grant

package
v0.0.0-...-eb3fb91 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: MIT Imports: 12 Imported by: 14

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Access

type Access struct {
	SatelliteAddress string
	APIKey           *macaroon.APIKey
	EncAccess        *EncryptionAccess
}

An Access Grant contains everything to access a project and specific buckets. It includes a potentially-restricted API Key, a potentially-restricted set of encryption information, and information about the Satellite responsible for the project's metadata.

func ParseAccess

func ParseAccess(access string) (*Access, error)

ParseAccess parses a serialized access grant string.

This should be the main way to instantiate an access grant for opening a project. See the note on RequestAccessWithPassphrase.

func (*Access) Restrict

func (access *Access) Restrict(permission Permission, prefixes ...SharePrefix) (*Access, error)

Restrict creates a new access grant with specific permissions.

Access grants can only have their existing permissions restricted, and the resulting access grant will only allow for the intersection of all previous Restrict calls in the access grant construction chain.

Prefixes, if provided, restrict the access grant (and internal encryption information) to only contain enough information to allow access to just those prefixes.

func (*Access) Serialize

func (access *Access) Serialize() (string, error)

Serialize serializes an access grant such that it can be used later with ParseAccess or other tools.

type EncryptionAccess

type EncryptionAccess struct {
	Store *encryption.Store
}

EncryptionAccess represents an encryption access context. It holds information about how various buckets and objects should be encrypted and decrypted.

func NewEncryptionAccess

func NewEncryptionAccess() *EncryptionAccess

NewEncryptionAccess creates an encryption access context.

func NewEncryptionAccessWithDefaultKey

func NewEncryptionAccessWithDefaultKey(defaultKey *storj.Key) *EncryptionAccess

NewEncryptionAccessWithDefaultKey creates an encryption access context with a default key set. Use (*Project).SaltedKeyFromPassphrase to generate a default key.

func (*EncryptionAccess) Clone

func (s *EncryptionAccess) Clone() *EncryptionAccess

Clone returns a deep copy of EncrytionAccess.

func (*EncryptionAccess) LimitTo

func (s *EncryptionAccess) LimitTo(apiKey *macaroon.APIKey)

LimitTo limits the data in the encryption access only to the paths that would be allowed by the api key. Any errors that happen due to the consistency of the api key cause no keys to be stored.

func (*EncryptionAccess) SetDefaultKey

func (s *EncryptionAccess) SetDefaultKey(defaultKey *storj.Key)

SetDefaultKey sets the default key for the encryption access context. Use (*Project).SaltedKeyFromPassphrase to generate a default key.

func (*EncryptionAccess) SetDefaultPathCipher

func (s *EncryptionAccess) SetDefaultPathCipher(defaultPathCipher storj.CipherSuite)

SetDefaultPathCipher sets which cipher suite to use by default.

type Permission

type Permission struct {
	// AllowDownload gives permission to download the object's content. It
	// allows getting object metadata, but it does not allow listing buckets.
	AllowDownload bool
	// AllowUpload gives permission to create buckets and upload new objects.
	// It does not allow overwriting existing objects unless AllowDelete is
	// granted too.
	AllowUpload bool
	// AllowList gives permission to list buckets. It allows getting object
	// metadata, but it does not allow downloading the object's content.
	AllowList bool
	// AllowDelete gives permission to delete buckets and objects. Unless
	// either AllowDownload or AllowList is granted too, no object metadata and
	// no error info will be returned for deleted objects.
	AllowDelete bool
	// AllowLock gives permission for retention periods to be placed on and
	// retrieved from objects. It also gives permission for Object Lock
	// configurations to be placed on and retrieved from buckets.
	//
	// Deprecated: AllowLock exists for historical compatibility
	// and should not be used. Prefer using the granular Object Lock
	// permissions AllowPutObjectRetention and AllowGetObjectRetention.
	AllowLock bool
	// AllowPutObjectRetention gives permission for retention periods to be
	// placed on and retrieved from objects.
	AllowPutObjectRetention bool
	// AllowGetObjectRetention gives permission for retention periods to be
	// retrieved from objects.
	AllowGetObjectRetention bool
	// AllowPutObjectLegalHold gives permission for legal hold status to be
	// placed on objects.
	AllowPutObjectLegalHold bool
	// AllowGetObjectLegalHold gives permission for legal hold status to be
	// retrieved from objects.
	AllowGetObjectLegalHold bool
	// AllowBypassGovernanceRetention gives permission for governance retention
	// to be bypassed on objects.
	AllowBypassGovernanceRetention bool
	// AllowPutBucketObjectLockConfiguration gives permission for object lock configuration to be
	// placed on buckets.
	AllowPutBucketObjectLockConfiguration bool
	// AllowGetBucketObjectLockConfiguration gives permission for object lock configuration to be
	// retrieved from buckets.
	AllowGetBucketObjectLockConfiguration bool
	// NotBefore restricts when the resulting access grant is valid for.
	// If set, the resulting access grant will not work if the Satellite
	// believes the time is before NotBefore.
	// If set, this value should always be before NotAfter.
	NotBefore time.Time
	// NotAfter restricts when the resulting access grant is valid for.
	// If set, the resulting access grant will not work if the Satellite
	// believes the time is after NotAfter.
	// If set, this value should always be after NotBefore.
	NotAfter time.Time
	// MaxObjectTTL restricts the maximum time-to-live of objects.
	// If set, new objects are uploaded with an expiration time that reflects
	// the MaxObjectTTL period.
	// If objects are uploaded with an explicit expiration time, the upload
	// will be successful only if it is shorter than the MaxObjectTTL period.
	MaxObjectTTL *time.Duration
}

Permission defines what actions can be used to share.

type SharePrefix

type SharePrefix struct {
	Bucket string
	// Prefix is the prefix of the shared object keys.
	//
	// Note: that within a bucket, the hierarchical key derivation scheme is
	// delineated by forward slashes (/), so encryption information will be
	// included in the resulting access grant to decrypt any key that shares
	// the same prefix up until the last slash.
	Prefix string
}

SharePrefix defines a prefix that will be shared.

Directories

Path Synopsis
internal
pb
Package pb contains protobuf definitions for Storj peers.
Package pb contains protobuf definitions for Storj peers.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL