acl

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 15, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Role_name = map[int32]string{
		0: "ROLE_UNSPECIFIED",
		1: "USER",
		2: "SYSTEM",
		3: "OTHERS",
	}
	Role_value = map[string]int32{
		"ROLE_UNSPECIFIED": 0,
		"USER":             1,
		"SYSTEM":           2,
		"OTHERS":           3,
	}
)

Enum value maps for Role.

View Source 
var (
	MatchType_name = map[int32]string{
		0: "MATCH_TYPE_UNSPECIFIED",
		1: "STRING_EQUAL",
		2: "STRING_NOT_EQUAL",
	}
	MatchType_value = map[string]int32{
		"MATCH_TYPE_UNSPECIFIED": 0,
		"STRING_EQUAL":           1,
		"STRING_NOT_EQUAL":       2,
	}
)

Enum value maps for MatchType.

View Source 
var (
	Operation_name = map[int32]string{
		0: "OPERATION_UNSPECIFIED",
		1: "GET",
		2: "HEAD",
		3: "PUT",
		4: "DELETE",
		5: "SEARCH",
		6: "GETRANGE",
		7: "GETRANGEHASH",
	}
	Operation_value = map[string]int32{
		"OPERATION_UNSPECIFIED": 0,
		"GET":                   1,
		"HEAD":                  2,
		"PUT":                   3,
		"DELETE":                4,
		"SEARCH":                5,
		"GETRANGE":              6,
		"GETRANGEHASH":          7,
	}
)

Enum value maps for Operation.

View Source 
var (
	Action_name = map[int32]string{
		0: "ACTION_UNSPECIFIED",
		1: "ALLOW",
		2: "DENY",
	}
	Action_value = map[string]int32{
		"ACTION_UNSPECIFIED": 0,
		"ALLOW":              1,
		"DENY":               2,
	}
)

Enum value maps for Action.

View Source 
var (
	HeaderType_name = map[int32]string{
		0: "HEADER_UNSPECIFIED",
		1: "REQUEST",
		2: "OBJECT",
		3: "SERVICE",
	}
	HeaderType_value = map[string]int32{
		"HEADER_UNSPECIFIED": 0,
		"REQUEST":            1,
		"OBJECT":             2,
		"SERVICE":            3,
	}
)

Enum value maps for HeaderType.

View Source 
var File_api_acl_grpc_types_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Action 

type Action int32

Rule execution result action. Either allows or denies access if the rule's filters match. 

const (
	// Unspecified action, default value
	Action_ACTION_UNSPECIFIED Action = 0
	// Allow action
	Action_ALLOW Action = 1
	// Deny action
	Action_DENY Action = 2
)

func (Action) Descriptor 

func (Action) Descriptor() protoreflect.EnumDescriptor

func (Action) Enum 

func (x Action) Enum() *Action

func (Action) Number 

func (x Action) Number() protoreflect.EnumNumber

func (Action) String 

func (x Action) String() string

func (Action) Type 

func (Action) Type() protoreflect.EnumType

type BearerToken 

type BearerToken struct {

	// Bearer Token body
	Body *BearerToken_Body `protobuf:"bytes,1,opt,name=body" json:"body,omitempty"`
	// Signature of BearerToken body
	Signature *grpc.Signature `protobuf:"bytes,2,opt,name=signature" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

BearerToken allows to attach signed Extended ACL rules to the request in `RequestMetaHeader`. If container's Basic ACL rules allow, the attached rule set will be checked instead of one attached to the container itself. Just like [JWT](https://jwt.io), it has a limited lifetime and scope, hence can be used in the similar use cases, like providing authorisation to externally authenticated party.

BearerToken can be issued only by the container's owner and must be signed using the key associated with the container's `OwnerID`.

func (*BearerToken) ClearBody 

func (x *BearerToken) ClearBody()

func (*BearerToken) ClearSignature 

func (x *BearerToken) ClearSignature()

func (*BearerToken) GetBody 

func (x *BearerToken) GetBody() *BearerToken_Body

func (*BearerToken) GetSignature 

func (x *BearerToken) GetSignature() *grpc.Signature

func (*BearerToken) HasBody 

func (x *BearerToken) HasBody() bool

func (*BearerToken) HasSignature 

func (x *BearerToken) HasSignature() bool

func (*BearerToken) ProtoMessage 

func (*BearerToken) ProtoMessage()

func (*BearerToken) ProtoReflect 

func (x *BearerToken) ProtoReflect() protoreflect.Message

func (*BearerToken) Reset 

func (x *BearerToken) Reset()

func (*BearerToken) SetBody 

func (x *BearerToken) SetBody(v *BearerToken_Body)

func (*BearerToken) SetSignature 

func (x *BearerToken) SetSignature(v *grpc.Signature)

func (*BearerToken) String 

func (x *BearerToken) String() string

type BearerToken_Body 

type BearerToken_Body struct {

	// Table of Extended ACL rules to use instead of the ones attached to the
	// container. If it contains `container_id` field, bearer token is only
	// valid for this specific container. Otherwise, any container of the same
	// owner is allowed.
	//
	// Deprecated: eACL tables are no longer relevant - `APEOverrides` should be
	// used instead.
	EaclTable *EACLTable `protobuf:"bytes,1,opt,name=eacl_table,json=eaclTable" json:"eacl_table,omitempty"`
	// `OwnerID` defines to whom the token was issued. It must match the request
	// originator's `OwnerID`. If empty, any token bearer will be accepted.
	OwnerId *grpc.OwnerID `protobuf:"bytes,2,opt,name=owner_id,json=ownerID" json:"owner_id,omitempty"`
	// Token expiration and valid time period parameters
	Lifetime *BearerToken_Body_TokenLifetime `protobuf:"bytes,3,opt,name=lifetime" json:"lifetime,omitempty"`
	// AllowImpersonate flag to consider token signer as request owner.
	// If this field is true extended ACL table in token body isn't processed.
	AllowImpersonate *bool `protobuf:"varint,4,opt,name=allow_impersonate,json=allowImpersonate" json:"allow_impersonate,omitempty"`
	// APE override for the target.
	ApeOverride *BearerToken_Body_APEOverride `protobuf:"bytes,5,opt,name=ape_override,json=apeOverride" json:"ape_override,omitempty"`
	// contains filtered or unexported fields
}

Bearer Token body structure contains Extended ACL table issued by the container owner with additional information preventing token abuse.

func (*BearerToken_Body) ClearAllowImpersonate 

func (x *BearerToken_Body) ClearAllowImpersonate()

func (*BearerToken_Body) ClearApeOverride 

func (x *BearerToken_Body) ClearApeOverride()

func (*BearerToken_Body) ClearEaclTable 

func (x *BearerToken_Body) ClearEaclTable()

func (*BearerToken_Body) ClearLifetime 

func (x *BearerToken_Body) ClearLifetime()

func (*BearerToken_Body) ClearOwnerId 

func (x *BearerToken_Body) ClearOwnerId()

func (*BearerToken_Body) GetAllowImpersonate 

func (x *BearerToken_Body) GetAllowImpersonate() bool

func (*BearerToken_Body) GetApeOverride 

func (x *BearerToken_Body) GetApeOverride() *BearerToken_Body_APEOverride

func (*BearerToken_Body) GetEaclTable 

func (x *BearerToken_Body) GetEaclTable() *EACLTable

func (*BearerToken_Body) GetLifetime 

func (x *BearerToken_Body) GetLifetime() *BearerToken_Body_TokenLifetime

func (*BearerToken_Body) GetOwnerId 

func (x *BearerToken_Body) GetOwnerId() *grpc.OwnerID

func (*BearerToken_Body) HasAllowImpersonate 

func (x *BearerToken_Body) HasAllowImpersonate() bool

func (*BearerToken_Body) HasApeOverride 

func (x *BearerToken_Body) HasApeOverride() bool

func (*BearerToken_Body) HasEaclTable 

func (x *BearerToken_Body) HasEaclTable() bool

func (*BearerToken_Body) HasLifetime 

func (x *BearerToken_Body) HasLifetime() bool

func (*BearerToken_Body) HasOwnerId 

func (x *BearerToken_Body) HasOwnerId() bool

func (*BearerToken_Body) ProtoMessage 

func (*BearerToken_Body) ProtoMessage()

func (*BearerToken_Body) ProtoReflect 

func (x *BearerToken_Body) ProtoReflect() protoreflect.Message

func (*BearerToken_Body) Reset 

func (x *BearerToken_Body) Reset()

func (*BearerToken_Body) SetAllowImpersonate 

func (x *BearerToken_Body) SetAllowImpersonate(v bool)

func (*BearerToken_Body) SetApeOverride 

func (x *BearerToken_Body) SetApeOverride(v *BearerToken_Body_APEOverride)

func (*BearerToken_Body) SetEaclTable 

func (x *BearerToken_Body) SetEaclTable(v *EACLTable)

func (*BearerToken_Body) SetLifetime 

func (x *BearerToken_Body) SetLifetime(v *BearerToken_Body_TokenLifetime)

func (*BearerToken_Body) SetOwnerId 

func (x *BearerToken_Body) SetOwnerId(v *grpc.OwnerID)

func (*BearerToken_Body) String 

func (x *BearerToken_Body) String() string

type BearerToken_Body_APEOverride 

type BearerToken_Body_APEOverride struct {

	// Target for which chains are applied.
	Target *grpc1.ChainTarget `protobuf:"bytes,1,opt,name=target" json:"target,omitempty"`
	// The list of APE chains.
	Chains []*grpc1.Chain `protobuf:"bytes,2,rep,name=chains" json:"chains,omitempty"`
	// contains filtered or unexported fields
}

APEOverride is the list of APE chains defined for a target. These chains are meant to serve as overrides to the already defined (or even undefined) APE chains for the target (see contract `Policy`).

The server-side processing of the bearer token with set APE overrides must verify if a client is permitted to override chains for the target, preventing unauthorized access through the APE mechanism.

func (*BearerToken_Body_APEOverride) ClearTarget 

func (x *BearerToken_Body_APEOverride) ClearTarget()

func (*BearerToken_Body_APEOverride) GetChains 

func (x *BearerToken_Body_APEOverride) GetChains() []*grpc1.Chain

func (*BearerToken_Body_APEOverride) GetTarget 

func (x *BearerToken_Body_APEOverride) GetTarget() *grpc1.ChainTarget

func (*BearerToken_Body_APEOverride) HasTarget 

func (x *BearerToken_Body_APEOverride) HasTarget() bool

func (*BearerToken_Body_APEOverride) ProtoMessage 

func (*BearerToken_Body_APEOverride) ProtoMessage()

func (*BearerToken_Body_APEOverride) ProtoReflect 

func (x *BearerToken_Body_APEOverride) ProtoReflect() protoreflect.Message

func (*BearerToken_Body_APEOverride) Reset 

func (x *BearerToken_Body_APEOverride) Reset()

func (*BearerToken_Body_APEOverride) SetChains 

func (x *BearerToken_Body_APEOverride) SetChains(v []*grpc1.Chain)

func (*BearerToken_Body_APEOverride) SetTarget 

func (x *BearerToken_Body_APEOverride) SetTarget(v *grpc1.ChainTarget)

func (*BearerToken_Body_APEOverride) String 

func (x *BearerToken_Body_APEOverride) String() string

type BearerToken_Body_APEOverride_builder 

type BearerToken_Body_APEOverride_builder struct {

	// Target for which chains are applied.
	Target *grpc1.ChainTarget
	// The list of APE chains.
	Chains []*grpc1.Chain
	// contains filtered or unexported fields
}

func (BearerToken_Body_APEOverride_builder) Build 

func (b0 BearerToken_Body_APEOverride_builder) Build() *BearerToken_Body_APEOverride

type BearerToken_Body_TokenLifetime 

type BearerToken_Body_TokenLifetime struct {

	// Expiration Epoch
	Exp *uint64 `protobuf:"varint,1,opt,name=exp" json:"exp,omitempty"`
	// Not valid before Epoch
	Nbf *uint64 `protobuf:"varint,2,opt,name=nbf" json:"nbf,omitempty"`
	// Issued at Epoch
	Iat *uint64 `protobuf:"varint,3,opt,name=iat" json:"iat,omitempty"`
	// contains filtered or unexported fields
}

Lifetime parameters of the token. Field names taken from [rfc7519](https://tools.ietf.org/html/rfc7519).

func (*BearerToken_Body_TokenLifetime) ClearExp 

func (x *BearerToken_Body_TokenLifetime) ClearExp()

func (*BearerToken_Body_TokenLifetime) ClearIat 

func (x *BearerToken_Body_TokenLifetime) ClearIat()

func (*BearerToken_Body_TokenLifetime) ClearNbf 

func (x *BearerToken_Body_TokenLifetime) ClearNbf()

func (*BearerToken_Body_TokenLifetime) GetExp 

func (x *BearerToken_Body_TokenLifetime) GetExp() uint64

func (*BearerToken_Body_TokenLifetime) GetIat 

func (x *BearerToken_Body_TokenLifetime) GetIat() uint64

func (*BearerToken_Body_TokenLifetime) GetNbf 

func (x *BearerToken_Body_TokenLifetime) GetNbf() uint64

func (*BearerToken_Body_TokenLifetime) HasExp 

func (x *BearerToken_Body_TokenLifetime) HasExp() bool

func (*BearerToken_Body_TokenLifetime) HasIat 

func (x *BearerToken_Body_TokenLifetime) HasIat() bool

func (*BearerToken_Body_TokenLifetime) HasNbf 

func (x *BearerToken_Body_TokenLifetime) HasNbf() bool

func (*BearerToken_Body_TokenLifetime) ProtoMessage 

func (*BearerToken_Body_TokenLifetime) ProtoMessage()

func (*BearerToken_Body_TokenLifetime) ProtoReflect 

func (x *BearerToken_Body_TokenLifetime) ProtoReflect() protoreflect.Message

func (*BearerToken_Body_TokenLifetime) Reset 

func (x *BearerToken_Body_TokenLifetime) Reset()

func (*BearerToken_Body_TokenLifetime) SetExp 

func (x *BearerToken_Body_TokenLifetime) SetExp(v uint64)

func (*BearerToken_Body_TokenLifetime) SetIat 

func (x *BearerToken_Body_TokenLifetime) SetIat(v uint64)

func (*BearerToken_Body_TokenLifetime) SetNbf 

func (x *BearerToken_Body_TokenLifetime) SetNbf(v uint64)

func (*BearerToken_Body_TokenLifetime) String 

func (x *BearerToken_Body_TokenLifetime) String() string

type BearerToken_Body_TokenLifetime_builder 

type BearerToken_Body_TokenLifetime_builder struct {

	// Expiration Epoch
	Exp *uint64
	// Not valid before Epoch
	Nbf *uint64
	// Issued at Epoch
	Iat *uint64
	// contains filtered or unexported fields
}

func (BearerToken_Body_TokenLifetime_builder) Build 

func (b0 BearerToken_Body_TokenLifetime_builder) Build() *BearerToken_Body_TokenLifetime

type BearerToken_Body_builder 

type BearerToken_Body_builder struct {

	// Table of Extended ACL rules to use instead of the ones attached to the
	// container. If it contains `container_id` field, bearer token is only
	// valid for this specific container. Otherwise, any container of the same
	// owner is allowed.
	//
	// Deprecated: eACL tables are no longer relevant - `APEOverrides` should be
	// used instead.
	EaclTable *EACLTable
	// `OwnerID` defines to whom the token was issued. It must match the request
	// originator's `OwnerID`. If empty, any token bearer will be accepted.
	OwnerId *grpc.OwnerID
	// Token expiration and valid time period parameters
	Lifetime *BearerToken_Body_TokenLifetime
	// AllowImpersonate flag to consider token signer as request owner.
	// If this field is true extended ACL table in token body isn't processed.
	AllowImpersonate *bool
	// APE override for the target.
	ApeOverride *BearerToken_Body_APEOverride
	// contains filtered or unexported fields
}

func (BearerToken_Body_builder) Build 

func (b0 BearerToken_Body_builder) Build() *BearerToken_Body

type BearerToken_builder 

type BearerToken_builder struct {

	// Bearer Token body
	Body *BearerToken_Body
	// Signature of BearerToken body
	Signature *grpc.Signature
	// contains filtered or unexported fields
}

func (BearerToken_builder) Build 

func (b0 BearerToken_builder) Build() *BearerToken

type EACLRecord 

type EACLRecord struct {

	// FrostFS request Verb to match
	Operation *Operation `protobuf:"varint,1,opt,name=operation,enum=frost.fs.acl.Operation" json:"operation,omitempty"`
	// Rule execution result. Either allows or denies access if filters match.
	Action *Action `protobuf:"varint,2,opt,name=action,enum=frost.fs.acl.Action" json:"action,omitempty"`
	// List of filters to match and see if rule is applicable
	Filters []*EACLRecord_Filter `protobuf:"bytes,3,rep,name=filters" json:"filters,omitempty"`
	// List of target subjects to apply ACL rule to
	Targets []*EACLRecord_Target `protobuf:"bytes,4,rep,name=targets" json:"targets,omitempty"`
	// contains filtered or unexported fields
}

Describes a single eACL rule.

func (*EACLRecord) ClearAction 

func (x *EACLRecord) ClearAction()

func (*EACLRecord) ClearOperation 

func (x *EACLRecord) ClearOperation()

func (*EACLRecord) GetAction 

func (x *EACLRecord) GetAction() Action

func (*EACLRecord) GetFilters 

func (x *EACLRecord) GetFilters() []*EACLRecord_Filter

func (*EACLRecord) GetOperation 

func (x *EACLRecord) GetOperation() Operation

func (*EACLRecord) GetTargets 

func (x *EACLRecord) GetTargets() []*EACLRecord_Target

func (*EACLRecord) HasAction 

func (x *EACLRecord) HasAction() bool

func (*EACLRecord) HasOperation 

func (x *EACLRecord) HasOperation() bool

func (*EACLRecord) ProtoMessage 

func (*EACLRecord) ProtoMessage()

func (*EACLRecord) ProtoReflect 

func (x *EACLRecord) ProtoReflect() protoreflect.Message

func (*EACLRecord) Reset 

func (x *EACLRecord) Reset()

func (*EACLRecord) SetAction 

func (x *EACLRecord) SetAction(v Action)

func (*EACLRecord) SetFilters 

func (x *EACLRecord) SetFilters(v []*EACLRecord_Filter)

func (*EACLRecord) SetOperation 

func (x *EACLRecord) SetOperation(v Operation)

func (*EACLRecord) SetTargets 

func (x *EACLRecord) SetTargets(v []*EACLRecord_Target)

func (*EACLRecord) String 

func (x *EACLRecord) String() string

type EACLRecord_Filter 

type EACLRecord_Filter struct {

	// Define if Object or Request header will be used
	HeaderType *HeaderType `protobuf:"varint,1,opt,name=header_type,json=headerType,enum=frost.fs.acl.HeaderType" json:"header_type,omitempty"`
	// Match operation type
	MatchType *MatchType `protobuf:"varint,2,opt,name=match_type,json=matchType,enum=frost.fs.acl.MatchType" json:"match_type,omitempty"`
	// Name of the Header to use
	Key *string `protobuf:"bytes,3,opt,name=key" json:"key,omitempty"`
	// Expected Header Value or pattern to match
	Value *string `protobuf:"bytes,4,opt,name=value" json:"value,omitempty"`
	// contains filtered or unexported fields
}

Filter to check particular properties of the request or the object.

By default `key` field refers to the corresponding object's `Attribute`. Some Object's header fields can also be accessed by adding `$Object:` prefix to the name. Here is the list of fields available via this prefix:

  • $Object:version \ version
  • $Object:objectID \ object_id
  • $Object:containerID \ container_id
  • $Object:ownerID \ owner_id
  • $Object:creationEpoch \ creation_epoch
  • $Object:payloadLength \ payload_length
  • $Object:payloadHash \ payload_hash
  • $Object:objectType \ object_type
  • $Object:homomorphicHash \ homomorphic_hash

Please note, that if request or response does not have object's headers of full object (Range, RangeHash, Search, Delete), it will not be possible to filter by object header fields or user attributes. From the well-known list only `$Object:objectID` and `$Object:containerID` will be available, as it's possible to take that information from the requested address.

func (*EACLRecord_Filter) ClearHeaderType 

func (x *EACLRecord_Filter) ClearHeaderType()

func (*EACLRecord_Filter) ClearKey 

func (x *EACLRecord_Filter) ClearKey()

func (*EACLRecord_Filter) ClearMatchType 

func (x *EACLRecord_Filter) ClearMatchType()

func (*EACLRecord_Filter) ClearValue 

func (x *EACLRecord_Filter) ClearValue()

func (*EACLRecord_Filter) GetHeaderType 

func (x *EACLRecord_Filter) GetHeaderType() HeaderType

func (*EACLRecord_Filter) GetKey 

func (x *EACLRecord_Filter) GetKey() string

func (*EACLRecord_Filter) GetMatchType 

func (x *EACLRecord_Filter) GetMatchType() MatchType

func (*EACLRecord_Filter) GetValue 

func (x *EACLRecord_Filter) GetValue() string

func (*EACLRecord_Filter) HasHeaderType 

func (x *EACLRecord_Filter) HasHeaderType() bool

func (*EACLRecord_Filter) HasKey 

func (x *EACLRecord_Filter) HasKey() bool

func (*EACLRecord_Filter) HasMatchType 

func (x *EACLRecord_Filter) HasMatchType() bool

func (*EACLRecord_Filter) HasValue 

func (x *EACLRecord_Filter) HasValue() bool

func (*EACLRecord_Filter) ProtoMessage 

func (*EACLRecord_Filter) ProtoMessage()

func (*EACLRecord_Filter) ProtoReflect 

func (x *EACLRecord_Filter) ProtoReflect() protoreflect.Message

func (*EACLRecord_Filter) Reset 

func (x *EACLRecord_Filter) Reset()

func (*EACLRecord_Filter) SetHeaderType 

func (x *EACLRecord_Filter) SetHeaderType(v HeaderType)

func (*EACLRecord_Filter) SetKey 

func (x *EACLRecord_Filter) SetKey(v string)

func (*EACLRecord_Filter) SetMatchType 

func (x *EACLRecord_Filter) SetMatchType(v MatchType)

func (*EACLRecord_Filter) SetValue 

func (x *EACLRecord_Filter) SetValue(v string)

func (*EACLRecord_Filter) String 

func (x *EACLRecord_Filter) String() string

type EACLRecord_Filter_builder 

type EACLRecord_Filter_builder struct {

	// Define if Object or Request header will be used
	HeaderType *HeaderType
	// Match operation type
	MatchType *MatchType
	// Name of the Header to use
	Key *string
	// Expected Header Value or pattern to match
	Value *string
	// contains filtered or unexported fields
}

func (EACLRecord_Filter_builder) Build 

func (b0 EACLRecord_Filter_builder) Build() *EACLRecord_Filter

type EACLRecord_Target 

type EACLRecord_Target struct {

	// Target subject's role class
	Role *Role `protobuf:"varint,1,opt,name=role,enum=frost.fs.acl.Role" json:"role,omitempty"`
	// List of public keys to identify target subject
	Keys [][]byte `protobuf:"bytes,2,rep,name=keys" json:"keys,omitempty"`
	// contains filtered or unexported fields
}

Target to apply ACL rule. Can be a subject's role class or a list of public keys to match.

func (*EACLRecord_Target) ClearRole 

func (x *EACLRecord_Target) ClearRole()

func (*EACLRecord_Target) GetKeys 

func (x *EACLRecord_Target) GetKeys() [][]byte

func (*EACLRecord_Target) GetRole 

func (x *EACLRecord_Target) GetRole() Role

func (*EACLRecord_Target) HasRole 

func (x *EACLRecord_Target) HasRole() bool

func (*EACLRecord_Target) ProtoMessage 

func (*EACLRecord_Target) ProtoMessage()

func (*EACLRecord_Target) ProtoReflect 

func (x *EACLRecord_Target) ProtoReflect() protoreflect.Message

func (*EACLRecord_Target) Reset 

func (x *EACLRecord_Target) Reset()

func (*EACLRecord_Target) SetKeys 

func (x *EACLRecord_Target) SetKeys(v [][]byte)

func (*EACLRecord_Target) SetRole 

func (x *EACLRecord_Target) SetRole(v Role)

func (*EACLRecord_Target) String 

func (x *EACLRecord_Target) String() string

type EACLRecord_Target_builder 

type EACLRecord_Target_builder struct {

	// Target subject's role class
	Role *Role
	// List of public keys to identify target subject
	Keys [][]byte
	// contains filtered or unexported fields
}

func (EACLRecord_Target_builder) Build 

func (b0 EACLRecord_Target_builder) Build() *EACLRecord_Target

type EACLRecord_builder 

type EACLRecord_builder struct {

	// FrostFS request Verb to match
	Operation *Operation
	// Rule execution result. Either allows or denies access if filters match.
	Action *Action
	// List of filters to match and see if rule is applicable
	Filters []*EACLRecord_Filter
	// List of target subjects to apply ACL rule to
	Targets []*EACLRecord_Target
	// contains filtered or unexported fields
}

func (EACLRecord_builder) Build 

func (b0 EACLRecord_builder) Build() *EACLRecord

type EACLTable 

type EACLTable struct {

	// eACL format version. Effectively, the version of API library used to create
	// eACL Table.
	Version *grpc.Version `protobuf:"bytes,1,opt,name=version" json:"version,omitempty"`
	// Identifier of the container that should use given access control rules
	ContainerId *grpc.ContainerID `protobuf:"bytes,2,opt,name=container_id,json=containerID" json:"container_id,omitempty"`
	// List of Extended ACL rules
	Records []*EACLRecord `protobuf:"bytes,3,rep,name=records" json:"records,omitempty"`
	// contains filtered or unexported fields
}

Extended ACL rules table. A list of ACL rules defined additionally to Basic ACL. Extended ACL rules can be attached to a container and can be updated or may be defined in `BearerToken` structure. Please see the corresponding FrostFS Technical Specification section for detailed description.

func (*EACLTable) ClearContainerId 

func (x *EACLTable) ClearContainerId()

func (*EACLTable) ClearVersion 

func (x *EACLTable) ClearVersion()

func (*EACLTable) GetContainerId 

func (x *EACLTable) GetContainerId() *grpc.ContainerID

func (*EACLTable) GetRecords 

func (x *EACLTable) GetRecords() []*EACLRecord

func (*EACLTable) GetVersion 

func (x *EACLTable) GetVersion() *grpc.Version

func (*EACLTable) HasContainerId 

func (x *EACLTable) HasContainerId() bool

func (*EACLTable) HasVersion 

func (x *EACLTable) HasVersion() bool

func (*EACLTable) ProtoMessage 

func (*EACLTable) ProtoMessage()

func (*EACLTable) ProtoReflect 

func (x *EACLTable) ProtoReflect() protoreflect.Message

func (*EACLTable) Reset 

func (x *EACLTable) Reset()

func (*EACLTable) SetContainerId 

func (x *EACLTable) SetContainerId(v *grpc.ContainerID)

func (*EACLTable) SetRecords 

func (x *EACLTable) SetRecords(v []*EACLRecord)

func (*EACLTable) SetVersion 

func (x *EACLTable) SetVersion(v *grpc.Version)

func (*EACLTable) String 

func (x *EACLTable) String() string

type EACLTable_builder 

type EACLTable_builder struct {

	// eACL format version. Effectively, the version of API library used to create
	// eACL Table.
	Version *grpc.Version
	// Identifier of the container that should use given access control rules
	ContainerId *grpc.ContainerID
	// List of Extended ACL rules
	Records []*EACLRecord
	// contains filtered or unexported fields
}

func (EACLTable_builder) Build 

func (b0 EACLTable_builder) Build() *EACLTable

type HeaderType 

type HeaderType int32

Enumeration of possible sources of Headers to apply filters. 

const (
	// Unspecified header, default value.
	HeaderType_HEADER_UNSPECIFIED HeaderType = 0
	// Filter request headers
	HeaderType_REQUEST HeaderType = 1
	// Filter object headers
	HeaderType_OBJECT HeaderType = 2
	// Filter service headers. These are not processed by FrostFS nodes and
	// exist for service use only.
	HeaderType_SERVICE HeaderType = 3
)

func (HeaderType) Descriptor 

func (HeaderType) Descriptor() protoreflect.EnumDescriptor

func (HeaderType) Enum 

func (x HeaderType) Enum() *HeaderType

func (HeaderType) Number 

func (x HeaderType) Number() protoreflect.EnumNumber

func (HeaderType) String 

func (x HeaderType) String() string

func (HeaderType) Type 

func (HeaderType) Type() protoreflect.EnumType

type MatchType 

type MatchType int32

MatchType is an enumeration of match types. 

const (
	// Unspecified match type, default value.
	MatchType_MATCH_TYPE_UNSPECIFIED MatchType = 0
	// Return true if strings are equal
	MatchType_STRING_EQUAL MatchType = 1
	// Return true if strings are different
	MatchType_STRING_NOT_EQUAL MatchType = 2
)

func (MatchType) Descriptor 

func (MatchType) Descriptor() protoreflect.EnumDescriptor

func (MatchType) Enum 

func (x MatchType) Enum() *MatchType

func (MatchType) Number 

func (x MatchType) Number() protoreflect.EnumNumber

func (MatchType) String 

func (x MatchType) String() string

func (MatchType) Type 

func (MatchType) Type() protoreflect.EnumType

type Operation 

type Operation int32

Request's operation type to match if the rule is applicable to a particular request. 

const (
	// Unspecified operation, default value
	Operation_OPERATION_UNSPECIFIED Operation = 0
	// Get
	Operation_GET Operation = 1
	// Head
	Operation_HEAD Operation = 2
	// Put
	Operation_PUT Operation = 3
	// Delete
	Operation_DELETE Operation = 4
	// Search
	Operation_SEARCH Operation = 5
	// GetRange
	Operation_GETRANGE Operation = 6
	// GetRangeHash
	Operation_GETRANGEHASH Operation = 7
)

func (Operation) Descriptor 

func (Operation) Descriptor() protoreflect.EnumDescriptor

func (Operation) Enum 

func (x Operation) Enum() *Operation

func (Operation) Number 

func (x Operation) Number() protoreflect.EnumNumber

func (Operation) String 

func (x Operation) String() string

func (Operation) Type 

func (Operation) Type() protoreflect.EnumType

type Role 

type Role int32

Target role of the access control rule in access control list. 

const (
	// Unspecified  role, default value
	Role_ROLE_UNSPECIFIED Role = 0
	// User target rule is applied if sender is the owner of the container
	Role_USER Role = 1
	// System target rule is applied if sender is a storage node within the
	// container or an inner ring node
	Role_SYSTEM Role = 2
	// Others target rule is applied if sender is neither a user nor a system
	// target
	Role_OTHERS Role = 3
)

func (Role) Descriptor 

func (Role) Descriptor() protoreflect.EnumDescriptor

func (Role) Enum 

func (x Role) Enum() *Role

func (Role) Number 

func (x Role) Number() protoreflect.EnumNumber

func (Role) String 

func (x Role) String() string

func (Role) Type 

func (Role) Type() protoreflect.EnumType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.