eacl

package
v1.28.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2021 License: Apache-2.0 Imports: 9 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddFormedTarget added in v1.21.0 

func AddFormedTarget(r *Record, role Role, keys ...ecdsa.PublicKey)

AddFormedTarget forms Target with specified Role and list of ECDSA public keys and adds it to the Record.

func AddRecordTarget added in v1.21.0 

func AddRecordTarget(r *Record, t *Target)

AddRecordTarget adds single Target to the Record.

func SetTargetECDSAKeys added in v1.21.0 

func SetTargetECDSAKeys(t *Target, keys ...*ecdsa.PublicKey)

SetTargetECDSAKeys converts ECDSA public keys to a binary format and stores them in Target.

func TargetECDSAKeys added in v1.21.0 

func TargetECDSAKeys(t *Target) []*ecdsa.PublicKey

TargetECDSAKeys interprets binary public keys of Target as ECDSA public keys. If any key has a different format, the corresponding element will be nil.

Types

type Action 

type Action uint32

Action taken if EACL record matched request. Action is compatible with v2 acl.Action enum. 

const (
	// ActionUnknown is an Action value used to mark action as undefined.
	ActionUnknown Action = iota

	// ActionAllow is an Action value that allows access to the operation from context.
	ActionAllow

	// ActionDeny is an Action value that denies access to the operation from context.
	ActionDeny
)

func ActionFromV2 

func ActionFromV2(action v2acl.Action) (a Action)

ActionFromV2 converts v2 Action enum value to Action.

func (*Action) FromString added in v1.28.0 

func (a *Action) FromString(s string) bool

FromString parses Action from a string representation. It is a reverse action to String().

Returns true if s was parsed successfully.

func (Action) String added in v1.28.0 

func (a Action) String() string

String returns string representation of Action.

String mapping:

  • ActionAllow: ALLOW;
  • ActionDeny: DENY;
  • ActionUnknown, default: ACTION_UNSPECIFIED.

func (Action) ToV2 

func (a Action) ToV2() v2acl.Action

ToV2 converts Action to v2 Action enum value.

type Filter 

type Filter struct {
	// contains filtered or unexported fields
}

Filter defines check conditions if request header is matched or not. Matched header means that request should be processed according to EACL action.

Filter is compatible with v2 acl.EACLRecord.Filter message.

func NewFilter 

func NewFilter() *Filter

NewFilter creates, initializes and returns blank Filter instance.

Defaults:

  • header type: HeaderTypeUnknown;
  • matcher: MatchUnknown;
  • key: "";
  • value: "".

func NewFilterFromV2 

func NewFilterFromV2(filter *v2acl.HeaderFilter) *Filter

NewFilterFromV2 converts v2 acl.EACLRecord.Filter message to Filter.

func (Filter) From 

func (f Filter) From() FilterHeaderType

From returns FilterHeaderType that defined which header will be filtered.

func (Filter) Key 

func (f Filter) Key() string

Key returns key to the filtered header.

func (*Filter) Marshal 

func (f *Filter) Marshal(b ...[]byte) ([]byte, error)

Marshal marshals Filter into a protobuf binary form.

Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.

func (*Filter) MarshalJSON 

func (f *Filter) MarshalJSON() ([]byte, error)

MarshalJSON encodes Filter to protobuf JSON format.

func (Filter) Matcher 

func (f Filter) Matcher() Match

Matcher returns filter Match type.

func (*Filter) ToV2 

func (f *Filter) ToV2() *v2acl.HeaderFilter

ToV2 converts Filter to v2 acl.EACLRecord.Filter message.

Nil Filter converts to nil.

func (*Filter) Unmarshal 

func (f *Filter) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Filter.

func (*Filter) UnmarshalJSON 

func (f *Filter) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Filter from protobuf JSON format.

func (Filter) Value 

func (f Filter) Value() string

Value returns filtered string value.

type FilterHeaderType 

type FilterHeaderType uint32

FilterHeaderType indicates source of headers to make matches. FilterHeaderType is compatible with v2 acl.HeaderType enum. 

const (
	// HeaderTypeUnknown is a FilterHeaderType value used to mark header type as undefined.
	HeaderTypeUnknown FilterHeaderType = iota

	// HeaderFromRequest is a FilterHeaderType for request X-Header.
	HeaderFromRequest

	// HeaderFromObject is a FilterHeaderType for object header.
	HeaderFromObject
)

func FilterHeaderTypeFromV2 

func FilterHeaderTypeFromV2(header v2acl.HeaderType) (h FilterHeaderType)

FilterHeaderTypeFromV2 converts v2 HeaderType enum value to FilterHeaderType.

func (*FilterHeaderType) FromString added in v1.28.0 

func (h *FilterHeaderType) FromString(s string) bool

FromString parses FilterHeaderType from a string representation. It is a reverse action to String().

Returns true if s was parsed successfully.

func (FilterHeaderType) String added in v1.28.0 

func (h FilterHeaderType) String() string

String returns string representation of FilterHeaderType.

String mapping:

  • HeaderFromRequest: REQUEST;
  • HeaderFromObject: OBJECT;
  • HeaderTypeUnknown, default: HEADER_UNSPECIFIED.

func (FilterHeaderType) ToV2 

func (h FilterHeaderType) ToV2() v2acl.HeaderType

ToV2 converts FilterHeaderType to v2 HeaderType enum value.

type Match 

type Match uint32

Match is binary operation on filer name and value to check if request is matched. Match is compatible with v2 acl.MatchType enum. 

const (
	// MatchUnknown is a Match value used to mark matcher as undefined.
	MatchUnknown Match = iota

	// MatchStringEqual is a Match of string equality.
	MatchStringEqual

	// MatchStringNotEqual is a Match of string inequality.
	MatchStringNotEqual
)

func MatchFromV2 

func MatchFromV2(match v2acl.MatchType) (m Match)

MatchFromV2 converts v2 MatchType enum value to Match.

func (*Match) FromString added in v1.28.0 

func (m *Match) FromString(s string) bool

FromString parses Match from a string representation. It is a reverse action to String().

Returns true if s was parsed successfully.

func (Match) String added in v1.28.0 

func (m Match) String() string

String returns string representation of Match.

String mapping:

  • MatchStringEqual: STRING_EQUAL;
  • MatchStringNotEqual: STRING_NOT_EQUAL;
  • MatchUnknown, default: MATCH_TYPE_UNSPECIFIED.

func (Match) ToV2 

func (m Match) ToV2() v2acl.MatchType

ToV2 converts Match to v2 MatchType enum value.

type Operation 

type Operation uint32

Operation is a object service method to match request. Operation is compatible with v2 acl.Operation enum. 

const (
	// OperationUnknown is an Operation value used to mark operation as undefined.
	OperationUnknown Operation = iota

	// OperationGet is an object get Operation.
	OperationGet

	// OperationHead is an Operation of getting the object header.
	OperationHead

	// OperationPut is an object put Operation.
	OperationPut

	// OperationDelete is an object delete Operation.
	OperationDelete

	// OperationSearch is an object search Operation.
	OperationSearch

	// OperationRange is an object payload range retrieval Operation.
	OperationRange

	// OperationRangeHash is an object payload range hashing Operation.
	OperationRangeHash
)

func OperationFromV2 

func OperationFromV2(operation v2acl.Operation) (o Operation)

OperationFromV2 converts v2 Operation enum value to Operation.

func (*Operation) FromString added in v1.28.0 

func (o *Operation) FromString(s string) bool

FromString parses Operation from a string representation. It is a reverse action to String().

Returns true if s was parsed successfully.

func (Operation) String added in v1.28.0 

func (o Operation) String() string

String returns string representation of Operation.

String mapping:

  • OperationGet: GET;
  • OperationHead: HEAD;
  • OperationPut: PUT;
  • OperationDelete: DELETE;
  • OperationSearch: SEARCH;
  • OperationRange: GETRANGE;
  • OperationRangeHash: GETRANGEHASH;
  • OperationUnknown, default: OPERATION_UNSPECIFIED.

func (Operation) ToV2 

func (o Operation) ToV2() v2acl.Operation

ToV2 converts Operation to v2 Operation enum value.

type Record 

type Record struct {
	// contains filtered or unexported fields
}

Record of the EACL rule, that defines EACL action, targets for this action, object service operation and filters for request headers.

Record is compatible with v2 acl.EACLRecord message.

func CreateRecord 

func CreateRecord(action Action, operation Operation) *Record

CreateRecord creates, initializes with parameters and returns Record instance.

func NewRecord 

func NewRecord() *Record

NewRecord creates and returns blank Record instance.

Defaults:

  • action: ActionUnknown;
  • operation: OperationUnknown;
  • targets: nil,
  • filters: nil.

func NewRecordFromV2 

func NewRecordFromV2(record *v2acl.Record) *Record

NewRecordFromV2 converts v2 acl.EACLRecord message to Record.

func (Record) Action 

func (r Record) Action() Action

Action returns rule execution result.

func (*Record) AddFilter 

func (r *Record) AddFilter(from FilterHeaderType, matcher Match, name, value string)

AddFilter adds generic filter.

func (*Record) AddObjectAttributeFilter 

func (r *Record) AddObjectAttributeFilter(m Match, key, value string)

AddObjectAttributeFilter adds filter by object attribute.

func (*Record) AddObjectContainerIDFilter 

func (r *Record) AddObjectContainerIDFilter(m Match, id *cid.ID)

AddObjectContainerIDFilter adds filter by object container ID.

func (*Record) AddObjectOwnerIDFilter 

func (r *Record) AddObjectOwnerIDFilter(m Match, id *owner.ID)

AddObjectOwnerIDFilter adds filter by object owner ID.

func (*Record) AddObjectVersionFilter 

func (r *Record) AddObjectVersionFilter(m Match, v *pkg.Version)

AddObjectVersionFilter adds filter by object version.

func (*Record) AddTarget deprecated 

func (r *Record) AddTarget(role Role, keys ...ecdsa.PublicKey)

AddTarget adds target subject with specified Role and key list.

Deprecated: use AddFormedTarget instead.

func (Record) Filters 

func (r Record) Filters() []*Filter

Filters returns list of filters to match and see if rule is applicable.

func (*Record) Marshal 

func (r *Record) Marshal(b ...[]byte) ([]byte, error)

Marshal marshals Record into a protobuf binary form.

Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.

func (*Record) MarshalJSON 

func (r *Record) MarshalJSON() ([]byte, error)

MarshalJSON encodes Record to protobuf JSON format.

func (Record) Operation 

func (r Record) Operation() Operation

Operation returns NeoFS request verb to match.

func (*Record) SetAction 

func (r *Record) SetAction(action Action)

SetAction sets rule execution result.

func (*Record) SetOperation 

func (r *Record) SetOperation(operation Operation)

SetOperation sets NeoFS request verb to match.

func (*Record) SetTargets added in v1.21.0 

func (r *Record) SetTargets(targets ...*Target)

SetTargets sets list of target subjects to apply ACL rule to.

func (Record) Targets 

func (r Record) Targets() []*Target

Targets returns list of target subjects to apply ACL rule to.

func (*Record) ToV2 

func (r *Record) ToV2() *v2acl.Record

ToV2 converts Record to v2 acl.EACLRecord message.

Nil Record converts to nil.

func (*Record) Unmarshal 

func (r *Record) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Record.

func (*Record) UnmarshalJSON 

func (r *Record) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Record from protobuf JSON format.

type Role 

type Role uint32

Role is a group of request senders to match request. Role is compatible with v2 acl.Role enum. 

const (
	// RoleUnknown is a Role value used to mark role as undefined.
	RoleUnknown Role = iota

	// RoleUser is a group of senders that contains only key of container owner.
	RoleUser

	// RoleSystem is a group of senders that contains keys of container nodes and
	// inner ring nodes.
	RoleSystem

	// RoleOthers is a group of senders that contains none of above keys.
	RoleOthers
)

func RoleFromV2 

func RoleFromV2(role v2acl.Role) (r Role)

RoleFromV2 converts v2 Role enum value to Role.

func (*Role) FromString added in v1.28.0 

func (r *Role) FromString(s string) bool

FromString parses Role from a string representation. It is a reverse action to String().

Returns true if s was parsed successfully.

func (Role) String added in v1.28.0 

func (r Role) String() string

String returns string representation of Role.

String mapping:

  • RoleUser: USER;
  • RoleSystem: SYSTEM;
  • RoleOthers: OTHERS;
  • RoleUnknown, default: ROLE_UNKNOWN.

func (Role) ToV2 

func (r Role) ToV2() v2acl.Role

ToV2 converts Role to v2 Role enum value.

type Table 

type Table struct {
	// contains filtered or unexported fields
}

Table is a group of EACL records for single container.

Table is compatible with v2 acl.EACLTable message.

func CreateTable 

func CreateTable(cid cid.ID) *Table

CreateTable creates, initializes with parameters and returns Table instance.

func NewTable 

func NewTable() *Table

NewTable creates, initializes and returns blank Table instance.

Defaults:

  • version: pkg.SDKVersion();
  • container ID: nil;
  • records: nil;
  • session token: nil;
  • signature: nil.

func NewTableFromV2 

func NewTableFromV2(table *v2acl.Table) *Table

NewTableFromV2 converts v2 acl.EACLTable message to Table.

func (*Table) AddRecord 

func (t *Table) AddRecord(r *Record)

AddRecord adds single eACL rule.

func (Table) CID 

func (t Table) CID() *cid.ID

CID returns identifier of the container that should use given access control rules.

func (*Table) Marshal 

func (t *Table) Marshal(b ...[]byte) ([]byte, error)

Marshal marshals Table into a protobuf binary form.

Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.

func (*Table) MarshalJSON 

func (t *Table) MarshalJSON() ([]byte, error)

MarshalJSON encodes Table to protobuf JSON format.

func (Table) Records 

func (t Table) Records() []*Record

Records returns list of extended ACL rules.

func (Table) SessionToken added in v1.27.0 

func (t Table) SessionToken() *session.Token

SessionToken returns token of the session within which Table was set.

func (*Table) SetCID 

func (t *Table) SetCID(cid *cid.ID)

SetCID sets identifier of the container that should use given access control rules.

func (*Table) SetSessionToken added in v1.27.0 

func (t *Table) SetSessionToken(tok *session.Token)

SetSessionToken sets token of the session within which Table was set.

func (*Table) SetSignature added in v1.27.0 

func (t *Table) SetSignature(sig *pkg.Signature)

SetSignature sets Table signature.

func (*Table) SetVersion 

func (t *Table) SetVersion(version pkg.Version)

SetVersion sets version of eACL format.

func (Table) Signature added in v1.27.0 

func (t Table) Signature() *pkg.Signature

Signature returns Table signature.

func (*Table) ToV2 

func (t *Table) ToV2() *v2acl.Table

ToV2 converts Table to v2 acl.EACLTable message.

Nil Table converts to nil.

func (*Table) Unmarshal 

func (t *Table) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Table.

func (*Table) UnmarshalJSON 

func (t *Table) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Table from protobuf JSON format.

func (Table) Version 

func (t Table) Version() pkg.Version

Version returns version of eACL format.

type Target 

type Target struct {
	// contains filtered or unexported fields
}

Target is a group of request senders to match EACL. Defined by role enum and set of public keys.

Target is compatible with v2 acl.EACLRecord.Target message.

func NewTarget 

func NewTarget() *Target

NewTarget creates, initializes and returns blank Target instance.

Defaults:

  • role: RoleUnknown;
  • keys: nil.

func NewTargetFromV2 

func NewTargetFromV2(target *v2acl.Target) *Target

NewTargetFromV2 converts v2 acl.EACLRecord.Target message to Target.

func (*Target) BinaryKeys added in v1.21.0 

func (t *Target) BinaryKeys() [][]byte

BinaryKeys returns list of public keys to identify target subject in a binary format.

func (*Target) Keys deprecated 

func (t *Target) Keys() []ecdsa.PublicKey

Keys returns list of ECDSA public keys to identify target subject. If some key has a different format, it is ignored.

Deprecated: use TargetECDSAKeys instead.

func (*Target) Marshal 

func (t *Target) Marshal(b ...[]byte) ([]byte, error)

Marshal marshals Target into a protobuf binary form.

Buffer is allocated when the argument is empty. Otherwise, the first buffer is used.

func (*Target) MarshalJSON 

func (t *Target) MarshalJSON() ([]byte, error)

MarshalJSON encodes Target to protobuf JSON format.

func (Target) Role 

func (t Target) Role() Role

Role returns target subject's role class.

func (*Target) SetBinaryKeys added in v1.21.0 

func (t *Target) SetBinaryKeys(keys [][]byte)

SetBinaryKeys sets list of binary public keys to identify target subject.

func (*Target) SetKeys deprecated 

func (t *Target) SetKeys(keys ...ecdsa.PublicKey)

SetKeys sets list of ECDSA public keys to identify target subject.

Deprecated: use SetTargetECDSAKeys instead.

func (*Target) SetRole 

func (t *Target) SetRole(r Role)

SetRole sets target subject's role class.

func (*Target) ToV2 

func (t *Target) ToV2() *v2acl.Target

ToV2 converts Target to v2 acl.EACLRecord.Target message.

Nil Target converts to nil.

func (*Target) Unmarshal 

func (t *Target) Unmarshal(data []byte) error

Unmarshal unmarshals protobuf binary representation of Target.

func (*Target) UnmarshalJSON 

func (t *Target) UnmarshalJSON(data []byte) error

UnmarshalJSON decodes Target from protobuf JSON format.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.