Documentation ¶
Index ¶
- func DeriveRootKey(encryptionPassphrase, base64EncodedSalt string) (*storj.Key, error)
- func GenAccessGrant(satelliteNodeURL, apiKey, encryptionPassphrase, base64EncodedSalt string) (string, error)
- func RestrictGrant(accessGrant string, paths []string, permission Permission) (string, error)
- func SetPermission(key string, buckets []string, permission Permission) (*macaroon.APIKey, error)
- type Permission
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeriveRootKey ¶ added in v1.54.1
DeriveRootKey derives the root key portion of the access grant.
func GenAccessGrant ¶
func GenAccessGrant(satelliteNodeURL, apiKey, encryptionPassphrase, base64EncodedSalt string) (string, error)
GenAccessGrant creates a new access grant and returns it serialized form.
func RestrictGrant ¶ added in v1.26.2
func RestrictGrant(accessGrant string, paths []string, permission Permission) (string, error)
RestrictGrant restricts an access grant with the permissions and paths and returns a new access grant.
func SetPermission ¶
SetPermission restricts the api key with the permissions and returns an api key with restricted permissions.
Types ¶
type Permission ¶
type Permission struct { // AllowDownload gives permission to download the object's content. It // allows getting object metadata, but it does not allow listing buckets. AllowDownload bool // AllowUpload gives permission to create buckets and upload new objects. // It does not allow overwriting existing objects unless AllowDelete is // granted too. AllowUpload bool // AllowList gives permission to list buckets. It allows getting object // metadata, but it does not allow downloading the object's content. AllowList bool // AllowDelete gives permission to delete buckets and objects. Unless // either AllowDownload or AllowList is granted too, no object metadata and // no error info will be returned for deleted objects. AllowDelete bool // AllowPutObjectRetention gives permission for retention periods to be // placed on and retrieved from objects. AllowPutObjectRetention bool // AllowGetObjectRetention gives permission for retention periods to be // retrieved from objects. AllowGetObjectRetention bool // AllowPutObjectLegalHold gives permission for legal hold status to be // placed on objects. AllowPutObjectLegalHold bool // AllowGetObjectLegalHold gives permission for legal hold status to be // retrieved from objects. AllowGetObjectLegalHold bool // AllowBypassGovernanceRetention gives permission for governance retention // to be bypassed on objects. AllowBypassGovernanceRetention bool // AllowPutBucketObjectLockConfiguration gives permission for default retention config to be // placed on buckets. AllowPutBucketObjectLockConfiguration bool // AllowGetBucketObjectLockConfiguration gives permission for default retention config to be // retrieved from buckets. AllowGetBucketObjectLockConfiguration bool // NotBefore restricts when the resulting access grant is valid for. // If set, the resulting access grant will not work if the Satellite // believes the time is before NotBefore. // If set, this value should always be before NotAfter. NotBefore time.Time // NotAfter restricts when the resulting access grant is valid for. // If set, the resulting access grant will not work if the Satellite // believes the time is after NotAfter. // If set, this value should always be after NotBefore. NotAfter time.Time // MaxObjectTTL restricts the maximum time-to-live of objects. // If set, new objects are uploaded with an expiration time that reflects // the MaxObjectTTL period. // If objects are uploaded with an explicit expiration time, the upload // will be successful only if it is shorter than the MaxObjectTTL period. MaxObjectTTL *time.Duration }
Permission defines what actions can be used to share.
This struct has been taken from storj.io/uplink and duplicated to avoid pulling in that dependency.
Click to show internal directories.
Click to hide internal directories.