realloc/frostfs-api
1
0
Fork 0
forked from TrueCloudLab/frostfs-api
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#40] status: Introduce CONTAINER_ACCESS_DENIED status

Browse source 
* Add a new status CONTAINER_ACCESS_DENIED.
* Fix descriptions for methods of container and object services.
* Also regenerate md docs.

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
This commit is contained in:
Airat Arifullin 2024-03-05 12:36:58 +03:00
parent 46dd3885d2
commit 07eb6a438c
12 changed files with 411 additions and 194 deletions
Download patch file Download diff file Expand all files Collapse all files

155
proto-docs/container.md
View file

@ -3,50 +3,50 @@
## Table of Contents
- [Protocol Documentation](#protocol-documentation)
- [Table of Contents](#table-of-contents)
- [container/service.proto](#containerserviceproto)
- [Service "neo.fs.v2.container.ContainerService"](#service-neofsv2containercontainerservice)
- [Method Put](#method-put)
- [Method Delete](#method-delete)
- [Method Get](#method-get)
- [Method List](#method-list)
- [Method SetExtendedACL](#method-setextendedacl)
- [Method GetExtendedACL](#method-getextendedacl)
- [Method AnnounceUsedSpace](#method-announceusedspace)
- [Message AnnounceUsedSpaceRequest](#message-announceusedspacerequest)
- [Message AnnounceUsedSpaceRequest.Body](#message-announceusedspacerequestbody)
- [Message AnnounceUsedSpaceRequest.Body.Announcement](#message-announceusedspacerequestbodyannouncement)
- [Message AnnounceUsedSpaceResponse](#message-announceusedspaceresponse)
- [Message AnnounceUsedSpaceResponse.Body](#message-announceusedspaceresponsebody)
- [Message DeleteRequest](#message-deleterequest)
- [Message DeleteRequest.Body](#message-deleterequestbody)
- [Message DeleteResponse](#message-deleteresponse)
- [Message DeleteResponse.Body](#message-deleteresponsebody)
- [Message GetExtendedACLRequest](#message-getextendedaclrequest)
- [Message GetExtendedACLRequest.Body](#message-getextendedaclrequestbody)
- [Message GetExtendedACLResponse](#message-getextendedaclresponse)
- [Message GetExtendedACLResponse.Body](#message-getextendedaclresponsebody)
- [Message GetRequest](#message-getrequest)
- [Message GetRequest.Body](#message-getrequestbody)
- [Message GetResponse](#message-getresponse)
- [Message GetResponse.Body](#message-getresponsebody)
- [Message ListRequest](#message-listrequest)
- [Message ListRequest.Body](#message-listrequestbody)
- [Message ListResponse](#message-listresponse)
- [Message ListResponse.Body](#message-listresponsebody)
- [Message PutRequest](#message-putrequest)
- [Message PutRequest.Body](#message-putrequestbody)
- [Message PutResponse](#message-putresponse)
- [Message PutResponse.Body](#message-putresponsebody)
- [Message SetExtendedACLRequest](#message-setextendedaclrequest)
- [Message SetExtendedACLRequest.Body](#message-setextendedaclrequestbody)
- [Message SetExtendedACLResponse](#message-setextendedaclresponse)
- [Message SetExtendedACLResponse.Body](#message-setextendedaclresponsebody)
- [container/types.proto](#containertypesproto)
- [Message Container](#message-container)
- [Message Container.Attribute](#message-containerattribute)
- [Scalar Value Types](#scalar-value-types)
- [container/service.proto](#container/service.proto)
- Services
- [ContainerService](#neo.fs.v2.container.ContainerService)
- Messages
- [AnnounceUsedSpaceRequest](#neo.fs.v2.container.AnnounceUsedSpaceRequest)
- [AnnounceUsedSpaceRequest.Body](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body)
- [AnnounceUsedSpaceRequest.Body.Announcement](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body.Announcement)
- [AnnounceUsedSpaceResponse](#neo.fs.v2.container.AnnounceUsedSpaceResponse)
- [AnnounceUsedSpaceResponse.Body](#neo.fs.v2.container.AnnounceUsedSpaceResponse.Body)
- [DeleteRequest](#neo.fs.v2.container.DeleteRequest)
- [DeleteRequest.Body](#neo.fs.v2.container.DeleteRequest.Body)
- [DeleteResponse](#neo.fs.v2.container.DeleteResponse)
- [DeleteResponse.Body](#neo.fs.v2.container.DeleteResponse.Body)
- [GetExtendedACLRequest](#neo.fs.v2.container.GetExtendedACLRequest)
- [GetExtendedACLRequest.Body](#neo.fs.v2.container.GetExtendedACLRequest.Body)
- [GetExtendedACLResponse](#neo.fs.v2.container.GetExtendedACLResponse)
- [GetExtendedACLResponse.Body](#neo.fs.v2.container.GetExtendedACLResponse.Body)
- [GetRequest](#neo.fs.v2.container.GetRequest)
- [GetRequest.Body](#neo.fs.v2.container.GetRequest.Body)
- [GetResponse](#neo.fs.v2.container.GetResponse)
- [GetResponse.Body](#neo.fs.v2.container.GetResponse.Body)
- [ListRequest](#neo.fs.v2.container.ListRequest)
- [ListRequest.Body](#neo.fs.v2.container.ListRequest.Body)
- [ListResponse](#neo.fs.v2.container.ListResponse)
- [ListResponse.Body](#neo.fs.v2.container.ListResponse.Body)
- [PutRequest](#neo.fs.v2.container.PutRequest)
- [PutRequest.Body](#neo.fs.v2.container.PutRequest.Body)
- [PutResponse](#neo.fs.v2.container.PutResponse)
- [PutResponse.Body](#neo.fs.v2.container.PutResponse.Body)
- [SetExtendedACLRequest](#neo.fs.v2.container.SetExtendedACLRequest)
- [SetExtendedACLRequest.Body](#neo.fs.v2.container.SetExtendedACLRequest.Body)
- [SetExtendedACLResponse](#neo.fs.v2.container.SetExtendedACLResponse)
- [SetExtendedACLResponse.Body](#neo.fs.v2.container.SetExtendedACLResponse.Body)
- [container/types.proto](#container/types.proto)
- Messages
- [Container](#neo.fs.v2.container.Container)
- [Container.Attribute](#neo.fs.v2.container.Container.Attribute)
- [Scalar Value Types](#scalar-value-types)
@ -81,13 +81,15 @@ rpc AnnounceUsedSpace(AnnounceUsedSpaceRequest) returns (AnnounceUsedSpaceRespon
`Put` invokes `Container` smart contract's `Put` method and returns
response immediately. After a new block is issued in sidechain, request is
verified by Inner Ring nodes. After one more block in sidechain, the container
is added into smart contract storage.
verified by Inner Ring nodes. After one more block in sidechain, the
container is added into smart contract storage.
Statuses:
- **OK** (0, SECTION_SUCCESS): \
request to save the container has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
- Common failures (SECTION_FAILURE_COMMON);
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
container create access denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -96,13 +98,15 @@ Statuses:
`Delete` invokes `Container` smart contract's `Delete` method and returns
response immediately. After a new block is issued in sidechain, request is
verified by Inner Ring nodes. After one more block in sidechain, the container
is added into smart contract storage.
verified by Inner Ring nodes. After one more block in sidechain, the
container is added into smart contract storage.
Statuses:
- **OK** (0, SECTION_SUCCESS): \
request to remove the container has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
- Common failures (SECTION_FAILURE_COMMON);
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
container delete access denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -116,7 +120,9 @@ Statuses:
container has been successfully read;
- Common failures (SECTION_FAILURE_COMMON);
- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
requested container not found.
requested container not found;
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
access to container is denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -128,7 +134,9 @@ Returns all owner's containers from 'Container` smart contract' storage.
Statuses:
- **OK** (0, SECTION_SUCCESS): \
container list has been successfully read;
- Common failures (SECTION_FAILURE_COMMON).
- Common failures (SECTION_FAILURE_COMMON);
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
container list access denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -136,13 +144,15 @@ Statuses:
#### Method SetExtendedACL
Invokes 'SetEACL' method of 'Container` smart contract and returns response
immediately. After one more block in sidechain, changes in an Extended ACL are
added into smart contract storage.
immediately. After one more block in sidechain, changes in an Extended ACL
are added into smart contract storage.
Statuses:
- **OK** (0, SECTION_SUCCESS): \
request to save container eACL has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
- Common failures (SECTION_FAILURE_COMMON);
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
set container eACL access denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -159,7 +169,9 @@ Statuses:
- **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
container not found;
- **EACL_NOT_FOUND** (3073, SECTION_CONTAINER): \
eACL table not found.
eACL table not found;
- **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
access to container eACL is denied.
| Name | Input | Output |
| ---- | ----- | ------ |
@ -327,8 +339,8 @@ Get Extended ACL
### Message GetExtendedACLResponse.Body
Get Extended ACL Response body can be empty if the requested container does
not have Extended ACL Table attached or Extended ACL has not been allowed at
the time of container creation.
not have Extended ACL Table attached or Extended ACL has not been allowed
at the time of container creation.
| Field | Type | Label | Description |
@ -536,8 +548,8 @@ Set Extended ACL
### Message SetExtendedACLResponse.Body
`SetExtendedACLResponse` has an empty body because the operation is
asynchronous and the update should be reflected in `Container` smart contract's
storage after next block is issued in sidechain.
asynchronous and the update should be reflected in `Container` smart
contract's storage after next block is issued in sidechain.
<!-- end messages -->
@ -560,8 +572,8 @@ storage after next block is issued in sidechain.
### Message Container
Container is a structure that defines object placement behaviour. Objects can
be stored only within containers. They define placement rule, attributes and
access control information. An ID of a container is a 32 byte long SHA256 hash
of stable-marshalled container message.
access control information. An ID of a container is a 32 byte long SHA256
hash of stable-marshalled container message.
| Field | Type | Label | Description |
@ -578,8 +590,8 @@ of stable-marshalled container message.
### Message Container.Attribute
`Attribute` is a user-defined Key-Value metadata pair attached to the
container. Container attributes are immutable. They are set at the moment of
container creation and can never be added or updated.
container. Container attributes are immutable. They are set at the moment
of container creation and can never be added or updated.
Key name must be a container-unique valid UTF-8 string. Value can't be
empty. Containers with duplicated attribute names or attributes with empty
@ -593,15 +605,16 @@ There are some "well-known" attributes affecting system behaviour:
NNS contract.
* [ __SYSTEM__ZONE ] \
(`__NEOFS__ZONE` is deprecated) \
String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated). Used as a TLD of a domain name in NNS
contract. If no zone is specified, use default zone: `container`.
String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated).
Used as a TLD of a domain name in NNS contract. If no zone is specified,
use default zone: `container`.
* [ __SYSTEM__DISABLE_HOMOMORPHIC_HASHING ] \
(`__NEOFS__DISABLE_HOMOMORPHIC_HASHING` is deprecated) \
Disables homomorphic hashing for the container if the value equals "true" string.
Any other values are interpreted as missing attribute. Container could be
accepted in a NeoFS network only if the global network hashing configuration
value corresponds with that attribute's value. After container inclusion, network
setting is ignored.
Disables homomorphic hashing for the container if the value equals "true"
string. Any other values are interpreted as missing attribute. Container
could be accepted in a NeoFS network only if the global network hashing
configuration value corresponds with that attribute's value. After
container inclusion, network setting is ignored.
And some well-known attributes used by applications only: