diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-01-05 15:12:59 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-01-05 15:12:59 +0100 |
| commit | 9431090b1eb9006b12395fb22700b0def7fd1f59 (patch) | |
| tree | 207fc2933484cdb79efc800926bb5d75ac876d8e | |
| parent | 677ab60cc117677bf53dc4887a6ff1c094e17cd0 (diff) | |
| download | garage-9431090b1eb9006b12395fb22700b0def7fd1f59.tar.gz garage-9431090b1eb9006b12395fb22700b0def7fd1f59.zip | |
Implement key allow|deny --create-bucket
| -rw-r--r-- | src/garage/admin.rs | 30 | ||||
| -rw-r--r-- | src/garage/cli/structs.rs | 18 |
2 files changed, 48 insertions, 0 deletions
diff --git a/src/garage/admin.rs b/src/garage/admin.rs index a682075f..509ecaf9 100644 --- a/src/garage/admin.rs +++ b/src/garage/admin.rs @@ -429,6 +429,8 @@ impl AdminRpcHandler { KeyOperation::New(query) => self.handle_create_key(query).await, KeyOperation::Rename(query) => self.handle_rename_key(query).await, KeyOperation::Delete(query) => self.handle_delete_key(query).await, + KeyOperation::Allow(query) => self.handle_allow_key(query).await, + KeyOperation::Deny(query) => self.handle_deny_key(query).await, KeyOperation::Import(query) => self.handle_import_key(query).await, } } @@ -523,6 +525,34 @@ impl AdminRpcHandler { ))) } + async fn handle_allow_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> { + let mut key = self + .garage + .bucket_helper() + .get_existing_matching_key(&query.key_pattern) + .await?; + key.params_mut() + .unwrap() + .allow_create_bucket + .update(true); + self.garage.key_table.insert(&key).await?; + self.key_info_result(key).await + } + + async fn handle_deny_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> { + let mut key = self + .garage + .bucket_helper() + .get_existing_matching_key(&query.key_pattern) + .await?; + key.params_mut() + .unwrap() + .allow_create_bucket + .update(false); + self.garage.key_table.insert(&key).await?; + self.key_info_result(key).await + } + async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> { let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?; if prev_key.is_some() { diff --git a/src/garage/cli/structs.rs b/src/garage/cli/structs.rs index bd7abc8e..a544d6a1 100644 --- a/src/garage/cli/structs.rs +++ b/src/garage/cli/structs.rs @@ -274,6 +274,14 @@ pub enum KeyOperation { #[structopt(name = "delete")] Delete(KeyDeleteOpt), + /// Set permission flags for key + #[structopt(name = "allow")] + Allow(KeyPermOpt), + + /// Unset permission flags for key + #[structopt(name = "deny")] + Deny(KeyPermOpt), + /// Import key #[structopt(name = "import")] Import(KeyImportOpt), @@ -312,6 +320,16 @@ pub struct KeyDeleteOpt { } #[derive(Serialize, Deserialize, StructOpt, Debug)] +pub struct KeyPermOpt { + /// ID or name of the key + pub key_pattern: String, + + /// Flag that allows key to create buckets using S3's CreateBucket call + #[structopt(long = "create-bucket")] + pub create_bucket: bool, +} + +#[derive(Serialize, Deserialize, StructOpt, Debug)] pub struct KeyImportOpt { /// Access key ID pub key_id: String, |