x1a, 0xe6, 0x16, 0xeb, 0x32, 0x97, 0x59, 0xd2, 0x9e, 0xc4, 0x33, 0xa9, 0xa4, - 0x90, 0xa7, 0x0c, 0x6f, 0x3d, 0x01, 0x58, 0xe9, 0x6d, 0x3e, 0x42, 0xbf, 0xe1, 0xe7, 0xb3, 0x9b, - 0x80, 0x46, 0x83, 0xbe, 0x0a, 0x74, 0x60, 0xd4, 0xba, 0xdf, 0x96, 0xab, 0x66, 0xe1, 0x71, 0xd5, - 0xdc, 0xd8, 0xf6, 0xe6, 0x80, 0x74, 0xa8, 0x8c, 0x1c, 0x5f, 0xa8, 0x45, 0xc9, 0xd5, 0xd6, 0x9c, - 0x32, 0x1e, 0x0f, 0xfa, 0xb6, 0xbc, 0x41, 0x0d, 0xf8, 0xa5, 0xe7, 0x84, 0x0e, 0xf1, 0xc4, 0x42, - 0x2d, 0xe9, 0xc0, 0x50, 0xec, 0x5c, 0xa3, 0xff, 0xb0, 0x6c, 0xc7, 0x3e, 0xe5, 0xaa, 0xa2, 0x03, - 0xa3, 0xda, 0xae, 0xe3, 0xac, 0x19, 0x3c, 0xf4, 0x1d, 0x42, 0xe7, 0x34, 0x10, 0xe9, 0x6d, 0x57, - 0x49, 0x5f, 0xb5, 0x33, 0x12, 0xed, 0x43, 0xe5, 0xd8, 0xe3, 0x42, 0x2d, 0xcb, 0xc4, 0x2f, 0x9c, - 0x8f, 0x07, 0x77, 0x08, 0xa1, 0x9c, 0xa7, 0x5d, 0x44, 0xcc, 0x4f, 0x99, 0x75, 0x50, 0xf2, 0xad, - 0x4b, 0x58, 0xcd, 0x80, 0xa3, 0x88, 0xc5, 0x21, 0xd2, 0x20, 0xcc, 0xe4, 0x09, 0x9b, 0x52, 0xd9, - 0xe5, 0x57, 0x7b, 0xcb, 0x41, 0x26, 0xac, 0x8c, 0x39, 0x8d, 0x24, 0xac, 0x16, 0xf5, 0xd2, 0x7b, - 0x43, 0x78, 0x23, 0x5a, 0x07, 0xf0, 0xfb, 0xce, 0xf7, 0xe8, 0xdf, 0xba, 0x54, 0xa0, 0x97, 0x8c, - 0x6a, 0xfb, 0xe7, 0x4e, 0xa9, 0x32, 0xba, 0x5d, 0x64, 0xf7, 0x7c, 0x99, 0x68, 0xe0, 0x3e, 0xd1, - 0xc0, 0x43, 0xa2, 0x81, 0xe7, 0x44, 0x03, 0xb7, 0x2f, 0x5a, 0xe1, 0xe2, 0xef, 0x07, 0x7b, 0x67, - 0x33, 0x6e, 0x3a, 0xa1, 0x67, 0xba, 0xcc, 0xca, 0x9f, 0xbe, 0x2b, 0xfe, 0x38, 0xa5, 0xec, 0x70, - 0x84, 0x3b, 0xc3, 0x01, 0xce, 0x37, 0x3a, 0xf9, 0x24, 0xd7, 0xbc, 0xf7, 0x1a, 0x00, 0x00, 0xff, - 0xff, 0xd2, 0x94, 0x7a, 0x2b, 0x65, 0x02, 0x00, 0x00, + // 315 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4d, 0xce, 0xcf, 0x2b, + 0x49, 0xcc, 0xcc, 0x4b, 0x2d, 0xd2, 0x2f, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2b, 0x28, 0xca, 0x2f, + 0xc9, 0x17, 0xe2, 0x84, 0x0b, 0x4b, 0x69, 0xa5, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, + 0xe7, 0xea, 0xe7, 0x15, 0x17, 0x24, 0x27, 0xeb, 0xa6, 0xa4, 0x96, 0xe9, 0xe7, 0xa5, 0x96, 0xe4, + 0x26, 0x16, 0xe8, 0x17, 0xa7, 0xe6, 0xa4, 0x26, 0x97, 0xe4, 0x17, 0x41, 0xb4, 0x49, 0xe9, 0x22, + 0xa9, 0x4d, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0x0b, 0x27, 0x95, 0xa6, 0x81, 0x79, 0x60, 0x0e, 0x98, + 0x05, 0x51, 0xae, 0x74, 0x98, 0x91, 0x8b, 0xd3, 0x19, 0x66, 0x91, 0x90, 0x26, 0x17, 0xbb, 0x7f, + 0x79, 0x5e, 0x6a, 0x91, 0xa7, 0x8b, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x8f, 0x13, 0xff, 0x89, 0x7b, + 0xf2, 0x0c, 0xb7, 0xee, 0xc9, 0xc3, 0x84, 0x83, 0x60, 0x0c, 0x21, 0x05, 0x2e, 0x96, 0xe0, 0xc4, + 0x9c, 0x12, 0x09, 0x26, 0xb0, 0x3a, 0x1e, 0xa8, 0x3a, 0x96, 0xd0, 0x50, 0x4f, 0x97, 0x20, 0xb0, + 0x8c, 0x90, 0x14, 0x17, 0x87, 0x73, 0x62, 0x41, 0x62, 0x72, 0x66, 0x49, 0xa5, 0x04, 0xb3, 0x02, + 0xa3, 0x06, 0x4b, 0x10, 0x9c, 0x2f, 0x64, 0xc8, 0xc5, 0x1a, 0x54, 0x9a, 0x93, 0x5a, 0x2c, 0xc1, + 0xa2, 0xc0, 0xa8, 0xc1, 0x6d, 0x24, 0xaa, 0x07, 0xf1, 0x8c, 0x5e, 0x40, 0x4e, 0x62, 0x72, 0x6a, + 0x6e, 0x6a, 0x5e, 0x09, 0x48, 0xd6, 0x89, 0x05, 0x64, 0x6a, 0x10, 0x44, 0x25, 0xc8, 0x38, 0xa7, + 0xc4, 0xe2, 0xcc, 0x64, 0x47, 0x67, 0x1f, 0x09, 0x56, 0x05, 0x46, 0x0d, 0xde, 0x20, 0x38, 0xdf, + 0x29, 0xfc, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x6f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, + 0x48, 0x8e, 0x71, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x6d, 0x1c, 0xc1, 0x96, 0x9f, 0x56, 0xac, 0x9b, + 0x58, 0x90, 0xa9, 0x9b, 0x9e, 0xaf, 0x0f, 0x0f, 0xe3, 0x55, 0x4c, 0xc2, 0x7e, 0xa9, 0xf9, 0x6e, + 0xc1, 0x7a, 0x8e, 0x01, 0x9e, 0x7a, 0xf0, 0x00, 0x49, 0x62, 0x03, 0x87, 0x92, 0x31, 0x20, 0x00, + 0x00, 0xff, 0xff, 0xfc, 0x81, 0x55, 0xd6, 0xa4, 0x01, 0x00, 0x00, } func (m *Container) Marshal() (dAtA []byte, err error) { @@ -242,16 +146,11 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - { - size, err := m.List.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintTypes(dAtA, i, uint64(size)) + if m.BasicACL != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.BasicACL)) + i-- + dAtA[i] = 0x28 } - i-- - dAtA[i] = 0x2a { size, err := m.Rules.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -290,93 +189,6 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AccessGroup) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AccessGroup) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AccessGroup) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.UserGroup) > 0 { - for iNdEx := len(m.UserGroup) - 1; iNdEx >= 0; iNdEx-- { - { - size := m.UserGroup[iNdEx].Size() - i -= size - if _, err := m.UserGroup[iNdEx].MarshalTo(dAtA[i:]); err != nil { - return 0, err - } - i = encodeVarintTypes(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - if m.AccessMode != 0 { - i = encodeVarintTypes(dAtA, i, uint64(m.AccessMode)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - -func (m *AccessControlList) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AccessControlList) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AccessControlList) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.List) > 0 { - for iNdEx := len(m.List) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.List[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintTypes(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - func encodeVarintTypes(dAtA []byte, offset int, v uint64) int { offset -= sovTypes(v) base := offset @@ -403,46 +215,8 @@ func (m *Container) Size() (n int) { } l = m.Rules.Size() n += 1 + l + sovTypes(uint64(l)) - l = m.List.Size() - n += 1 + l + sovTypes(uint64(l)) - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *AccessGroup) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.AccessMode != 0 { - n += 1 + sovTypes(uint64(m.AccessMode)) - } - if len(m.UserGroup) > 0 { - for _, e := range m.UserGroup { - l = e.Size() - n += 1 + l + sovTypes(uint64(l)) - } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *AccessControlList) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.List) > 0 { - for _, e := range m.List { - l = e.Size() - n += 1 + l + sovTypes(uint64(l)) - } + if m.BasicACL != 0 { + n += 1 + sovTypes(uint64(m.BasicACL)) } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) @@ -604,97 +378,10 @@ func (m *Container) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field List", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.List.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipTypes(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AccessGroup) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AccessGroup: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AccessGroup: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field AccessMode", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BasicACL", wireType) } - m.AccessMode = 0 + m.BasicACL = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowTypes @@ -704,134 +391,11 @@ func (m *AccessGroup) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.AccessMode |= uint32(b&0x7F) << shift + m.BasicACL |= uint32(b&0x7F) << shift if b < 0x80 { break } } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserGroup", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - var v OwnerID - m.UserGroup = append(m.UserGroup, v) - if err := m.UserGroup[len(m.UserGroup)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipTypes(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthTypes - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AccessControlList) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AccessControlList: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AccessControlList: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field List", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowTypes - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthTypes - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthTypes - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.List = append(m.List, AccessGroup{}) - if err := m.List[len(m.List)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) diff --git a/container/types.proto b/container/types.proto index a0d035d..dc79bd3 100644 --- a/container/types.proto +++ b/container/types.proto @@ -18,18 +18,7 @@ message Container { uint64 Capacity = 3; // Rules define storage policy for the object inside the container. netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false]; - // Container ACL. - AccessControlList List = 5 [(gogoproto.nullable) = false]; -} - -message AccessGroup { - // Group access mode. - uint32 AccessMode = 1; - // Group members. - repeated bytes UserGroup = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; -} - -message AccessControlList { - // List of access groups. - repeated AccessGroup List = 1 [(gogoproto.nullable) = false]; + // BasicACL with access control rules for owner, system, others and + // permission bits for bearer token and extended ACL. + uint32 BasicACL = 5; } From 9f4636618fbba620452e0e4b5a5ab8e41e1448fb Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 15:16:52 +0300 Subject: [PATCH 5/7] docs: Update docs for neofs-api v0.6.0 --- docs/acl.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++ docs/container.md | 29 ++-------------------- 2 files changed, 64 insertions(+), 27 deletions(-) create mode 100644 docs/acl.md diff --git a/docs/acl.md b/docs/acl.md new file mode 100644 index 0000000..38f328b --- /dev/null +++ b/docs/acl.md @@ -0,0 +1,62 @@ +# Protocol Documentation + + +## Table of Contents + +- [acl/types.proto](#acl/types.proto) + + + +- [Scalar Value Types](#scalar-value-types) + + + + +

Top

+ +## acl/types.proto + + + + + + + + + +### Target +Target of the access control rule in access control list. + +| Name | Number | Description | +| ---- | ------ | ----------- | +| Unknown | 0 | Unknown target, default value. | +| User | 1 | User target rule is applied if sender is the owner of the container. | +| System | 2 | System target rule is applied if sender is the storage node within the container or inner ring node. | +| Others | 3 | Others target rule is applied if sender is not user or system target. | +| PubKey | 4 | PubKey target rule is applied if sender has public key provided in extended ACL. | + + + + + + +## Scalar Value Types + +| .proto Type | Notes | C++ Type | Java Type | Python Type | +| ----------- | ----- | -------- | --------- | ----------- | +| double | | double | double | float | +| float | | float | float | float | +| int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | +| int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | +| uint32 | Uses variable-length encoding. | uint32 | int | int/long | +| uint64 | Uses variable-length encoding. | uint64 | long | int/long | +| sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | +| sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | +| fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | +| fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | +| sfixed32 | Always four bytes. | int32 | int | int | +| sfixed64 | Always eight bytes. | int64 | long | int/long | +| bool | | bool | boolean | boolean | +| string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | +| bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | + diff --git a/docs/container.md b/docs/container.md index 6693980..f0188ca 100644 --- a/docs/container.md +++ b/docs/container.md @@ -21,8 +21,6 @@ - [container/types.proto](#container/types.proto) - Messages - - [AccessControlList](#container.AccessControlList) - - [AccessGroup](#container.AccessGroup) - [Container](#container.Container) @@ -166,7 +164,7 @@ via consensus in inner ring nodes | Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). | | OwnerID | [bytes](#bytes) | | OwnerID is a wallet address | | rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. | -| Group | [AccessGroup](#container.AccessGroup) | | Container ACL. | +| BasicACL | [uint32](#uint32) | | BasicACL of the container. | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -196,29 +194,6 @@ via consensus in inner ring nodes - - -### Message AccessControlList - - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. | - - - - -### Message AccessGroup - - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| AccessMode | [uint32](#uint32) | | Group access mode. | -| UserGroup | [bytes](#bytes) | repeated | Group members. | - - ### Message Container @@ -231,7 +206,7 @@ The Container service definition. | Salt | [bytes](#bytes) | | Salt is a nonce for unique container id calculation. | | Capacity | [uint64](#uint64) | | Capacity defines amount of data that can be stored in the container (doesn't used for now). | | Rules | [netmap.PlacementRule](#netmap.PlacementRule) | | Rules define storage policy for the object inside the container. | -| List | [AccessControlList](#container.AccessControlList) | | Container ACL. | +| BasicACL | [uint32](#uint32) | | BasicACL with access control rules for owner, system, others and permission bits for bearer token and extended ACL. | From 2fb36f85887cd8e2b9036c150813c43a913fc18f Mon Sep 17 00:00:00 2001 From: alexvanin Date: Thu, 2 Apr 2020 15:44:18 +0300 Subject: [PATCH 6/7] container: Support new `BasicACL` field --- container/service.go | 4 ++++ container/types.go | 20 ++++---------------- container/types_test.go | 22 +--------------------- 3 files changed, 9 insertions(+), 37 deletions(-) diff --git a/container/service.go b/container/service.go index 8eb9ba6..2f36dc1 100644 --- a/container/service.go +++ b/container/service.go @@ -31,9 +31,11 @@ func (m *PutRequest) PrepareData() ([]byte, error) { err error buf = new(bytes.Buffer) capBytes = make([]byte, 8) + aclBytes = make([]byte, 4) ) binary.BigEndian.PutUint64(capBytes, m.Capacity) + binary.BigEndian.PutUint32(capBytes, m.BasicACL) if _, err = buf.Write(m.MessageID.Bytes()); err != nil { return nil, errors.Wrap(err, "could not write message id") @@ -45,6 +47,8 @@ func (m *PutRequest) PrepareData() ([]byte, error) { return nil, errors.Wrap(err, "could not marshal placement") } else if _, err = buf.Write(data); err != nil { return nil, errors.Wrap(err, "could not write placement") + } else if _, err = buf.Write(aclBytes); err != nil { + return nil, errors.Wrap(err, "could not write basic acl") } return buf.Bytes(), nil diff --git a/container/types.go b/container/types.go index 21fc0d1..e358e6d 100644 --- a/container/types.go +++ b/container/types.go @@ -11,19 +11,6 @@ import ( "github.com/pkg/errors" ) -// AccessMode is a container access mode type. -type AccessMode uint32 - -const ( - // AccessModeRead is a read access mode. - AccessModeRead AccessMode = 1 << iota - // AccessModeWrite is a write access mode. - AccessModeWrite -) - -// AccessModeReadWrite is a read/write container access mode. -const AccessModeReadWrite = AccessModeRead | AccessModeWrite - var ( _ internal.Custom = (*Container)(nil) @@ -31,8 +18,8 @@ var ( emptyOwner = (OwnerID{}).Bytes() ) -// New creates new user container based on capacity, OwnerID and PlacementRules. -func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, error) { +// New creates new user container based on capacity, OwnerID, ACL and PlacementRules. +func New(cap uint64, owner OwnerID, acl uint32, rules netmap.PlacementRule) (*Container, error) { if bytes.Equal(owner[:], emptyOwner) { return nil, refs.ErrEmptyOwner } else if cap == 0 { @@ -49,6 +36,7 @@ func New(cap uint64, owner OwnerID, rules netmap.PlacementRule) (*Container, err Salt: UUID(salt), Capacity: cap, Rules: rules, + BasicACL: acl, }, nil } @@ -90,7 +78,7 @@ func NewTestContainer() (*Container, error) { if err != nil { return nil, err } - return New(100, owner, netmap.PlacementRule{ + return New(100, owner, 0xFFFFFFFF, netmap.PlacementRule{ ReplFactor: 2, SFGroups: []netmap.SFGroup{ { diff --git a/container/types_test.go b/container/types_test.go index 1ccc00b..fddccb3 100644 --- a/container/types_test.go +++ b/container/types_test.go @@ -36,7 +36,7 @@ func TestCID(t *testing.T) { owner, err := refs.NewOwnerID(&key.PublicKey) require.NoError(t, err) - c1, err := New(10, owner, rules) + c1, err := New(10, owner, 0xDEADBEEF, rules) require.NoError(t, err) data, err := proto.Marshal(c1) @@ -55,23 +55,3 @@ func TestCID(t *testing.T) { require.Equal(t, cid1, cid2) }) } - -func TestAccessMode(t *testing.T) { - t.Run("read access to read/write mode", func(t *testing.T) { - require.Equal(t, AccessModeRead, AccessModeReadWrite&AccessModeRead) - }) - - t.Run("write access to read/write mode", func(t *testing.T) { - require.Equal(t, AccessModeWrite, AccessModeReadWrite&AccessModeWrite) - }) - - t.Run("read(write) access to write(read) mode", func(t *testing.T) { - require.Zero(t, AccessModeRead&AccessModeWrite) - }) - - t.Run("access to same mode", func(t *testing.T) { - require.Equal(t, AccessModeWrite, AccessModeWrite&AccessModeWrite) - require.Equal(t, AccessModeRead, AccessModeRead&AccessModeRead) - require.Equal(t, AccessModeReadWrite, AccessModeReadWrite&AccessModeReadWrite) - }) -} From 72c61002aa6effd0c1c3cb1a6b7b4fe00629f3e7 Mon Sep 17 00:00:00 2001 From: alexvanin Date: Fri, 3 Apr 2020 10:30:48 +0300 Subject: [PATCH 7/7] Update changelog for v0.6.0 --- CHANGELOG.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02254ab..1e9d098 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog -This is the changelog for NeoFS API +This is the changelog for NeoFS-API-Go + +## [0.6.0] - 2020-04-03 + +### Added + +- `RequestType` for object service requests +- `Type()` function in `Request` interface + +### Changed + +- Synced proto files with `neofs-api v0.6.0` ## [0.5.0] - 2020-03-31 @@ -217,3 +228,4 @@ Initial public release [0.4.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.0...v0.4.1 [0.4.2]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.1...v0.4.2 [0.5.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.4.2...v0.5.0 +[0.6.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.5.0...v0.6.0