aboutsummaryrefslogtreecommitdiff
path: root/src/garage
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-12-16 11:47:58 +0100
committerAlex Auvolat <alex@adnab.me>2022-01-04 12:45:52 +0100
commit0bbb6673e7ce703e470a3c2aad620ee5f009bc84 (patch)
tree844e95b50e2bc129403b679a6c5d63ff82940ad6 /src/garage
parent53f71b3a57b3c1828292e26b7865d31e9bec44d6 (diff)
downloadgarage-0bbb6673e7ce703e470a3c2aad620ee5f009bc84.tar.gz
garage-0bbb6673e7ce703e470a3c2aad620ee5f009bc84.zip
Model changes
Diffstat (limited to 'src/garage')
-rw-r--r--src/garage/admin.rs51
-rw-r--r--src/garage/cli/cmd.rs3
-rw-r--r--src/garage/cli/structs.rs5
-rw-r--r--src/garage/cli/util.rs7
4 files changed, 40 insertions, 26 deletions
diff --git a/src/garage/admin.rs b/src/garage/admin.rs
index 756f6007..5599c53f 100644
--- a/src/garage/admin.rs
+++ b/src/garage/admin.rs
@@ -104,11 +104,10 @@ impl AdminRpcHandler {
}
alias.state.update(Deletable::Present(AliasParams {
bucket_id: bucket.id,
- website_access: false,
}));
alias
}
- None => BucketAlias::new(name.clone(), bucket.id, false),
+ None => BucketAlias::new(name.clone(), bucket.id),
};
bucket
.state
@@ -178,7 +177,7 @@ impl AdminRpcHandler {
for (key_id, _) in bucket.authorized_keys() {
if let Some(key) = self.garage.key_table.get(&EmptyKey, key_id).await? {
if !key.state.is_deleted() {
- self.update_key_bucket(&key, bucket.id, false, false)
+ self.update_key_bucket(&key, bucket.id, false, false, false)
.await?;
}
} else {
@@ -266,10 +265,9 @@ impl AdminRpcHandler {
}
// Checks ok, add alias
- alias.state.update(Deletable::present(AliasParams {
- bucket_id,
- website_access: false,
- }));
+ alias
+ .state
+ .update(Deletable::present(AliasParams { bucket_id }));
self.garage.bucket_alias_table.insert(&alias).await?;
let mut bucket_p = bucket.state.as_option_mut().unwrap();
@@ -396,16 +394,17 @@ impl AdminRpcHandler {
let allow_read = query.read || key.allow_read(&bucket_id);
let allow_write = query.write || key.allow_write(&bucket_id);
+ let allow_owner = query.owner || key.allow_owner(&bucket_id);
let new_perm = self
- .update_key_bucket(&key, bucket_id, allow_read, allow_write)
+ .update_key_bucket(&key, bucket_id, allow_read, allow_write, allow_owner)
.await?;
self.update_bucket_key(bucket, &key.key_id, new_perm)
.await?;
Ok(AdminRpc::Ok(format!(
- "New permissions for {} on {}: read {}, write {}.",
- &key.key_id, &query.bucket, allow_read, allow_write
+ "New permissions for {} on {}: read {}, write {}, owner {}.",
+ &key.key_id, &query.bucket, allow_read, allow_write, allow_owner
)))
}
@@ -425,29 +424,34 @@ impl AdminRpcHandler {
let allow_read = !query.read && key.allow_read(&bucket_id);
let allow_write = !query.write && key.allow_write(&bucket_id);
+ let allow_owner = !query.owner && key.allow_owner(&bucket_id);
let new_perm = self
- .update_key_bucket(&key, bucket_id, allow_read, allow_write)
+ .update_key_bucket(&key, bucket_id, allow_read, allow_write, allow_owner)
.await?;
self.update_bucket_key(bucket, &key.key_id, new_perm)
.await?;
Ok(AdminRpc::Ok(format!(
- "New permissions for {} on {}: read {}, write {}.",
- &key.key_id, &query.bucket, allow_read, allow_write
+ "New permissions for {} on {}: read {}, write {}, owner {}.",
+ &key.key_id, &query.bucket, allow_read, allow_write, allow_owner
)))
}
async fn handle_bucket_website(&self, query: &WebsiteOpt) -> Result<AdminRpc, Error> {
- let mut bucket_alias = self
+ let bucket_id = self
.garage
- .bucket_alias_table
- .get(&EmptyKey, &query.bucket)
+ .bucket_helper()
+ .resolve_global_bucket_name(&query.bucket)
.await?
- .filter(|a| !a.is_deleted())
- .ok_or_message(format!("Bucket {} does not exist", query.bucket))?;
+ .ok_or_message("Bucket not found")?;
- let mut state = bucket_alias.state.get().as_option().unwrap().clone();
+ let mut bucket = self
+ .garage
+ .bucket_helper()
+ .get_existing_bucket(bucket_id)
+ .await?;
+ let bucket_state = bucket.state.as_option_mut().unwrap();
if !(query.allow ^ query.deny) {
return Err(Error::Message(
@@ -455,9 +459,8 @@ impl AdminRpcHandler {
));
}
- state.website_access = query.allow;
- bucket_alias.state.update(Deletable::present(state));
- self.garage.bucket_alias_table.insert(&bucket_alias).await?;
+ bucket_state.website_access.update(query.allow);
+ self.garage.bucket_table.insert(&bucket).await?;
let msg = if query.allow {
format!("Website access allowed for {}", &query.bucket)
@@ -545,6 +548,7 @@ impl AdminRpcHandler {
timestamp: increment_logical_clock(auth.timestamp),
allow_read: false,
allow_write: false,
+ allow_owner: false,
};
if !bucket.is_deleted() {
self.update_bucket_key(bucket, &key.key_id, new_perm)
@@ -605,6 +609,7 @@ impl AdminRpcHandler {
bucket_id: Uuid,
allow_read: bool,
allow_write: bool,
+ allow_owner: bool,
) -> Result<BucketKeyPerm, Error> {
let mut key = key.clone();
let mut key_state = key.state.as_option_mut().unwrap();
@@ -617,11 +622,13 @@ impl AdminRpcHandler {
timestamp: increment_logical_clock(old_perm.timestamp),
allow_read,
allow_write,
+ allow_owner,
})
.unwrap_or(BucketKeyPerm {
timestamp: now_msec(),
allow_read,
allow_write,
+ allow_owner,
});
key_state.authorized_buckets = Map::put_mutator(bucket_id, perm);
diff --git a/src/garage/cli/cmd.rs b/src/garage/cli/cmd.rs
index 015eeec9..b7508e45 100644
--- a/src/garage/cli/cmd.rs
+++ b/src/garage/cli/cmd.rs
@@ -164,8 +164,7 @@ pub async fn cmd_admin(
let mut table = vec![];
for alias in bl {
if let Some(p) = alias.state.get().as_option() {
- let wflag = if p.website_access { "W" } else { " " };
- table.push(format!("{}\t{}\t{:?}", wflag, alias.name, p.bucket_id));
+ table.push(format!("\t{}\t{:?}", alias.name, p.bucket_id));
}
}
format_table(table);
diff --git a/src/garage/cli/structs.rs b/src/garage/cli/structs.rs
index 590be1c0..1905069e 100644
--- a/src/garage/cli/structs.rs
+++ b/src/garage/cli/structs.rs
@@ -238,6 +238,11 @@ pub struct PermBucketOpt {
#[structopt(long = "write")]
pub write: bool,
+ /// Allow/deny administrative operations operations
+ /// (such as deleting bucket or changing bucket website configuration)
+ #[structopt(long = "owner")]
+ pub owner: bool,
+
/// Bucket name
pub bucket: String,
}
diff --git a/src/garage/cli/util.rs b/src/garage/cli/util.rs
index ba88502d..f586d55b 100644
--- a/src/garage/cli/util.rs
+++ b/src/garage/cli/util.rs
@@ -11,6 +11,7 @@ pub fn print_key_info(key: &Key) {
println!("Secret key: {}", key.secret_key);
match &key.state {
Deletable::Present(p) => {
+ println!("Can create buckets: {}", p.allow_create_bucket.get());
println!("\nKey-specific bucket aliases:");
let mut table = vec![];
for (alias_name, _, alias) in p.local_aliases.items().iter() {
@@ -25,7 +26,8 @@ pub fn print_key_info(key: &Key) {
for (b, perm) in p.authorized_buckets.items().iter() {
let rflag = if perm.allow_read { "R" } else { " " };
let wflag = if perm.allow_write { "W" } else { " " };
- table.push(format!("\t{}{}\t{:?}", rflag, wflag, b));
+ let oflag = if perm.allow_owner { "O" } else { " " };
+ table.push(format!("\t{}{}{}\t{:?}", rflag, wflag, oflag, b));
}
format_table(table);
}
@@ -58,7 +60,8 @@ pub fn print_bucket_info(bucket: &Bucket) {
for (k, perm) in p.authorized_keys.items().iter() {
let rflag = if perm.allow_read { "R" } else { " " };
let wflag = if perm.allow_write { "W" } else { " " };
- println!("- {}{} {}", rflag, wflag, k);
+ let oflag = if perm.allow_owner { "O" } else { " " };
+ println!("- {}{}{} {}", rflag, wflag, oflag, k);
}
}
};