cmd: rename "scope" flag to "access"

We decided that better name for "scope" will be "access". This change refactors cmd part of code but don't touch libuplink. For backward compatibility old configs with "scope" field will be loaded without any issue. Old flag "scope" won't be supported directly from command line. https://storjlabs.atlassian.net/browse/V3-3488 Change-Id: I349d6971c798380d147937c91e887edb5e9ae4aa
2020-01-09 13:24:49 +01:00 · 2020-01-09 13:24:49 +01:00 · b579c260ab
commit b579c260ab
parent 57a31ac4e0
15 changed files with 147 additions and 135 deletions
--- a/cmd/gateway/main.go
+++ b/cmd/gateway/main.go
@ -223,7 +223,7 @@ func (flags GatewayFlags) action(ctx context.Context, cliCtx *cli.Context) (err
 // NewGateway creates a new minio Gateway
 func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err error) {
-	scope, err := flags.GetScope()
+	access, err := flags.GetAccess()
 	if err != nil {
 		return nil, err
 	}
@ -235,7 +235,7 @@ func (flags GatewayFlags) NewGateway(ctx context.Context) (gw minio.Gateway, err
 	return miniogw.NewStorjGateway(
 		project,
-		scope.EncryptionAccess,
+		access.EncryptionAccess,
 		storj.CipherSuite(flags.Enc.PathType),
 		flags.GetEncryptionParameters(),
 		flags.GetRedundancyScheme(),
@ -259,7 +259,7 @@ func (flags *GatewayFlags) newUplink(ctx context.Context) (*libuplink.Uplink, er
 }
 func (flags GatewayFlags) openProject(ctx context.Context) (*libuplink.Project, error) {
-	scope, err := flags.GetScope()
+	access, err := flags.GetAccess()
 	if err != nil {
 		return nil, Error.Wrap(err)
 	}
@ -268,7 +268,7 @@ func (flags GatewayFlags) openProject(ctx context.Context) (*libuplink.Project,
 	if err != nil {
 		return nil, Error.Wrap(err)
 	}
-	project, err := uplink.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+	project, err := uplink.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 	if err != nil {
 		return nil, Error.Wrap(err)
 	}
@ -316,7 +316,7 @@ func (flags GatewayFlags) interactive(cmd *cobra.Command, setupDir string, overr
 		return Error.Wrap(err)
 	}
-	scopeData, err := (&libuplink.Scope{
+	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satelliteAddress,
 		APIKey:           apiKey,
 		EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key),
@ -324,7 +324,7 @@ func (flags GatewayFlags) interactive(cmd *cobra.Command, setupDir string, overr
 	if err != nil {
 		return Error.Wrap(err)
 	}
-	overrides["scope"] = scopeData
+	overrides["access"] = accessData
 	err = process.SaveConfig(cmd, filepath.Join(setupDir, "config.yaml"),
 		process.SaveConfigWithOverrides(overrides),
@ -345,16 +345,16 @@ Some things to try next:
 // nonInteractive creates the configuration of the gateway non-interactively.
 func (flags GatewayFlags) nonInteractive(cmd *cobra.Command, setupDir string, overrides map[string]interface{}) error {
-	// ensure we're using the scope for the setup
+	// ensure we're using the access for the setup
-	scope, err := setupCfg.GetScope()
+	access, err := setupCfg.GetAccess()
 	if err != nil {
 		return err
 	}
-	scopeData, err := scope.Serialize()
+	accessData, err := access.Serialize()
 	if err != nil {
 		return err
 	}
-	overrides["scope"] = scopeData
+	overrides["access"] = accessData
 	return Error.Wrap(process.SaveConfig(cmd, filepath.Join(setupDir, "config.yaml"),
 		process.SaveConfigWithOverrides(overrides),
--- a/cmd/storj-sim/network.go
+++ b/cmd/storj-sim/network.go
@ -409,7 +409,7 @@ func newNetwork(flags *Flags) (*Processes, error) {
 			Address:    net.JoinHostPort(host, port(gatewayPeer, i, publicGRPC)),
 		})
-		scopeData, err := (&uplink.Scope{
+		accessData, err := (&uplink.Scope{
 			SatelliteAddr:    satellite.Address,
 			APIKey:           defaultAPIKey,
 			EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}),
@ -424,7 +424,7 @@ func newNetwork(flags *Flags) (*Processes, error) {
 			"setup": {
 				"--non-interactive",
-				"--scope", scopeData,
+				"--access", accessData,
 				"--identity-dir", process.Directory,
 				"--server.address", process.Address,
@ -459,7 +459,7 @@ func newNetwork(flags *Flags) (*Processes, error) {
 			// check if gateway config has an api key, if it's not
 			// create example project with key and add it to the config
 			// so that gateway can have access to the satellite
-			if runScopeData := vip.GetString("scope"); !flags.OnlyEnv && runScopeData == scopeData {
+			if runAccessData := vip.GetString("access"); !flags.OnlyEnv && runAccessData == accessData {
 				var consoleAddress string
 				err := readConfigString(&consoleAddress, satellite.Directory, "console.address")
 				if err != nil {
@ -476,29 +476,29 @@ func newNetwork(flags *Flags) (*Processes, error) {
 					time.Sleep(100 * time.Millisecond)
 				}
-				scope, err := uplink.ParseScope(runScopeData)
+				access, err := uplink.ParseScope(runAccessData)
 				if err != nil {
 					return err
 				}
-				scope.APIKey, err = uplink.ParseAPIKey(apiKey)
+				access.APIKey, err = uplink.ParseAPIKey(apiKey)
 				if err != nil {
 					return err
 				}
-				scopeData, err := scope.Serialize()
+				accessData, err := access.Serialize()
 				if err != nil {
 					return err
 				}
-				vip.Set("scope", scopeData)
+				vip.Set("access", accessData)
 				if err := vip.WriteConfig(); err != nil {
 					return err
 				}
 			}
-			if runScopeData := vip.GetString("scope"); runScopeData != scopeData {
+			if runAccessData := vip.GetString("access"); runAccessData != accessData {
-				process.AddExtra("SCOPE", runScopeData)
+				process.AddExtra("ACCESS", runAccessData)
-				if scope, err := uplink.ParseScope(runScopeData); err == nil {
+				if access, err := uplink.ParseScope(runAccessData); err == nil {
-					process.AddExtra("API_KEY", scope.APIKey.Serialize())
+					process.AddExtra("API_KEY", access.APIKey.Serialize())
 				}
 			}
--- a/cmd/uplink/cmd/config.go
+++ b/cmd/uplink/cmd/config.go
@ -47,17 +47,21 @@ type ClientConfig struct {
 // Config uplink configuration
 type Config struct {
-	ScopeConfig
+	AccessConfig
 	Client ClientConfig
 	RS     RSConfig
 	Enc    EncryptionConfig
 	TLS    tlsopts.Config
 }
-// ScopeConfig holds information about which scopes exist and are selected.
+// AccessConfig holds information about which accesses exist and are selected.
-type ScopeConfig struct {
+type AccessConfig struct {
-	Scopes map[string]string `internal:"true"`
+	Accesses map[string]string `internal:"true"`
-	Scope  string            `help:"the serialized scope, or name of the scope to use" default:""`
+	Access   string            `help:"the serialized access, or name of the access to use" default:""`
 	// used for backward compatibility
 	Scopes map[string]string `internal:"true"` // deprecated
 	Scope  string            `internal:"true"` // deprecated
 	Legacy // Holds on to legacy configuration values
 }
@ -75,34 +79,42 @@ type Legacy struct {
 	}
 }
-// GetScope returns the appropriate scope for the config.
+// GetAccess returns the appropriate access for the config.
-func (c ScopeConfig) GetScope() (_ *libuplink.Scope, err error) {
+func (a AccessConfig) GetAccess() (_ *libuplink.Scope, err error) {
 	defer mon.Task()(nil)(&err)
-	// if a scope exists for that name, try to load it.
+	// fallback to scope if access not found
-	if data, ok := c.Scopes[c.Scope]; ok && c.Scope != "" {
+	if a.Access == "" {
 		if data, ok := a.Scopes[a.Scope]; ok && a.Scope != "" {
 			return libuplink.ParseScope(data)
 		}
 		a.Access = a.Scope
 	}
 	// if a access exists for that name, try to load it.
 	if data, ok := a.Accesses[a.Access]; ok && a.Access != "" {
 		return libuplink.ParseScope(data)
 	}
-	// Otherwise, try to load the scope name as a serialized scope.
+	// Otherwise, try to load the access name as a serialized access.
-	if scope, err := libuplink.ParseScope(c.Scope); err == nil {
+	if access, err := libuplink.ParseScope(a.Access); err == nil {
-		return scope, nil
+		return access, nil
 	}
 	// fall back to trying to load the legacy values.
-	apiKey, err := libuplink.ParseAPIKey(c.Legacy.Client.APIKey)
+	apiKey, err := libuplink.ParseAPIKey(a.Legacy.Client.APIKey)
 	if err != nil {
 		return nil, err
 	}
-	satelliteAddr := c.Legacy.Client.SatelliteAddr
+	satelliteAddr := a.Legacy.Client.SatelliteAddr
 	if satelliteAddr == "" {
 		return nil, errs.New("must specify a satellite address")
 	}
 	var encAccess *libuplink.EncryptionAccess
-	if c.Legacy.Enc.EncAccessFilepath != "" {
+	if a.Legacy.Enc.EncAccessFilepath != "" {
-		data, err := ioutil.ReadFile(c.Legacy.Enc.EncAccessFilepath)
+		data, err := ioutil.ReadFile(a.Legacy.Enc.EncAccessFilepath)
 		if err != nil {
 			return nil, errs.Wrap(err)
 		}
@ -111,9 +123,9 @@ func (c ScopeConfig) GetScope() (_ *libuplink.Scope, err error) {
 			return nil, err
 		}
 	} else {
-		data := []byte(c.Legacy.Enc.EncryptionKey)
+		data := []byte(a.Legacy.Enc.EncryptionKey)
-		if c.Legacy.Enc.KeyFilepath != "" {
+		if a.Legacy.Enc.KeyFilepath != "" {
-			data, err = ioutil.ReadFile(c.Legacy.Enc.KeyFilepath)
+			data, err = ioutil.ReadFile(a.Legacy.Enc.KeyFilepath)
 			if err != nil {
 				return nil, errs.Wrap(err)
 			}
--- a/cmd/uplink/cmd/import.go
+++ b/cmd/uplink/cmd/import.go
@ -19,7 +19,7 @@ import (
 )
 var importCfg struct {
-	Overwrite bool `default:"false" help:"if true, allows a scope to be overwritten" source:"flag"`
+	Overwrite bool `default:"false" help:"if true, allows a access to be overwritten" source:"flag"`
 	UplinkFlags
 }
@ -27,7 +27,7 @@ var importCfg struct {
 func init() {
 	importCmd := &cobra.Command{
 		Use:   "import NAME PATH",
-		Short: "Imports a scope under the given name from the supplied path",
+		Short: "Imports an access under the given name from the supplied path",
 		Args:  cobra.ExactArgs(2),
 		RunE:  importMain,
 	}
@ -46,48 +46,48 @@ func importMain(cmd *cobra.Command, args []string) (err error) {
 	name := args[0]
 	path := args[1]
-	// This is a little hacky but viper deserializes scopes into a map[string]interface{}
+	// This is a little hacky but viper deserializes accesses into a map[string]interface{}
 	// and complains if we try and override with map[string]string{}.
-	scopes := map[string]interface{}{}
+	accesses := map[string]interface{}{}
-	for k, v := range importCfg.Scopes {
+	for k, v := range importCfg.Accesses {
-		scopes[k] = v
+		accesses[k] = v
 	}
 	overwritten := false
-	if _, ok := scopes[name]; ok {
+	if _, ok := accesses[name]; ok {
 		if !importCfg.Overwrite {
-			return fmt.Errorf("scope %q already exists", name)
+			return fmt.Errorf("access %q already exists", name)
 		}
 		overwritten = true
 	}
-	scopeData, err := readFirstUncommentedLine(path)
+	accessData, err := readFirstUncommentedLine(path)
 	if err != nil {
 		return Error.Wrap(err)
 	}
 	// Parse the scope data to ensure it is well formed
-	if _, err := libuplink.ParseScope(scopeData); err != nil {
+	if _, err := libuplink.ParseScope(accessData); err != nil {
 		return Error.Wrap(err)
 	}
-	scopes[name] = scopeData
+	accesses[name] = accessData
 	// There is no easy way currently to save off a "hidden" configurable into
 	// the config file without a larger refactoring. For now, just do a manual
-	// override of the scopes.
+	// override of the accesses.
 	// TODO: revisit when the configuration/flag code makes it easy
 	err = process.SaveConfig(cmd, filepath.Join(confDir, process.DefaultCfgFilename),
-		process.SaveConfigWithOverride("scopes", scopes),
+		process.SaveConfigWithOverride("acceses", accesses),
 		process.SaveConfigRemovingDeprecated())
 	if err != nil {
 		return Error.Wrap(err)
 	}
 	if overwritten {
-		fmt.Printf("scope %q overwritten.\n", name)
+		fmt.Printf("access %q overwritten.\n", name)
 	} else {
-		fmt.Printf("scope %q imported.\n", name)
+		fmt.Printf("access %q imported.\n", name)
 	}
 	return nil
 }
--- a/cmd/uplink/cmd/ls.go
+++ b/cmd/uplink/cmd/ls.go
@ -44,15 +44,15 @@ func list(cmd *cobra.Command, args []string) error {
 		}
 	}()
-	scope, err := cfg.GetScope()
+	access, err := cfg.GetAccess()
 	if err != nil {
 		return err
 	}
-	access := scope.EncryptionAccess
+	encAccess := access.EncryptionAccess
 	if *lsEncryptedFlag {
-		access = libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
+		encAccess = libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
-		access.Store().EncryptionBypass = true
+		encAccess.Store().EncryptionBypass = true
 	}
 	// list objects
@ -66,7 +66,7 @@ func list(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("no bucket specified, use format sj://bucket/")
 		}
-		bucket, err := project.OpenBucket(ctx, src.Bucket(), access)
+		bucket, err := project.OpenBucket(ctx, src.Bucket(), encAccess)
 		if err != nil {
 			return err
 		}
@ -97,7 +97,7 @@ func list(cmd *cobra.Command, args []string) error {
 			for _, bucket := range list.Items {
 				fmt.Println("BKT", formatTime(bucket.Created), bucket.Name)
 				if *lsRecursiveFlag {
-					if err := listFilesFromBucket(ctx, project, bucket.Name, access); err != nil {
+					if err := listFilesFromBucket(ctx, project, bucket.Name, encAccess); err != nil {
 						return err
 					}
 				}
--- a/cmd/uplink/cmd/meta_test.go
+++ b/cmd/uplink/cmd/meta_test.go
@ -39,7 +39,7 @@ func TestSetGetMeta(t *testing.T) {
 				"--config-dir", ctx.Dir("uplink"),
 				"setup",
 				"--non-interactive",
-				"--scope", planet.Uplinks[0].GetConfig(planet.Satellites[0]).Scope,
+				"--access", planet.Uplinks[0].GetConfig(planet.Satellites[0]).Access,
 			).CombinedOutput()
 			t.Log(string(output))
 			require.NoError(t, err)
--- a/cmd/uplink/cmd/rm.go
+++ b/cmd/uplink/cmd/rm.go
@ -53,18 +53,18 @@ func deleteObject(cmd *cobra.Command, args []string) error {
 		}
 	}()
-	scope, err := cfg.GetScope()
+	access, err := cfg.GetAccess()
 	if err != nil {
 		return err
 	}
-	access := scope.EncryptionAccess
+	encAccess := access.EncryptionAccess
 	if *rmEncryptedFlag {
-		access = libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
+		encAccess = libuplink.NewEncryptionAccessWithDefaultKey(storj.Key{})
-		access.Store().EncryptionBypass = true
+		encAccess.Store().EncryptionBypass = true
 	}
-	bucket, err := project.OpenBucket(ctx, dst.Bucket(), access)
+	bucket, err := project.OpenBucket(ctx, dst.Bucket(), encAccess)
 	if err != nil {
 		return err
 	}
--- a/cmd/uplink/cmd/root.go
+++ b/cmd/uplink/cmd/root.go
@ -93,7 +93,7 @@ func (cliCfg *UplinkFlags) GetProject(ctx context.Context) (_ *libuplink.Project
 		return nil, err
 	}
-	scope, err := cliCfg.GetScope()
+	access, err := cliCfg.GetAccess()
 	if err != nil {
 		return nil, err
 	}
@ -110,12 +110,12 @@ func (cliCfg *UplinkFlags) GetProject(ctx context.Context) (_ *libuplink.Project
 		}
 	}()
-	return uplk.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+	return uplk.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 }
 // GetProjectAndBucket returns a *libuplink.Bucket for interacting with a specific project's bucket
 func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName string) (project *libuplink.Project, bucket *libuplink.Bucket, err error) {
-	scope, err := cliCfg.GetScope()
+	access, err := cliCfg.GetAccess()
 	if err != nil {
 		return nil, nil, err
 	}
@ -132,7 +132,7 @@ func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName s
 		}
 	}()
-	project, err = uplk.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+	project, err = uplk.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 	if err != nil {
 		return nil, nil, err
 	}
@ -144,7 +144,7 @@ func (cliCfg *UplinkFlags) GetProjectAndBucket(ctx context.Context, bucketName s
 		}
 	}()
-	bucket, err = project.OpenBucket(ctx, bucketName, scope.EncryptionAccess)
+	bucket, err = project.OpenBucket(ctx, bucketName, access.EncryptionAccess)
 	return project, bucket, err
 }
--- a/cmd/uplink/cmd/setup.go
+++ b/cmd/uplink/cmd/setup.go
@ -59,8 +59,8 @@ func cmdSetup(cmd *cobra.Command, args []string) (err error) {
 // cmdSetupNonInteractive sets up uplink non-interactively.
 func cmdSetupNonInteractive(cmd *cobra.Command, setupDir string) error {
-	// ensure we're using the scope for the setup
+	// ensure we're using the access for the setup
-	scope, err := setupCfg.GetScope()
+	access, err := setupCfg.GetAccess()
 	if err != nil {
 		return err
 	}
@ -70,18 +70,18 @@ func cmdSetupNonInteractive(cmd *cobra.Command, setupDir string) error {
 	if err != nil {
 		return err
 	}
-	scope.SatelliteAddr, err = ApplyDefaultHostAndPortToAddr(
+	access.SatelliteAddr, err = ApplyDefaultHostAndPortToAddr(
-		scope.SatelliteAddr, vip.GetString("satellite-addr"))
+		access.SatelliteAddr, vip.GetString("satellite-addr"))
 	if err != nil {
 		return err
 	}
-	scopeData, err := scope.Serialize()
+	accessData, err := access.Serialize()
 	if err != nil {
 		return err
 	}
 	return Error.Wrap(process.SaveConfig(cmd, filepath.Join(setupDir, process.DefaultCfgFilename),
-		process.SaveConfigWithOverride("scope", scopeData),
+		process.SaveConfigWithOverride("access", accessData),
 		process.SaveConfigRemovingDeprecated()))
 }
@ -137,7 +137,7 @@ func cmdSetupInteractive(cmd *cobra.Command, setupDir string) error {
 		return Error.Wrap(err)
 	}
-	scopeData, err := (&libuplink.Scope{
+	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satelliteAddress,
 		APIKey:           apiKey,
 		EncryptionAccess: libuplink.NewEncryptionAccessWithDefaultKey(*key),
@ -147,7 +147,7 @@ func cmdSetupInteractive(cmd *cobra.Command, setupDir string) error {
 	}
 	err = process.SaveConfig(cmd, filepath.Join(setupDir, "config.yaml"),
-		process.SaveConfigWithOverride("scope", scopeData),
+		process.SaveConfigWithOverride("access", accessData),
 		process.SaveConfigRemovingDeprecated())
 	if err != nil {
 		return Error.Wrap(err)
--- a/cmd/uplink/cmd/share.go
+++ b/cmd/uplink/cmd/share.go
@ -30,10 +30,10 @@ var shareCfg struct {
 	NotBefore         string   `help:"disallow access before this time"`
 	NotAfter          string   `help:"disallow access after this time"`
 	AllowedPathPrefix []string `help:"whitelist of path prefixes to require, overrides the [allowed-path-prefix] arguments"`
-	ExportTo          string   `default:"" help:"path to export the shared scope to"`
+	ExportTo          string   `default:"" help:"path to export the shared access to"`
-	// Share requires information about the current scope
+	// Share requires information about the current access
-	ScopeConfig
+	AccessConfig
 }
 func init() {
@ -109,14 +109,14 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 		})
 	}
-	scope, err := shareCfg.GetScope()
+	access, err := shareCfg.GetAccess()
 	if err != nil {
 		return err
 	}
-	key, access := scope.APIKey, scope.EncryptionAccess
+	key, encAccess := access.APIKey, access.EncryptionAccess
 	if len(restrictions) > 0 {
-		key, access, err = access.Restrict(key, restrictions...)
+		key, encAccess, err = encAccess.Restrict(key, restrictions...)
 		if err != nil {
 			return err
 		}
@ -144,19 +144,19 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 		return err
 	}
-	newScope := &libuplink.Scope{
+	newAccess := &libuplink.Scope{
-		SatelliteAddr:    scope.SatelliteAddr,
+		SatelliteAddr:    access.SatelliteAddr,
 		APIKey:           key,
-		EncryptionAccess: access,
+		EncryptionAccess: encAccess,
 	}
-	scopeData, err := newScope.Serialize()
+	newAccessData, err := newAccess.Serialize()
 	if err != nil {
 		return err
 	}
 	fmt.Println("=========== INTERNAL SCOPE INFO =========================================================")
-	fmt.Println("Satellite :", scope.SatelliteAddr)
+	fmt.Println("Satellite :", access.SatelliteAddr)
 	fmt.Println("API Key   :", key.Serialize())
 	fmt.Println("Enc Access:", accessData)
 	fmt.Println("=========== SHARE RESTRICTIONS ==========================================================")
@ -168,7 +168,7 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 	fmt.Println("Not After :", formatTimeRestriction(caveat.NotAfter))
 	fmt.Println("Paths     :", formatPaths(restrictions))
 	fmt.Println("=========== SERIALIZED SCOPE WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========")
-	fmt.Println("Scope     :", scopeData)
+	fmt.Println("Scope     :", newAccessData)
 	if shareCfg.ExportTo != "" {
 		// convert to an absolute path, mostly for output purposes.
@ -176,7 +176,7 @@ func shareMain(cmd *cobra.Command, args []string) (err error) {
 		if err != nil {
 			return Error.Wrap(err)
 		}
-		if err := ioutil.WriteFile(exportTo, []byte(scopeData+"\n"), 0600); err != nil {
+		if err := ioutil.WriteFile(exportTo, []byte(newAccessData+"\n"), 0600); err != nil {
 			return Error.Wrap(err)
 		}
 		fmt.Println("Exported to:", exportTo)
--- a/lib/uplink/encryption_test.go
+++ b/lib/uplink/encryption_test.go
@ -36,12 +36,12 @@ func TestAllowedPathPrefixListing(t *testing.T) {
 		defer ctx.Check(up.Close)
 		uplinkConfig := testUplink.GetConfig(testSatellite)
-		scope, err := uplinkConfig.GetScope()
+		access, err := uplinkConfig.GetAccess()
 		require.NoError(t, err)
-		encryptionAccess := scope.EncryptionAccess
+		encryptionAccess := access.EncryptionAccess
 		func() {
-			proj, err := up.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+			proj, err := up.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 			require.NoError(t, err)
 			defer ctx.Check(proj.Close)
@ -54,13 +54,13 @@ func TestAllowedPathPrefixListing(t *testing.T) {
 			require.Equal(t, 1, len(list.Items))
 		}()
-		restrictedAPIKey, restrictedEa, err := encryptionAccess.Restrict(scope.APIKey, uplink.EncryptionRestriction{
+		restrictedAPIKey, restrictedEa, err := encryptionAccess.Restrict(access.APIKey, uplink.EncryptionRestriction{
 			Bucket:     "testbucket",
 			PathPrefix: "videos",
 		})
 		require.NoError(t, err)
 		func() {
-			proj, err := up.OpenProject(ctx, scope.SatelliteAddr, restrictedAPIKey)
+			proj, err := up.OpenProject(ctx, access.SatelliteAddr, restrictedAPIKey)
 			require.NoError(t, err)
 			defer ctx.Check(proj.Close)
--- a/lib/uplink/project_test.go
+++ b/lib/uplink/project_test.go
@ -26,14 +26,14 @@ func TestProjectListBuckets(t *testing.T) {
 			cfg.Volatile.Log = zaptest.NewLogger(t)
 			cfg.Volatile.TLS.SkipPeerCAWhitelist = true
-			scope, err := planet.Uplinks[0].GetConfig(planet.Satellites[0]).GetScope()
+			access, err := planet.Uplinks[0].GetConfig(planet.Satellites[0]).GetAccess()
 			require.NoError(t, err)
 			ul, err := uplink.NewUplink(ctx, &cfg)
 			require.NoError(t, err)
 			defer ctx.Check(ul.Close)
-			p, err := ul.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+			p, err := ul.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 			require.NoError(t, err)
 			// create 6 test buckets
@ -67,13 +67,13 @@ func TestProjectListBuckets(t *testing.T) {
 			require.False(t, result.More)
 			// List with restrictions
-			scope.APIKey, scope.EncryptionAccess, err =
+			access.APIKey, access.EncryptionAccess, err =
-				scope.EncryptionAccess.Restrict(scope.APIKey,
+				access.EncryptionAccess.Restrict(access.APIKey,
 					uplink.EncryptionRestriction{Bucket: "test0"},
 					uplink.EncryptionRestriction{Bucket: "test1"})
 			require.NoError(t, err)
-			p, err = ul.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+			p, err = ul.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 			require.NoError(t, err)
 			defer ctx.Check(p.Close)
--- a/linksharing/handler.go
+++ b/linksharing/handler.go
@ -83,14 +83,14 @@ func (handler *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) (err e
 		return err
 	}
-	scope, bucket, unencPath, err := parseRequestPath(r.URL.Path)
+	access, bucket, unencPath, err := parseRequestPath(r.URL.Path)
 	if err != nil {
 		err = fmt.Errorf("invalid request: %v", err)
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return err
 	}
-	p, err := handler.uplink.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+	p, err := handler.uplink.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 	if err != nil {
 		handler.handleUplinkErr(w, "open project", err)
 		return err
@ -101,7 +101,7 @@ func (handler *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) (err e
 		}
 	}()
-	b, err := p.OpenBucket(ctx, bucket, scope.EncryptionAccess)
+	b, err := p.OpenBucket(ctx, bucket, access.EncryptionAccess)
 	if err != nil {
 		handler.handleUplinkErr(w, "open bucket", err)
 		return err
@ -154,7 +154,7 @@ func parseRequestPath(p string) (*uplink.Scope, string, string, error) {
 	switch len(segments) {
 	case 1:
 		if segments[0] == "" {
-			return nil, "", "", errs.New("missing scope")
+			return nil, "", "", errs.New("missing access")
 		}
 		return nil, "", "", errs.New("missing bucket")
 	case 2:
@ -164,11 +164,11 @@ func parseRequestPath(p string) (*uplink.Scope, string, string, error) {
 	bucket := segments[1]
 	unencPath := segments[2]
-	scope, err := uplink.ParseScope(scopeb58)
+	access, err := uplink.ParseScope(scopeb58)
 	if err != nil {
 		return nil, "", "", err
 	}
-	return scope, bucket, unencPath, nil
+	return access, bucket, unencPath, nil
 }
 type objectRanger struct {
--- a/linksharing/handler_test.go
+++ b/linksharing/handler_test.go
@ -125,7 +125,7 @@ func testHandlerRequests(t *testing.T, ctx *testcontext.Context, planet *testpla
 	apiKey, err := uplink.ParseAPIKey(planet.Uplinks[0].APIKey[planet.Satellites[0].ID()].Serialize())
 	require.NoError(t, err)
-	scope, err := (&uplink.Scope{
+	access, err := (&uplink.Scope{
 		SatelliteAddr:    planet.Satellites[0].Addr(),
 		APIKey:           apiKey,
 		EncryptionAccess: uplink.NewEncryptionAccessWithDefaultKey(storj.Key{}),
@ -147,101 +147,101 @@ func testHandlerRequests(t *testing.T, ctx *testcontext.Context, planet *testpla
 			body:   "method not allowed\n",
 		},
 		{
-			name:   "GET missing scope",
+			name:   "GET missing access",
 			method: "GET",
 			status: http.StatusBadRequest,
-			body:   "invalid request: missing scope\n",
+			body:   "invalid request: missing access\n",
 		},
 		{
-			name:   "GET malformed scope",
+			name:   "GET malformed access",
 			method: "GET",
-			path:   path.Join("BADSCOPE", "testbucket", "test/foo"),
+			path:   path.Join("BADACCESS", "testbucket", "test/foo"),
 			status: http.StatusBadRequest,
 			body:   "invalid request: invalid scope format\n",
 		},
 		{
 			name:   "GET missing bucket",
 			method: "GET",
-			path:   scope,
+			path:   access,
 			status: http.StatusBadRequest,
 			body:   "invalid request: missing bucket\n",
 		},
 		{
 			name:   "GET bucket not found",
 			method: "GET",
-			path:   path.Join(scope, "someotherbucket", "test/foo"),
+			path:   path.Join(access, "someotherbucket", "test/foo"),
 			status: http.StatusNotFound,
 			body:   "bucket not found\n",
 		},
 		{
 			name:   "GET missing bucket path",
 			method: "GET",
-			path:   path.Join(scope, "testbucket"),
+			path:   path.Join(access, "testbucket"),
 			status: http.StatusBadRequest,
 			body:   "invalid request: missing bucket path\n",
 		},
 		{
 			name:   "GET object not found",
 			method: "GET",
-			path:   path.Join(scope, "testbucket", "test/bar"),
+			path:   path.Join(access, "testbucket", "test/bar"),
 			status: http.StatusNotFound,
 			body:   "object not found\n",
 		},
 		{
 			name:   "GET success",
 			method: "GET",
-			path:   path.Join(scope, "testbucket", "test/foo"),
+			path:   path.Join(access, "testbucket", "test/foo"),
 			status: http.StatusOK,
 			body:   "FOO",
 		},
 		{
-			name:   "HEAD missing scope",
+			name:   "HEAD missing access",
 			method: "HEAD",
 			status: http.StatusBadRequest,
-			body:   "invalid request: missing scope\n",
+			body:   "invalid request: missing access\n",
 		},
 		{
-			name:   "HEAD malformed scope",
+			name:   "HEAD malformed access",
 			method: "HEAD",
-			path:   path.Join("BADSCOPE", "testbucket", "test/foo"),
+			path:   path.Join("BADACCESS", "testbucket", "test/foo"),
 			status: http.StatusBadRequest,
 			body:   "invalid request: invalid scope format\n",
 		},
 		{
 			name:   "HEAD missing bucket",
 			method: "HEAD",
-			path:   scope,
+			path:   access,
 			status: http.StatusBadRequest,
 			body:   "invalid request: missing bucket\n",
 		},
 		{
 			name:   "HEAD bucket not found",
 			method: "HEAD",
-			path:   path.Join(scope, "someotherbucket", "test/foo"),
+			path:   path.Join(access, "someotherbucket", "test/foo"),
 			status: http.StatusNotFound,
 			body:   "bucket not found\n",
 		},
 		{
 			name:   "HEAD missing bucket path",
 			method: "HEAD",
-			path:   path.Join(scope, "testbucket"),
+			path:   path.Join(access, "testbucket"),
 			status: http.StatusBadRequest,
 			body:   "invalid request: missing bucket path\n",
 		},
 		{
 			name:   "HEAD object not found",
 			method: "HEAD",
-			path:   path.Join(scope, "testbucket", "test/bar"),
+			path:   path.Join(access, "testbucket", "test/bar"),
 			status: http.StatusNotFound,
 			body:   "object not found\n",
 		},
 		{
 			name:   "HEAD success",
 			method: "HEAD",
-			path:   path.Join(scope, "testbucket", "test/foo"),
+			path:   path.Join(access, "testbucket", "test/foo"),
 			status: http.StatusFound,
 			header: http.Header{
-				"Location": []string{"http://localhost/" + path.Join(scope, "testbucket", "test/foo")},
+				"Location": []string{"http://localhost/" + path.Join(access, "testbucket", "test/foo")},
 			},
 			body: "",
 		},
--- a/private/testplanet/uplink.go
+++ b/private/testplanet/uplink.go
@ -349,7 +349,7 @@ func (client *Uplink) GetConfig(satellite *SatelliteSystem) cmd.Config {
 	encAccess := libuplink.NewEncryptionAccess()
 	encAccess.SetDefaultKey(storj.Key{})
-	scopeData, err := (&libuplink.Scope{
+	accessData, err := (&libuplink.Scope{
 		SatelliteAddr:    satellite.Addr(),
 		APIKey:           apiKey,
 		EncryptionAccess: encAccess,
@ -358,7 +358,7 @@ func (client *Uplink) GetConfig(satellite *SatelliteSystem) cmd.Config {
 		panic(err)
 	}
-	config.Scope = scopeData
+	config.Access = accessData
 	// Support some legacy stuff
 	config.Legacy.Client.APIKey = apiKey.Serialize()
@ -415,12 +415,12 @@ func (client *Uplink) GetProject(ctx context.Context, satellite *SatelliteSystem
 	}
 	defer func() { err = errs.Combine(err, testLibuplink.Close()) }()
-	scope, err := client.GetConfig(satellite).GetScope()
+	access, err := client.GetConfig(satellite).GetAccess()
 	if err != nil {
 		return nil, err
 	}
-	project, err := testLibuplink.OpenProject(ctx, scope.SatelliteAddr, scope.APIKey)
+	project, err := testLibuplink.OpenProject(ctx, access.SatelliteAddr, access.APIKey)
 	if err != nil {
 		return nil, err
 	}
@ -439,7 +439,7 @@ func (client *Uplink) GetProjectAndBucket(ctx context.Context, satellite *Satell
 		}
 	}()
-	scope, err := client.GetConfig(satellite).GetScope()
+	access, err := client.GetConfig(satellite).GetAccess()
 	if err != nil {
 		return nil, nil, err
 	}
@ -457,7 +457,7 @@ func (client *Uplink) GetProjectAndBucket(ctx context.Context, satellite *Satell
 		}
 	}
-	bucket, err := project.OpenBucket(ctx, bucketName, scope.EncryptionAccess)
+	bucket, err := project.OpenBucket(ctx, bucketName, access.EncryptionAccess)
 	if err != nil {
 		return nil, nil, err
 	}