eacl

package
v1.0.0-rc.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2025 License: Apache-2.0 Imports: 16 Imported by: 42

Documentation

Index

Constants

View Source 
const (
	FilterObjectVersion                    = "$Object:version"
	FilterObjectID                         = "$Object:objectID"
	FilterObjectContainerID                = "$Object:containerID"
	FilterObjectOwnerID                    = "$Object:ownerID"
	FilterObjectCreationEpoch              = "$Object:creationEpoch"
	FilterObjectPayloadSize                = "$Object:payloadLength"
	FilterObjectPayloadChecksum            = "$Object:payloadHash"
	FilterObjectType                       = "$Object:objectType"
	FilterObjectPayloadHomomorphicChecksum = "$Object:homomorphicHash"
)

Various keys to object filters.

View Source 
const ActionUnknown = ActionUnspecified

ActionUnknown is an Action value used to mark action as undefined. Deprecated: use ActionUnspecified instead.

View Source 
const HeaderTypeUnknown = HeaderTypeUnspecified

HeaderTypeUnknown is a FilterHeaderType value used to mark header type as undefined. Deprecated: use HeaderTypeUnspecified instead.

View Source 
const MatchUnknown = MatchUnspecified

MatchUnknown is a Match value used to mark matcher as undefined. Deprecated: use MatchUnspecified instead.

View Source 
const OperationUnknown = OperationUnspecified

OperationUnknown is an Operation value used to mark operation as undefined. Deprecated: use OperationUnspecified instead.

View Source 
const RoleUnknown = RoleUnspecified

RoleUnknown is a Role value used to mark role as undefined. Deprecated: use RoleUnspecified instead.

Variables

This section is empty.

Functions

func AddFormedTarget 

func AddFormedTarget(r *Record, role Role, keys ...ecdsa.PublicKey)

AddFormedTarget forms Target with specified Role and list of ECDSA public keys and adds it to the Record. Deprecated: use Record.SetTargets with [TargetByRole] or [TargetByPublicKeys] instead. Note that role and public keys are mutually exclusive.

func AddRecordTarget 

func AddRecordTarget(r *Record, t *Target)

AddRecordTarget adds single Target to the Record. Deprecated: use Record.SetTargets instead.

func EqualTables 

func EqualTables(t1, t2 Table) bool

EqualTables compares Table with each other. Deprecated: compare Table.Marshal instead.

func SetTargetAccounts 

func SetTargetAccounts(t *Target, accs ...util.Uint160)

SetTargetAccounts sets accounts in Target. Deprecated: use NewTargetByScriptHashes instead.

func SetTargetECDSAKeys 

func SetTargetECDSAKeys(t *Target, pubs ...*ecdsa.PublicKey)

SetTargetECDSAKeys converts ECDSA public keys to a binary format and stores them in Target. Deprecated: use NewTargetByAccounts or Target.SetAccounts along with user.NewFromECDSAPublicKey instead.

func TargetECDSAKeys 

func TargetECDSAKeys(t *Target) []*ecdsa.PublicKey

TargetECDSAKeys interprets binary public keys of Target as ECDSA public keys. If any key has a different format, the corresponding element will be nil. Deprecated: use Target.RawSubjects with keys.PublicKey.DecodeBytes instead.

Types

type Action 

type Action int32

Action enumerates actions that may be applied within NeoFS access management. What and how specific Action affects depends on the specific context. 

const (
	ActionUnspecified Action = iota // undefined (zero)
	ActionAllow                     // allow the op
	ActionDeny                      // deny the op
)

func (*Action) DecodeString 

func (a *Action) DecodeString(s string) bool

DecodeString parses Action from a string representation. It is a reverse action to Action.String.

Returns true if s was parsed successfully.

func (Action) EncodeToString deprecated 

func (a Action) EncodeToString() string

EncodeToString returns string representation of Action.

String mapping:

  • ActionAllow: ALLOW;
  • ActionDeny: DENY;
  • ActionUnspecified, default: ACTION_UNSPECIFIED.

Deprecated: use Action.String instead.

func (Action) String 

func (a Action) String() string

String implements fmt.Stringer with the following string mapping:

All other values are base-10 integers.

The mapping is consistent and resilient to lib updates. At the same time, please note that this is not a NeoFS protocol format.

String is reverse to Action.DecodeString.

type Filter 

type Filter struct {
	// contains filtered or unexported fields
}

Filter describes a binary property of an access-controlled NeoFS resource according to meta information about it. The meta information is represented by a set of key-value attributes of various types.

Filter should be created using one of the constructors.

func ConstructFilter 

func ConstructFilter(h FilterHeaderType, k string, m Match, v string) Filter

ConstructFilter constructs new Filter instance.

func NewCustomServiceFilter 

func NewCustomServiceFilter(k string, m Match, v string) Filter

NewCustomServiceFilter constructs new Filter for the custom app-level property.

func NewFilter deprecated 

func NewFilter() *Filter

NewFilter creates, initializes and returns blank Filter instance.

Defaults:

  • header type: HeaderTypeUnspecified;
  • matcher: MatchUnspecified;
  • key: "";
  • value: "".

Deprecated: use ConstructFilter instead.

func NewFilterObjectCreationEpochIs 

func NewFilterObjectCreationEpochIs(m Match, e uint64) Filter

NewFilterObjectCreationEpochIs constructs Filter that limits the access rule to objects with matching creation epoch only.

func NewFilterObjectOwnerEquals 

func NewFilterObjectOwnerEquals(usr user.ID) Filter

NewFilterObjectOwnerEquals constructs Filter that limits the access rule to objects owner by the given user only.

func NewFilterObjectPayloadSizeIs 

func NewFilterObjectPayloadSizeIs(m Match, e uint64) Filter

NewFilterObjectPayloadSizeIs constructs Filter that limits the access rule to objects with matching payload size only.

func NewFilterObjectWithID 

func NewFilterObjectWithID(obj oid.ID) Filter

NewFilterObjectWithID constructs Filter that limits the access rule to the referenced object only.

func NewFilterObjectsFromContainer 

func NewFilterObjectsFromContainer(cnr cid.ID) Filter

NewFilterObjectsFromContainer constructs Filter that limits the access rule to objects from the referenced container only.

func NewObjectPropertyFilter 

func NewObjectPropertyFilter(k string, m Match, v string) Filter

NewObjectPropertyFilter constructs new Filter for the object property.

func NewRequestHeaderFilter 

func NewRequestHeaderFilter(k string, m Match, v string) Filter

NewRequestHeaderFilter constructs new Filter for the request X-header.

func (Filter) CopyTo 

func (f Filter) CopyTo(dst *Filter)

CopyTo writes deep copy of the Filter to dst.

func (Filter) From 

func (f Filter) From() FilterHeaderType

From returns type of access-controlled resource's attribute to match.

func (Filter) Key 

func (f Filter) Key() string

Key returns key to the access-controlled resource's attribute to match.

func (Filter) Marshal 

func (f Filter) Marshal() []byte

Marshal marshals Filter into a protobuf binary form.

func (Filter) MarshalJSON 

func (f Filter) MarshalJSON() ([]byte, error)

MarshalJSON encodes Filter to protobuf JSON format.

func (Filter) Matcher 

func (f Filter) Matcher() Match

Matcher returns operator to match the attribute.

func (*Filter) Unmarshal 

func (f *Filter) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Filter.

func (*Filter) UnmarshalJSON 

func (f *Filter) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Filter from protobuf JSON format.

func (Filter) Value 

func (f Filter) Value() string

Value returns value of the access-controlled resource's attribute to match.

type FilterHeaderType 

type FilterHeaderType int32

FilterHeaderType enumerates the classes of resource attributes processed within NeoFS access management. 

const (
	HeaderTypeUnspecified FilterHeaderType = iota // undefined (zero)
	HeaderFromRequest                             // protocol request X-Header
	HeaderFromObject                              // object attribute
	HeaderFromService                             // custom application-level attribute
)

func (*FilterHeaderType) DecodeString 

func (h *FilterHeaderType) DecodeString(s string) bool

DecodeString parses FilterHeaderType from a string representation. It is a reverse action to FilterHeaderType.String.

Returns true if s was parsed successfully.

func (FilterHeaderType) EncodeToString deprecated 

func (h FilterHeaderType) EncodeToString() string

EncodeToString returns string representation of FilterHeaderType.

String mapping:

  • HeaderFromRequest: REQUEST;
  • HeaderFromObject: OBJECT;
  • HeaderTypeUnspecified, default: HEADER_UNSPECIFIED.

Deprecated: use [HeaderTypeToString] instead.

func (FilterHeaderType) String 

func (h FilterHeaderType) String() string

String implements fmt.Stringer with the following string mapping:

All other values are base-10 integers.

The mapping is consistent and resilient to lib updates. At the same time, please note that this is not a NeoFS protocol format.

String is reverse to FilterHeaderType.DecodeString. 

type Header interface {
	Key() string
	Value() string
}

Header is an interface of string key-value header.

type Match 

type Match int32

Match enumerates operators to check attribute value compliance. What and how specific Match affects depends on the specific context. 

const (
	MatchUnspecified    Match = iota // undefined (zero)
	MatchStringEqual                 // string equality
	MatchStringNotEqual              // string inequality
	MatchNotPresent                  // attribute absence
	MatchNumGT                       // numeric "greater than" operator
	MatchNumGE                       // numeric "greater or equal than" operator
	MatchNumLT                       // is a numeric "less than" operator
	MatchNumLE                       // is a numeric "less or equal than" operator
)

func (*Match) DecodeString 

func (m *Match) DecodeString(s string) bool

DecodeString parses Match from a string representation. It is a reverse action to Match.String.

Returns true if s was parsed successfully.

func (Match) EncodeToString deprecated 

func (m Match) EncodeToString() string

EncodeToString returns string representation of Match.

String mapping:

  • MatchStringEqual: STRING_EQUAL;
  • MatchStringNotEqual: STRING_NOT_EQUAL;
  • MatchNotPresent: NOT_PRESENT;
  • MatchNumGT: NUM_GT;
  • MatchNumGE: NUM_GE;
  • MatchNumLT: NUM_LT;
  • MatchNumLE: NUM_LE;
  • MatchUnspecified, default: MATCH_TYPE_UNSPECIFIED.

Deprecated: use Match.String instead.

func (Match) String 

func (m Match) String() string

String implements fmt.Stringer with the following string mapping:

All other values are base-10 integers.

The mapping is consistent and resilient to lib updates. At the same time, please note that this is not a NeoFS protocol format.

String is reverse to Match.DecodeString.

type Operation 

type Operation int32

Operation enumerates operations on NeoFS resources under access control. 

const (
	OperationUnspecified Operation = iota // undefined (zero)
	OperationGet                          // ObjectService.Get RPC
	OperationHead                         // ObjectService.Head RPC
	OperationPut                          // ObjectService.Put RPC
	OperationDelete                       // ObjectService.Delete RPC
	OperationSearch                       // ObjectService.Search RPC
	OperationRange                        // ObjectService.GetRange RPC
	OperationRangeHash                    // ObjectService.GetRangeHash RPC
)

func (*Operation) DecodeString 

func (o *Operation) DecodeString(s string) bool

DecodeString parses Operation from a string representation. It is a reverse action to Operation.String.

Returns true if s was parsed successfully.

func (Operation) EncodeToString deprecated 

func (o Operation) EncodeToString() string

EncodeToString returns string representation of Operation.

String mapping:

  • OperationGet: GET;
  • OperationHead: HEAD;
  • OperationPut: PUT;
  • OperationDelete: DELETE;
  • OperationSearch: SEARCH;
  • OperationRange: GETRANGE;
  • OperationRangeHash: GETRANGEHASH;
  • OperationUnspecified, default: OPERATION_UNSPECIFIED.

Deprecated: use Operation.String instead.

func (Operation) String 

func (o Operation) String() string

String implements fmt.Stringer with the following string mapping:

All other values are base-10 integers.

The mapping is consistent and resilient to lib updates. At the same time, please note that this is not a NeoFS protocol format.

String is reverse to Operation.DecodeString.

type Record 

type Record struct {
	// contains filtered or unexported fields
}

Record represents an access rule operating in NeoFS access management. The rule is applied when some party requests access to a certain NeoFS resource.

Record should be created using one of the constructors.

func ConstructRecord 

func ConstructRecord(a Action, op Operation, ts []Target, fs ...Filter) Record

ConstructRecord constructs new Record representing access rule regulating action in relation to specified target subjects when they perform the given operation. Optional filters allow to limit the effect of a rule on specific resources.

func CreateRecord 

func CreateRecord(action Action, operation Operation) *Record

CreateRecord creates, initializes with parameters and returns Record instance. Deprecated: use ConstructRecord instead.

func NewRecord deprecated 

func NewRecord() *Record

NewRecord creates and returns blank Record instance.

Defaults:

  • action: ActionUnspecified;
  • operation: OperationUnspecified;
  • targets: nil,
  • filters: nil.

Deprecated: use ConstructRecord instead.

func (Record) Action 

func (r Record) Action() Action

Action returns action on the target subject when the access rule matches.

func (*Record) AddFilter 

func (r *Record) AddFilter(from FilterHeaderType, matcher Match, name, value string)

AddFilter adds generic filter.

If matcher is MatchNotPresent, the value must be empty. If matcher is numeric (e.g. MatchNumGT), value must be a base-10 integer. Deprecated: use ConstructRecord with ConstructFilter instead.

func (*Record) AddObjectAttributeFilter 

func (r *Record) AddObjectAttributeFilter(m Match, key, value string)

AddObjectAttributeFilter adds filter by object attribute.

If m is MatchNotPresent, the value must be empty. If matcher is numeric (e.g. MatchNumGT), value must be a base-10 integer. Deprecated: use ConstructRecord with NewObjectPropertyFilter instead.

func (*Record) AddObjectContainerIDFilter 

func (r *Record) AddObjectContainerIDFilter(m Match, id cid.ID)

AddObjectContainerIDFilter adds filter by object container ID.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter or NewFilterObjectsFromContainer instead.

func (*Record) AddObjectCreationEpoch 

func (r *Record) AddObjectCreationEpoch(m Match, epoch uint64)

AddObjectCreationEpoch adds filter by object creation epoch.

The m must not be MatchNotPresent. Deprecated: use ConstructRecord with NewFilterObjectCreationEpochIs instead.

func (*Record) AddObjectHomomorphicHashFilter 

func (r *Record) AddObjectHomomorphicHashFilter(m Match, h checksum.Checksum)

AddObjectHomomorphicHashFilter adds filter by object payload homomorphic hash value.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter instead.

func (*Record) AddObjectIDFilter 

func (r *Record) AddObjectIDFilter(m Match, id oid.ID)

AddObjectIDFilter adds filter by object ID.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter or NewFilterObjectWithID instead.

func (*Record) AddObjectOwnerIDFilter 

func (r *Record) AddObjectOwnerIDFilter(m Match, id *user.ID)

AddObjectOwnerIDFilter adds filter by object owner ID.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter or NewFilterObjectOwnerEquals instead.

func (*Record) AddObjectPayloadHashFilter 

func (r *Record) AddObjectPayloadHashFilter(m Match, h checksum.Checksum)

AddObjectPayloadHashFilter adds filter by object payload hash value.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter instead.

func (*Record) AddObjectPayloadLengthFilter 

func (r *Record) AddObjectPayloadLengthFilter(m Match, size uint64)

AddObjectPayloadLengthFilter adds filter by object payload length.

The m must not be MatchNotPresent. Deprecated: use ConstructRecord with NewFilterObjectPayloadSizeIs instead.

func (*Record) AddObjectTypeFilter 

func (r *Record) AddObjectTypeFilter(m Match, t object.Type)

AddObjectTypeFilter adds filter by object type.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter instead.

func (*Record) AddObjectVersionFilter 

func (r *Record) AddObjectVersionFilter(m Match, v *version.Version)

AddObjectVersionFilter adds filter by object version.

The m must not be MatchNotPresent or numeric (e.g. MatchNumGT). Deprecated: use ConstructRecord with NewObjectPropertyFilter instead.

func (Record) CopyTo 

func (r Record) CopyTo(dst *Record)

CopyTo writes deep copy of the Record to dst.

func (Record) Filters 

func (r Record) Filters() []Filter

Filters returns list of filters to match the requested resource to this access rule. Absence of filters means that Record is applicable to any resource.

The value returned shares memory with the structure itself, so changing it can lead to data corruption. Make a copy if you need to change it.

func (Record) Marshal 

func (r Record) Marshal() []byte

Marshal marshals Record into a protobuf binary form.

func (Record) MarshalJSON 

func (r Record) MarshalJSON() ([]byte, error)

MarshalJSON encodes Record to protobuf JSON format.

func (Record) Operation 

func (r Record) Operation() Operation

Operation returns operation executed by the subject to match.

func (*Record) SetAction 

func (r *Record) SetAction(action Action)

SetAction sets action on the target subject when the access rule matches.

func (*Record) SetFilters 

func (r *Record) SetFilters(fs []Filter)

SetFilters returns list of filters to match the requested resource to this access rule. Empty list applies the Record to all resources.

func (*Record) SetOperation 

func (r *Record) SetOperation(operation Operation)

SetOperation sets operation executed by the subject to match.

func (*Record) SetTargets 

func (r *Record) SetTargets(targets ...Target)

SetTargets sets list of target subjects to which this access rule matches.

func (Record) Targets 

func (r Record) Targets() []Target

Targets returns list of target subjects to which this access rule matches.

The value returned shares memory with the structure itself, so changing it can lead to data corruption. Make a copy if you need to change it.

func (*Record) Unmarshal 

func (r *Record) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Record.

func (*Record) UnmarshalJSON 

func (r *Record) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Record from protobuf JSON format.

type Role 

type Role int32

Role enumerates groups of subjects requesting access to NeoFS resources. 

const (
	RoleUnspecified Role = iota // undefined (zero)
	RoleUser                    // owner of the container requesting its objects
	RoleSystem                  // Deprecated: NeoFS storage and Inner Ring nodes
	RoleOthers                  // any other party
)

func (*Role) DecodeString 

func (r *Role) DecodeString(s string) bool

DecodeString parses Role from a string representation. It is a reverse action to Role.String.

Returns true if s was parsed successfully.

func (Role) EncodeToString deprecated 

func (r Role) EncodeToString() string

EncodeToString returns string representation of Role.

String mapping:

  • RoleUser: USER;
  • RoleSystem: SYSTEM;
  • RoleOthers: OTHERS;
  • RoleUnspecified, default: ROLE_UNKNOWN.

Deprecated: use Role.String instead.

func (Role) String 

func (r Role) String() string

String implements fmt.Stringer with the following string mapping:

All other values are base-10 integers.

The mapping is consistent and resilient to lib updates. At the same time, please note that this is not a NeoFS protocol format.

String is reverse to Role.DecodeString.

type Table 

type Table struct {
	// contains filtered or unexported fields
}

Table is a group of ContainerEACL records for single container.

Table is compatible with v2 protoacl.EACLTable message.

Table should be created using one of the constructors.

func ConstructTable 

func ConstructTable(rs []Record) Table

ConstructTable constructs new Table with given records. Use NewTableForContainer to limit the NeoFS container. The rs must not be empty.

func CreateTable 

func CreateTable(cid cid.ID) *Table

CreateTable creates, initializes with parameters and returns Table instance. Deprecated: use NewTableForContainer instead.

func NewTable deprecated 

func NewTable() *Table

NewTable creates, initializes and returns blank Table instance.

Defaults:

  • version: version.Current();
  • container ID: nil;
  • records: nil.

Deprecated: use ConstructTable instead.

func NewTableForContainer 

func NewTableForContainer(cnr cid.ID, rs []Record) Table

NewTableForContainer constructs new Table with given records which apply only to the specified NeoFS container. The rs must not be empty.

func Unmarshal 

func Unmarshal(b []byte) (Table, error)

Unmarshal creates new Table and makes Table.Unmarshal.

func UnmarshalJSON 

func UnmarshalJSON(b []byte) (Table, error)

UnmarshalJSON creates new Table and makes Table.UnmarshalJSON.

func (*Table) AddRecord 

func (t *Table) AddRecord(r *Record)

AddRecord adds single eACL rule. Deprecated: use Table.SetRecords instead.

func (Table) CID 

func (t Table) CID() (cid.ID, bool)

CID returns identifier of the container that should use given access control rules. Deprecated: use Table.GetCID instead.

func (Table) CopyTo 

func (t Table) CopyTo(dst *Table)

CopyTo writes deep copy of the Table to dst.

func (*Table) FromProtoMessage 

func (t *Table) FromProtoMessage(m *protoacl.EACLTable) error

FromProtoMessage validates m according to the NeoFS API protocol and restores t from it.

See also Table.ProtoMessage.

func (Table) GetCID 

func (t Table) GetCID() cid.ID

GetCID returns identifier of the NeoFS container to which the eACL scope is limited. Zero return means the eACL may be applied to any container.

func (Table) IsZero 

func (t Table) IsZero() bool

IsZero checks whether all fields of the table are zero/empty. The property can be used as a marker of unset eACL.

func (Table) Marshal 

func (t Table) Marshal() []byte

Marshal marshals Table into a protobuf binary form.

func (Table) MarshalJSON 

func (t Table) MarshalJSON() ([]byte, error)

MarshalJSON encodes Table to protobuf JSON format.

func (Table) ProtoMessage 

func (t Table) ProtoMessage() *protoacl.EACLTable

ProtoMessage converts t into message to transmit using the NeoFS API protocol.

See also Table.FromProtoMessage.

func (Table) Records 

func (t Table) Records() []Record

Records returns list of extended ACL rules.

The value returned shares memory with the structure itself, so changing it can lead to data corruption. Make a copy if you need to change it.

func (*Table) SetCID 

func (t *Table) SetCID(cid cid.ID)

SetCID limits scope of the eACL to a referenced container. By default, if ID is zero, the eACL is applicable to any container.

func (*Table) SetRecords 

func (t *Table) SetRecords(rs []Record)

SetRecords sets list of extended ACL rules.

The value returned shares memory with the structure itself, so changing it can lead to data corruption. Make a copy if you need to change it.

func (*Table) SetVersion 

func (t *Table) SetVersion(version version.Version)

SetVersion sets version of eACL format.

func (Table) SignedData 

func (t Table) SignedData() []byte

SignedData returns actual payload to sign.

See also [client.Client.ContainerSetEACL].

func (*Table) Unmarshal 

func (t *Table) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Table. Use Unmarshal to decode data into a new Table.

func (*Table) UnmarshalJSON 

func (t *Table) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Table from protobuf JSON format. Use UnmarshalJSON to decode data into a new Table.

func (Table) Version 

func (t Table) Version() version.Version

Version returns version of eACL format.

type Target 

type Target struct {
	// contains filtered or unexported fields
}

Target describes the NeoFS parties that are subject to a specific access rule.

Target should be created using one of the constructors.

func NewTarget deprecated 

func NewTarget() *Target

NewTarget creates, initializes and returns blank Target instance.

Defaults:

  • role: RoleUnspecified;
  • keys: nil.

Deprecated: use NewTargetByRole or [TargetByPublicKeys] instead.

func NewTargetByAccounts 

func NewTargetByAccounts(accs []user.ID) Target

NewTargetByAccounts returns Target for specified set of NeoFS accounts. Use NewTargetByAccounts in Record to direct access rule to the given subjects in NeoFS.

func NewTargetByRole 

func NewTargetByRole(role Role) Target

NewTargetByRole returns Target for specified role. Use NewTargetByRole in Record to direct it to subjects with the given role in NeoFS.

func NewTargetByScriptHashes 

func NewTargetByScriptHashes(hs []util.Uint160) Target

NewTargetByScriptHashes is an alternative to NewTargetByAccounts which allows to pass accounts as their script hashes.

func (Target) Accounts 

func (t Target) Accounts() []user.ID

Accounts returns list of accounts to identify target subject.

Use `user := user.ID(slice)` to decode it into a type-specific structure.

func (*Target) BinaryKeys 

func (t *Target) BinaryKeys() [][]byte

BinaryKeys returns list of public keys to identify target subject in a binary format.

Each element of the resulting slice is a serialized compressed public key. See [elliptic.MarshalCompressed]. Use [neofsecdsa.PublicKey.Decode] to decode it into a type-specific structure.

The value returned shares memory with the structure itself, so changing it can lead to data corruption. Make a copy if you need to change it. Deprecated: use Target.Accounts instead.

func (Target) CopyTo 

func (t Target) CopyTo(dst *Target)

CopyTo writes deep copy of the Target to dst.

func (Target) Marshal 

func (t Target) Marshal() []byte

Marshal marshals Target into a protobuf binary form.

func (Target) MarshalJSON 

func (t Target) MarshalJSON() ([]byte, error)

MarshalJSON encodes Target to protobuf JSON format.

func (Target) RawSubjects 

func (t Target) RawSubjects() [][]byte

RawSubjects returns list of public keys or user.ID to identify target subject in a binary format.

If element length is 33, it is a serialized compressed public key. See [elliptic.MarshalCompressed], keys.PublicKey.GetScriptHash. If element length is 25, it is a user.ID. Use `id := user.ID(element)`.

Using this method is your responsibility.

func (Target) Role 

func (t Target) Role() Role

Role returns target subject's role class.

func (*Target) SetAccounts 

func (t *Target) SetAccounts(accounts []user.ID)

SetAccounts sets list of accounts to identify target subject.

func (*Target) SetBinaryKeys 

func (t *Target) SetBinaryKeys(keys [][]byte)

SetBinaryKeys sets list of binary public keys to identify target subject.

Each element of the keys parameter is a slice of bytes is a serialized compressed public key. See [elliptic.MarshalCompressed]. Deprecated: use Target.SetAccounts instead.

func (*Target) SetRawSubjects 

func (t *Target) SetRawSubjects(subjs [][]byte)

SetRawSubjects sets target subjects in a binary format. Each element must be either 25-byte NeoFS user ID (see user.ID) or 33-byte compressed ECDSA public key. Use constructors to work with particular types. SetRawSubjects should only be used if you do not want to decode the data and take responsibility for its correctness.

func (*Target) SetRole 

func (t *Target) SetRole(r Role)

SetRole sets target subject's role class.

func (*Target) Unmarshal 

func (t *Target) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Target.

func (*Target) UnmarshalJSON 

func (t *Target) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Target from protobuf JSON format.

type TypedHeaderSource 

type TypedHeaderSource interface {
	// HeadersOfType returns the list of key-value headers
	// of particular type.
	//
	// It returns any problem encountered through the boolean
	// false value.
	HeadersOfType(FilterHeaderType) ([]Header, bool)
}

TypedHeaderSource is the interface that wraps method for selecting typed headers by type.

type ValidationUnit 

type ValidationUnit struct {
	// contains filtered or unexported fields
}

ValidationUnit represents unit of check for Validator.

func (*ValidationUnit) WithAccount 

func (u *ValidationUnit) WithAccount(v user.ID) *ValidationUnit

WithAccount configures ValidationUnit to use as sender's user.ID.

func (*ValidationUnit) WithContainerID 

func (u *ValidationUnit) WithContainerID(v *cid.ID) *ValidationUnit

WithContainerID configures ValidationUnit to use v as request's container ID. ID value must not be zero.

func (*ValidationUnit) WithEACLTable 

func (u *ValidationUnit) WithEACLTable(table *Table) *ValidationUnit

WithEACLTable configures ValidationUnit to use v as request's bearer token.

func (*ValidationUnit) WithHeaderSource 

func (u *ValidationUnit) WithHeaderSource(v TypedHeaderSource) *ValidationUnit

WithHeaderSource configures ValidationUnit to use v as a source of headers.

func (*ValidationUnit) WithOperation 

func (u *ValidationUnit) WithOperation(v Operation) *ValidationUnit

WithOperation configures ValidationUnit to use v as request's operation.

func (*ValidationUnit) WithRole 

func (u *ValidationUnit) WithRole(v Role) *ValidationUnit

WithRole configures ValidationUnit to use v as request's role.

func (*ValidationUnit) WithSenderKey 

func (u *ValidationUnit) WithSenderKey(v []byte) *ValidationUnit

WithSenderKey configures ValidationUnit to use as sender's public key.

Parameter v is a serialized compressed public key. See [elliptic.MarshalCompressed].

type Validator 

type Validator struct {
}

Validator is a tool that calculates the action on a request according to the extended ACL rule table.

func NewValidator 

func NewValidator() *Validator

NewValidator creates and initializes a new Validator using options.

func (*Validator) CalculateAction 

func (v *Validator) CalculateAction(unit *ValidationUnit) (Action, bool)

CalculateAction calculates action on the request according to its information represented in ValidationUnit.

The action is calculated according to the application of eACL table of rules to the request.

Second return value is true iff the action was produced by a matching entry.

If no matching table entry is found or some filters are missing, ActionAllow is returned and the second return value is false.

Note that if some rule imposes requirements on the format of values (like numeric), but they do not comply with it - such a rule does not match.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.