acl

package

v1.0.0-rc.4 Latest Latest Go to latest Published: Jun 3, 2022 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nspcc-dev/neofs-sdk-go

Documentation ¶

Overview ¶

Package acl provides primitives to perform handling basic ACL management in NeoFS.

BasicACL type provides functionality for managing container basic access-control list. For example, setting public basic ACL that could not be extended with any eACL rules:

import "github.com/nspcc-dev/neofs-sdk-go/container"
...
	c := container.New()
	c.SetBasicACL(acl.PublicBasicRule)

Using package types in an application is recommended to potentially work with different protocol versions with which these types are compatible.

Basic ACL bits meaning:

┌──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┐
│31│30│29│28│27│26│25│24│23│22│21│20│19│18│17│16│ <- Bit
├──┼──┼──┼──┼──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┤
│  │  │  │  │ RANGEHASH │   RANGE   │   SEARCH  │ <- Object service method
│  │  │  │  ├──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┤
│  │  │ X│ F│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ <- Rule
├──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┤
│15│14│13│12│11│10│09│08│07│06│05│04│03│02│01│00│ <- Bit
├──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┤
│   DELETE  │    PUT    │   HEAD    │    GET    │ <- Object service method
├──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┤
│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ <- Rule
└──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┘

U - Allows access to the owner of the container.
S - Allows access to Inner Ring and container nodes in the current version of network map.
O - Clients that do not match any of the categories above.
B - Allows using Bear Token ACL rules to replace eACL rules.
F - Flag denying Extended ACL. If set Extended ACL is ignored.
X - Flag denying different owners of the request and the object.

Remaining bits are reserved and are not used.

Index ¶

Constants
type BasicACL
- func ParseBasicACL(basicACL string) (BasicACL, error)
- func (a BasicACL) String() string

Constants ¶

View Source

const (
	// PublicBasicName is a well-known name for 0x1FBFBFFF basic ACL.
	// It represents fully-public container without eACL.
	PublicBasicName = "public-read-write"

	// PrivateBasicName is a well-known name for 0x1C8C8CCC basic ACL.
	// It represents fully-private container without eACL.
	PrivateBasicName = "private"

	// ReadOnlyBasicName is a well-known name for 0x1FBF8CFF basic ACL.
	// It represents public read-only container without eACL.
	ReadOnlyBasicName = "public-read"

	// PublicAppendName is a well-known name for 0x1FBF9FFF basic ACL.
	// It represents fully-public container without eACL except DELETE operation is only allowed on the owner.
	PublicAppendName = "public-append"

	// EACLPublicBasicName is a well-known name for 0x0FBFBFFF basic ACL.
	// It represents fully-public container that allows eACL.
	EACLPublicBasicName = "eacl-public-read-write"

	// EACLPrivateBasicName is a well-known name for 0x0C8C8CCC basic ACL.
	// It represents fully-private container that allows eACL.
	EACLPrivateBasicName = "eacl-private"

	// EACLReadOnlyBasicName is a well-known name for 0x0FBF8CFF basic ACL.
	// It represents public read-only container that allows eACL.
	EACLReadOnlyBasicName = "eacl-public-read"

	// EACLPublicAppendName is a well-known name for 0x0FBF9FFF basic ACL.
	// It represents fully-public container that allows eACL except DELETE operation is only allowed on the owner.
	EACLPublicAppendName = "eacl-public-append"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BasicACL ¶

type BasicACL uint32

BasicACL is Access Control List that defines who can interact with containers and what exactly they can do.

const (
	// PublicBasicRule is a basic ACL value for final public-read-write container for which extended ACL CANNOT be set.
	PublicBasicRule BasicACL = 0x1FBFBFFF

	// PrivateBasicRule is a basic ACL value for final private container for which extended ACL CANNOT be set.
	PrivateBasicRule BasicACL = 0x1C8C8CCC

	// ReadOnlyBasicRule is a basic ACL value for final public-read container for which extended ACL CANNOT be set.
	ReadOnlyBasicRule BasicACL = 0x1FBF8CFF

	// PublicAppendRule is a basic ACL value for final public-append container for which extended ACL CANNOT be set.
	PublicAppendRule BasicACL = 0x1FBF9FFF

	// EACLPublicBasicRule is a basic ACL value for non-final public-read-write container for which extended ACL CAN be set.
	EACLPublicBasicRule BasicACL = 0x0FBFBFFF

	// EACLPrivateBasicRule is a basic ACL value for non-final private container for which extended ACL CAN be set.
	EACLPrivateBasicRule BasicACL = 0x0C8C8CCC

	// EACLReadOnlyBasicRule is a basic ACL value for non-final public-read container for which extended ACL CAN be set.
	EACLReadOnlyBasicRule BasicACL = 0x0FBF8CFF

	// EACLPublicAppendRule is a basic ACL value for non-final public-append container for which extended ACL CAN be set.
	EACLPublicAppendRule BasicACL = 0x0FBF9FFF
)

func ParseBasicACL ¶

func ParseBasicACL(basicACL string) (BasicACL, error)

ParseBasicACL parse string ACL (well-known names or hex representation).

func (BasicACL) String ¶

func (a BasicACL) String() string

String returns BasicACL string representation in hexadecimal form with 0x prefix.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL