Documentation ¶
Index ¶
- func AddFormedTarget(r *Record, role Role, keys ...ecdsa.PublicKey)
- func AddRecordTarget(r *Record, t *Target)
- func SetTargetECDSAKeys(t *Target, keys ...*ecdsa.PublicKey)
- func TargetECDSAKeys(t *Target) []*ecdsa.PublicKey
- type Action
- type Filter
- func (f Filter) From() FilterHeaderType
- func (f Filter) Key() string
- func (f *Filter) Marshal(b ...[]byte) ([]byte, error)
- func (f *Filter) MarshalJSON() ([]byte, error)
- func (f Filter) Matcher() Match
- func (f *Filter) ToV2() *v2acl.HeaderFilter
- func (f *Filter) Unmarshal(data []byte) error
- func (f *Filter) UnmarshalJSON(data []byte) error
- func (f Filter) Value() string
- type FilterHeaderType
- type Match
- type Operation
- type Record
- func (r Record) Action() Action
- func (r *Record) AddFilter(from FilterHeaderType, matcher Match, name, value string)
- func (r *Record) AddObjectAttributeFilter(m Match, key, value string)
- func (r *Record) AddObjectContainerIDFilter(m Match, id *container.ID)
- func (r *Record) AddObjectOwnerIDFilter(m Match, id *owner.ID)
- func (r *Record) AddObjectVersionFilter(m Match, v *pkg.Version)
- func (r *Record) AddTarget(role Role, keys ...ecdsa.PublicKey)deprecated
- func (r Record) Filters() []*Filter
- func (r *Record) Marshal(b ...[]byte) ([]byte, error)
- func (r *Record) MarshalJSON() ([]byte, error)
- func (r Record) Operation() Operation
- func (r *Record) SetAction(action Action)
- func (r *Record) SetOperation(operation Operation)
- func (r *Record) SetTargets(targets ...*Target)
- func (r Record) Targets() []*Target
- func (r *Record) ToV2() *v2acl.Record
- func (r *Record) Unmarshal(data []byte) error
- func (r *Record) UnmarshalJSON(data []byte) error
- type Role
- type Table
- func (t *Table) AddRecord(r *Record)
- func (t Table) CID() *container.ID
- func (t *Table) Marshal(b ...[]byte) ([]byte, error)
- func (t *Table) MarshalJSON() ([]byte, error)
- func (t Table) Records() []*Record
- func (t *Table) SetCID(cid *container.ID)
- func (t *Table) SetVersion(version pkg.Version)
- func (t *Table) ToV2() *v2acl.Table
- func (t *Table) Unmarshal(data []byte) error
- func (t *Table) UnmarshalJSON(data []byte) error
- func (t Table) Version() pkg.Version
- type Target
- func (t *Target) BinaryKeys() [][]byte
- func (t *Target) Keys() []ecdsa.PublicKeydeprecated
- func (t *Target) Marshal(b ...[]byte) ([]byte, error)
- func (t *Target) MarshalJSON() ([]byte, error)
- func (t Target) Role() Role
- func (t *Target) SetBinaryKeys(keys [][]byte)
- func (t *Target) SetKeys(keys ...ecdsa.PublicKey)deprecated
- func (t *Target) SetRole(r Role)
- func (t *Target) ToV2() *v2acl.Target
- func (t *Target) Unmarshal(data []byte) error
- func (t *Target) UnmarshalJSON(data []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddFormedTarget ¶ added in v1.21.0
AddFormedTarget forms Target with specified Role and list of ECDSA public keys and adds it to the Record.
func AddRecordTarget ¶ added in v1.21.0
AddRecordTarget adds single Target to the Record.
func SetTargetECDSAKeys ¶ added in v1.21.0
SetTargetECDSAKeys converts ECDSA public keys to a binary format and stores them in Target.
func TargetECDSAKeys ¶ added in v1.21.0
TargetECDSAKeys interprets binary public keys of Target as ECDSA public keys. If any key has a different format, the corresponding element will be nil.
Types ¶
type Action ¶
type Action uint32
Action taken if EACL record matched request. Action is compatible with v2 acl.Action enum.
func ActionFromV2 ¶
ActionFromV2 converts v2 Action enum value to Action.
type Filter ¶
type Filter struct {
// contains filtered or unexported fields
}
Filter defines check conditions if request header is matched or not. Matched header means that request should be processed according to EACL action.
Filter is compatible with v2 acl.EACLRecord.Filter message.
func NewFilter ¶
func NewFilter() *Filter
NewFilter creates, initializes and returns blank Filter instance.
func NewFilterFromV2 ¶
func NewFilterFromV2(filter *v2acl.HeaderFilter) *Filter
NewFilterFromV2 converts v2 acl.EACLRecord.Filter message to Filter.
func (Filter) From ¶
func (f Filter) From() FilterHeaderType
From returns FilterHeaderType that defined which header will be filtered.
func (*Filter) Marshal ¶
Marshal marshals Filter into a protobuf binary form.
Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.
func (*Filter) MarshalJSON ¶
MarshalJSON encodes Filter to protobuf JSON format.
func (*Filter) ToV2 ¶
func (f *Filter) ToV2() *v2acl.HeaderFilter
ToV2 converts Filter to v2 acl.EACLRecord.Filter message.
func (*Filter) UnmarshalJSON ¶
UnmarshalJSON decodes Filter from protobuf JSON format.
type FilterHeaderType ¶
type FilterHeaderType uint32
FilterHeaderType indicates source of headers to make matches. FilterHeaderType is compatible with v2 acl.HeaderType enum.
const ( // HeaderTypeUnknown is a FilterHeaderType value used to mark header type as undefined. HeaderTypeUnknown FilterHeaderType = iota // HeaderFromRequest is a FilterHeaderType for request X-Header. HeaderFromRequest // HeaderFromObject is a FilterHeaderType for object header. HeaderFromObject )
func FilterHeaderTypeFromV2 ¶
func FilterHeaderTypeFromV2(header v2acl.HeaderType) (h FilterHeaderType)
FilterHeaderTypeFromV2 converts v2 HeaderType enum value to FilterHeaderType.
func (FilterHeaderType) ToV2 ¶
func (h FilterHeaderType) ToV2() v2acl.HeaderType
ToV2 converts FilterHeaderType to v2 HeaderType enum value.
type Match ¶
type Match uint32
Match is binary operation on filer name and value to check if request is matched. Match is compatible with v2 acl.MatchType enum.
func MatchFromV2 ¶
MatchFromV2 converts v2 MatchType enum value to Match.
type Operation ¶
type Operation uint32
Operation is a object service method to match request. Operation is compatible with v2 acl.Operation enum.
const ( // OperationUnknown is an Operation value used to mark operation as undefined. OperationUnknown Operation = iota // OperationGet is an object get Operation. OperationGet // OperationHead is an Operation of getting the object header. OperationHead // OperationPut is an object put Operation. OperationPut // OperationDelete is an object delete Operation. OperationDelete // OperationSearch is an object search Operation. OperationSearch // OperationRange is an object payload range retrieval Operation. OperationRange // OperationRangeHash is an object payload range hashing Operation. OperationRangeHash )
func OperationFromV2 ¶
OperationFromV2 converts v2 Operation enum value to Operation.
type Record ¶
type Record struct {
// contains filtered or unexported fields
}
Record of the EACL rule, that defines EACL action, targets for this action, object service operation and filters for request headers.
Record is compatible with v2 acl.EACLRecord message.
func CreateRecord ¶
CreateRecord creates, initializes with parameters and returns Record instance.
func NewRecordFromV2 ¶
NewRecordFromV2 converts v2 acl.EACLRecord message to Record.
func (*Record) AddFilter ¶
func (r *Record) AddFilter(from FilterHeaderType, matcher Match, name, value string)
AddFilter adds generic filter.
func (*Record) AddObjectAttributeFilter ¶
AddObjectAttributeFilter adds filter by object attribute.
func (*Record) AddObjectContainerIDFilter ¶
AddObjectContainerIDFilter adds filter by object container ID.
func (*Record) AddObjectOwnerIDFilter ¶
AddObjectOwnerIDFilter adds filter by object owner ID.
func (*Record) AddObjectVersionFilter ¶
AddObjectVersionFilter adds filter by object version.
func (*Record) Marshal ¶
Marshal marshals Record into a protobuf binary form.
Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.
func (*Record) MarshalJSON ¶
MarshalJSON encodes Record to protobuf JSON format.
func (*Record) SetOperation ¶
SetOperation sets NeoFS request verb to match.
func (*Record) SetTargets ¶ added in v1.21.0
SetTargets sets list of target subjects to apply ACL rule to.
func (*Record) UnmarshalJSON ¶
UnmarshalJSON decodes Record from protobuf JSON format.
type Role ¶
type Role uint32
Role is a group of request senders to match request. Role is compatible with v2 acl.Role enum.
const ( // RoleUnknown is a Role value used to mark role as undefined. RoleUnknown Role = iota // RoleUser is a group of senders that contains only key of container owner. RoleUser // RoleSystem is a group of senders that contains keys of container nodes and // inner ring nodes. RoleSystem // RoleOthers is a group of senders that contains none of above keys. RoleOthers )
func RoleFromV2 ¶
RoleFromV2 converts v2 Role enum value to Role.
type Table ¶
type Table struct {
// contains filtered or unexported fields
}
Table is a group of EACL records for single container.
Table is compatible with v2 acl.EACLTable message.
func CreateTable ¶
CreateTable creates, initializes with parameters and returns Table instance.
func NewTable ¶
func NewTable() *Table
NewTable creates, initializes and returns blank Table instance.
func NewTableFromV2 ¶
NewTableFromV2 converts v2 acl.EACLTable message to Table.
func (Table) CID ¶
CID returns identifier of the container that should use given access control rules.
func (*Table) Marshal ¶
Marshal marshals Table into a protobuf binary form.
Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.
func (*Table) MarshalJSON ¶
MarshalJSON encodes Table to protobuf JSON format.
func (*Table) SetCID ¶
SetCID sets identifier of the container that should use given access control rules.
func (*Table) SetVersion ¶
SetVersion sets version of eACL format.
func (*Table) UnmarshalJSON ¶
UnmarshalJSON decodes Table from protobuf JSON format.
type Target ¶
type Target struct {
// contains filtered or unexported fields
}
Target is a group of request senders to match EACL. Defined by role enum and set of public keys.
Target is compatible with v2 acl.EACLRecord.Target message.
func NewTarget ¶
func NewTarget() *Target
NewTarget creates, initializes and returns blank Target instance.
func NewTargetFromV2 ¶
NewTargetFromV2 converts v2 acl.EACLRecord.Target message to Target.
func (*Target) BinaryKeys ¶ added in v1.21.0
BinaryKeys returns list of public keys to identify target subject in a binary format.
func (*Target) Marshal ¶
Marshal marshals Target into a protobuf binary form.
Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.
func (*Target) MarshalJSON ¶
MarshalJSON encodes Target to protobuf JSON format.
func (*Target) SetBinaryKeys ¶ added in v1.21.0
SetBinaryKeys sets list of binary public keys to identify target subject.
func (*Target) UnmarshalJSON ¶
UnmarshalJSON decodes Target from protobuf JSON format.