Skip to content

Commit

Permalink
Merge pull request #292 from nspcc-dev/266-bearer-token-issuer
Browse files Browse the repository at this point in the history
acl: Extend `BearerToken` message with `issuer` field
  • Loading branch information
roman-khimov authored Mar 4, 2024
2 parents 183448a + f49089f commit f3ed513
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- Link object payload message (#263)
- Children sizes index to the link objects (#264)
- `LINK` split chain object type (#283)
- `BearerToken.issuer` field (#266)

### Changed
- Split ID is deprecated, the first child part is used instead and is known to the other parts (#283)
Expand Down
4 changes: 4 additions & 0 deletions acl/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,10 @@ message BearerToken {
}
// Token expiration and valid time period parameters
TokenLifetime lifetime = 3 [json_name="lifetime"];

// Token issuer's user ID in NeoFS. It must equal to the related
// container's owner.
neo.fs.v2.refs.OwnerID issuer = 4 [json_name="issuer"];
}
// Bearer Token body
Body body = 1 [json_name="body"];
Expand Down
1 change: 1 addition & 0 deletions proto-docs/acl.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ owner with additional information preventing token abuse.
| eacl_table | [EACLTable](#neo.fs.v2.acl.EACLTable) | | Table of Extended ACL rules to use instead of the ones attached to the container. If it contains `container_id` field, bearer token is only valid for this specific container. Otherwise, any container of the same owner is allowed. |
| owner_id | [neo.fs.v2.refs.OwnerID](#neo.fs.v2.refs.OwnerID) | | `OwnerID` defines to whom the token was issued. It must match the request originator's `OwnerID`. If empty, any token bearer will be accepted. |
| lifetime | [BearerToken.Body.TokenLifetime](#neo.fs.v2.acl.BearerToken.Body.TokenLifetime) | | Token expiration and valid time period parameters |
| issuer | [neo.fs.v2.refs.OwnerID](#neo.fs.v2.refs.OwnerID) | | Token issuer's user ID in NeoFS. It must equal to the related container's owner. |


<a name="neo.fs.v2.acl.BearerToken.Body.TokenLifetime"></a>
Expand Down

0 comments on commit f3ed513

Please sign in to comment.