Documentation
¶
Index ¶
- Constants
- func MatchFilters(src TypedHeaderSource, filters []acl.HeaderFilter) int
- type BasicACLChecker
- type BasicChecker
- type BinaryEACLKey
- type BinaryEACLValue
- type BinaryExtendedACLSource
- type BinaryExtendedACLStore
- type ExtendedACLChecker
- type ExtendedACLSource
- type ExtendedACLStore
- type MaskedBasicACLChecker
- func (c MaskedBasicACLChecker) Action(rule uint32, req object.RequestType, t acl.Target) (bool, error)
- func (c MaskedBasicACLChecker) Bearer(rule uint32, req object.RequestType) (bool, error)
- func (c MaskedBasicACLChecker) Extended(rule uint32) bool
- func (c MaskedBasicACLChecker) Sticky(rule uint32) bool
- type RequestInfo
- type TypedHeaderSource
Constants ¶
const (
// DefaultAndFilter is a default AND mask of basic ACL value of container.
DefaultAndFilter = 0xFFFFFFFF
)
const ErrNilBinaryExtendedACLStore = internal.Error("binary extended ACL store is nil")
ErrNilBinaryExtendedACLStore is returned by function that expect a non-nil BinaryExtendedACLStore, but received nil.
Variables ¶
This section is empty.
Functions ¶
func MatchFilters ¶
func MatchFilters(src TypedHeaderSource, filters []acl.HeaderFilter) int
MatchFilters checks if passed source carry at least one header that satisfies passed filters.
Nil header does not satisfy any filter. Any header does not satisfy nil filter.
Returns mResMismatch if passed TypedHeaderSource is nil. Returns mResMatch if passed filters are empty.
If headers for some of the HeaderType could not be composed, mResUndefined returns.
Types ¶
type BasicACLChecker ¶
type BasicACLChecker struct{}
BasicACLChecker performs basic ACL check.
func (*BasicACLChecker) Action ¶
func (c *BasicACLChecker) Action(rule uint32, req object.RequestType, t acl.Target) (bool, error)
Action returns true if request is allowed for target.
func (*BasicACLChecker) Bearer ¶
func (c *BasicACLChecker) Bearer(rule uint32, req object.RequestType) (bool, error)
Bearer returns true if bearer token is allowed to use for this request as source of extended ACL.
func (*BasicACLChecker) Extended ¶
func (c *BasicACLChecker) Extended(rule uint32) bool
Extended returns true if extended ACL stored in the container are allowed to use.
func (*BasicACLChecker) Sticky ¶
func (c *BasicACLChecker) Sticky(rule uint32) bool
Sticky returns true if container is not allowed to store objects with owners different from request owner.
type BasicChecker ¶
type BasicChecker interface {
// Action returns true if request is allowed for this target.
Action(uint32, object.RequestType, acl.Target) (bool, error)
// Bearer returns true if bearer token is allowed for this request.
Bearer(uint32, object.RequestType) (bool, error)
// Extended returns true if extended ACL is allowed for this.
Extended(uint32) bool
// Sticky returns true if sticky bit is set.
Sticky(uint32) bool
}
BasicChecker is an interface of the basic ACL control tool.
func NewMaskedBasicACLChecker ¶
func NewMaskedBasicACLChecker(or, and uint32) BasicChecker
NewMaskedBasicACLChecker returns BasicChecker that applies predefined bit mask on basic ACL value.
type BinaryEACLKey ¶
type BinaryEACLKey struct {
// contains filtered or unexported fields
}
BinaryEACLKey is a binary EACL storage key.
func (*BinaryEACLKey) SetCID ¶
func (s *BinaryEACLKey) SetCID(v refs.CID)
SetCID is a container ID setter.
type BinaryEACLValue ¶
type BinaryEACLValue struct {
// contains filtered or unexported fields
}
BinaryEACLValue is a binary EACL storage value.
func (BinaryEACLValue) EACL ¶
func (s BinaryEACLValue) EACL() []byte
EACL is a binary extended ACL table getter.
func (BinaryEACLValue) MarshalBinary ¶
func (s BinaryEACLValue) MarshalBinary() ([]byte, error)
MarshalBinary returns a binary representation of BinaryEACLValue.
func (*BinaryEACLValue) SetEACL ¶
func (s *BinaryEACLValue) SetEACL(v []byte)
SetEACL is a binary extended ACL table setter.
func (*BinaryEACLValue) SetSignature ¶
func (s *BinaryEACLValue) SetSignature(v []byte)
SetSignature is an EACL signature setter.
func (BinaryEACLValue) Signature ¶
func (s BinaryEACLValue) Signature() []byte
Signature is an EACL signature getter.
func (*BinaryEACLValue) UnmarshalBinary ¶
func (s *BinaryEACLValue) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary unmarshals BinaryEACLValue from bytes.
type BinaryExtendedACLSource ¶
type BinaryExtendedACLSource interface {
// Must return binary extended ACL table by key.
GetBinaryEACL(context.Context, BinaryEACLKey) (BinaryEACLValue, error)
}
BinaryExtendedACLSource is an interface of storage of binary extended ACL tables with read access.
type BinaryExtendedACLStore ¶
type BinaryExtendedACLStore interface {
BinaryExtendedACLSource
// Must store binary extended ACL table for key.
PutBinaryEACL(context.Context, BinaryEACLKey, BinaryEACLValue) error
}
BinaryExtendedACLStore is an interface of storage of binary extended ACL tables.
type ExtendedACLChecker ¶
type ExtendedACLChecker interface {
// Must return an action according to the results of applying the ACL table rules to request.
//
// Must return ActionUndefined if it is unable to explicitly calculate the action.
Action(acl.ExtendedACLTable, RequestInfo) acl.ExtendedACLAction
}
ExtendedACLChecker is an interface of extended ACL checking tool.
func NewExtendedACLChecker ¶
func NewExtendedACLChecker() ExtendedACLChecker
NewExtendedACLChecker creates a new extended ACL checking tool and returns ExtendedACLChecker interface.
type ExtendedACLSource ¶
type ExtendedACLSource interface {
// Must return extended ACL table by container ID key.
GetExtendedACLTable(context.Context, refs.CID) (acl.ExtendedACLTable, error)
}
ExtendedACLSource is an interface of storage of extended ACL tables with read access.
type ExtendedACLStore ¶
type ExtendedACLStore interface {
ExtendedACLSource
// Must store extended ACL table for container ID key.
PutExtendedACLTable(context.Context, refs.CID, acl.ExtendedACLTable) error
}
ExtendedACLStore is an interface of storage of extended ACL tables.
type MaskedBasicACLChecker ¶
type MaskedBasicACLChecker struct {
BasicACLChecker
// contains filtered or unexported fields
}
MaskedBasicACLChecker performs all basic ACL checks, but applying mask on ACL first. It is useful, when some bits must be always set or unset.
func (MaskedBasicACLChecker) Action ¶
func (c MaskedBasicACLChecker) Action(rule uint32, req object.RequestType, t acl.Target) (bool, error)
Action returns true if request is allowed for target.
func (MaskedBasicACLChecker) Bearer ¶
func (c MaskedBasicACLChecker) Bearer(rule uint32, req object.RequestType) (bool, error)
Bearer returns true if bearer token is allowed to use for this request as source of extended ACL.
func (MaskedBasicACLChecker) Extended ¶
func (c MaskedBasicACLChecker) Extended(rule uint32) bool
Extended returns true if extended ACL stored in the container are allowed to use.
func (MaskedBasicACLChecker) Sticky ¶
func (c MaskedBasicACLChecker) Sticky(rule uint32) bool
Sticky returns true if container is not allowed to store objects with owners different from request owner.
type RequestInfo ¶
type RequestInfo interface {
TypedHeaderSource
// Must return the binary representation of request initiator's key.
Key() []byte
// Must return true if request corresponds to operation type.
TypeOf(acl.OperationType) bool
// Must return true if request has passed target.
TargetOf(acl.Target) bool
}
RequestInfo is an interface of request information needed for extended ACL check.
type TypedHeaderSource ¶
type TypedHeaderSource interface {
// Must return list of Header of particular type.
// Must return false if there is no ability to compose header list.
HeadersOfType(acl.HeaderType) ([]acl.Header, bool)
}
TypedHeaderSource is a various types of header set interface.
func TypedHeaderSourceFromExtendedHeaders ¶
func TypedHeaderSourceFromExtendedHeaders(hdrSrc service.ExtendedHeadersSource) TypedHeaderSource
TypedHeaderSourceFromExtendedHeaders wraps passed ExtendedHeadersSource and returns TypedHeaderSource interface.
func TypedHeaderSourceFromObject ¶
func TypedHeaderSourceFromObject(obj *object.Object) TypedHeaderSource
TypedHeaderSourceFromObject wraps passed object and returns TypedHeaderSource interface.
Source Files