diff options
author | Alex Auvolat <alex@adnab.me> | 2021-12-16 11:47:58 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-01-04 12:45:52 +0100 |
commit | 0bbb6673e7ce703e470a3c2aad620ee5f009bc84 (patch) | |
tree | 844e95b50e2bc129403b679a6c5d63ff82940ad6 /src/garage | |
parent | 53f71b3a57b3c1828292e26b7865d31e9bec44d6 (diff) | |
download | garage-0bbb6673e7ce703e470a3c2aad620ee5f009bc84.tar.gz garage-0bbb6673e7ce703e470a3c2aad620ee5f009bc84.zip |
Model changes
Diffstat (limited to 'src/garage')
-rw-r--r-- | src/garage/admin.rs | 51 | ||||
-rw-r--r-- | src/garage/cli/cmd.rs | 3 | ||||
-rw-r--r-- | src/garage/cli/structs.rs | 5 | ||||
-rw-r--r-- | src/garage/cli/util.rs | 7 |
4 files changed, 40 insertions, 26 deletions
diff --git a/src/garage/admin.rs b/src/garage/admin.rs index 756f6007..5599c53f 100644 --- a/src/garage/admin.rs +++ b/src/garage/admin.rs @@ -104,11 +104,10 @@ impl AdminRpcHandler { } alias.state.update(Deletable::Present(AliasParams { bucket_id: bucket.id, - website_access: false, })); alias } - None => BucketAlias::new(name.clone(), bucket.id, false), + None => BucketAlias::new(name.clone(), bucket.id), }; bucket .state @@ -178,7 +177,7 @@ impl AdminRpcHandler { for (key_id, _) in bucket.authorized_keys() { if let Some(key) = self.garage.key_table.get(&EmptyKey, key_id).await? { if !key.state.is_deleted() { - self.update_key_bucket(&key, bucket.id, false, false) + self.update_key_bucket(&key, bucket.id, false, false, false) .await?; } } else { @@ -266,10 +265,9 @@ impl AdminRpcHandler { } // Checks ok, add alias - alias.state.update(Deletable::present(AliasParams { - bucket_id, - website_access: false, - })); + alias + .state + .update(Deletable::present(AliasParams { bucket_id })); self.garage.bucket_alias_table.insert(&alias).await?; let mut bucket_p = bucket.state.as_option_mut().unwrap(); @@ -396,16 +394,17 @@ impl AdminRpcHandler { let allow_read = query.read || key.allow_read(&bucket_id); let allow_write = query.write || key.allow_write(&bucket_id); + let allow_owner = query.owner || key.allow_owner(&bucket_id); let new_perm = self - .update_key_bucket(&key, bucket_id, allow_read, allow_write) + .update_key_bucket(&key, bucket_id, allow_read, allow_write, allow_owner) .await?; self.update_bucket_key(bucket, &key.key_id, new_perm) .await?; Ok(AdminRpc::Ok(format!( - "New permissions for {} on {}: read {}, write {}.", - &key.key_id, &query.bucket, allow_read, allow_write + "New permissions for {} on {}: read {}, write {}, owner {}.", + &key.key_id, &query.bucket, allow_read, allow_write, allow_owner ))) } @@ -425,29 +424,34 @@ impl AdminRpcHandler { let allow_read = !query.read && key.allow_read(&bucket_id); let allow_write = !query.write && key.allow_write(&bucket_id); + let allow_owner = !query.owner && key.allow_owner(&bucket_id); let new_perm = self - .update_key_bucket(&key, bucket_id, allow_read, allow_write) + .update_key_bucket(&key, bucket_id, allow_read, allow_write, allow_owner) .await?; self.update_bucket_key(bucket, &key.key_id, new_perm) .await?; Ok(AdminRpc::Ok(format!( - "New permissions for {} on {}: read {}, write {}.", - &key.key_id, &query.bucket, allow_read, allow_write + "New permissions for {} on {}: read {}, write {}, owner {}.", + &key.key_id, &query.bucket, allow_read, allow_write, allow_owner ))) } async fn handle_bucket_website(&self, query: &WebsiteOpt) -> Result<AdminRpc, Error> { - let mut bucket_alias = self + let bucket_id = self .garage - .bucket_alias_table - .get(&EmptyKey, &query.bucket) + .bucket_helper() + .resolve_global_bucket_name(&query.bucket) .await? - .filter(|a| !a.is_deleted()) - .ok_or_message(format!("Bucket {} does not exist", query.bucket))?; + .ok_or_message("Bucket not found")?; - let mut state = bucket_alias.state.get().as_option().unwrap().clone(); + let mut bucket = self + .garage + .bucket_helper() + .get_existing_bucket(bucket_id) + .await?; + let bucket_state = bucket.state.as_option_mut().unwrap(); if !(query.allow ^ query.deny) { return Err(Error::Message( @@ -455,9 +459,8 @@ impl AdminRpcHandler { )); } - state.website_access = query.allow; - bucket_alias.state.update(Deletable::present(state)); - self.garage.bucket_alias_table.insert(&bucket_alias).await?; + bucket_state.website_access.update(query.allow); + self.garage.bucket_table.insert(&bucket).await?; let msg = if query.allow { format!("Website access allowed for {}", &query.bucket) @@ -545,6 +548,7 @@ impl AdminRpcHandler { timestamp: increment_logical_clock(auth.timestamp), allow_read: false, allow_write: false, + allow_owner: false, }; if !bucket.is_deleted() { self.update_bucket_key(bucket, &key.key_id, new_perm) @@ -605,6 +609,7 @@ impl AdminRpcHandler { bucket_id: Uuid, allow_read: bool, allow_write: bool, + allow_owner: bool, ) -> Result<BucketKeyPerm, Error> { let mut key = key.clone(); let mut key_state = key.state.as_option_mut().unwrap(); @@ -617,11 +622,13 @@ impl AdminRpcHandler { timestamp: increment_logical_clock(old_perm.timestamp), allow_read, allow_write, + allow_owner, }) .unwrap_or(BucketKeyPerm { timestamp: now_msec(), allow_read, allow_write, + allow_owner, }); key_state.authorized_buckets = Map::put_mutator(bucket_id, perm); diff --git a/src/garage/cli/cmd.rs b/src/garage/cli/cmd.rs index 015eeec9..b7508e45 100644 --- a/src/garage/cli/cmd.rs +++ b/src/garage/cli/cmd.rs @@ -164,8 +164,7 @@ pub async fn cmd_admin( let mut table = vec![]; for alias in bl { if let Some(p) = alias.state.get().as_option() { - let wflag = if p.website_access { "W" } else { " " }; - table.push(format!("{}\t{}\t{:?}", wflag, alias.name, p.bucket_id)); + table.push(format!("\t{}\t{:?}", alias.name, p.bucket_id)); } } format_table(table); diff --git a/src/garage/cli/structs.rs b/src/garage/cli/structs.rs index 590be1c0..1905069e 100644 --- a/src/garage/cli/structs.rs +++ b/src/garage/cli/structs.rs @@ -238,6 +238,11 @@ pub struct PermBucketOpt { #[structopt(long = "write")] pub write: bool, + /// Allow/deny administrative operations operations + /// (such as deleting bucket or changing bucket website configuration) + #[structopt(long = "owner")] + pub owner: bool, + /// Bucket name pub bucket: String, } diff --git a/src/garage/cli/util.rs b/src/garage/cli/util.rs index ba88502d..f586d55b 100644 --- a/src/garage/cli/util.rs +++ b/src/garage/cli/util.rs @@ -11,6 +11,7 @@ pub fn print_key_info(key: &Key) { println!("Secret key: {}", key.secret_key); match &key.state { Deletable::Present(p) => { + println!("Can create buckets: {}", p.allow_create_bucket.get()); println!("\nKey-specific bucket aliases:"); let mut table = vec![]; for (alias_name, _, alias) in p.local_aliases.items().iter() { @@ -25,7 +26,8 @@ pub fn print_key_info(key: &Key) { for (b, perm) in p.authorized_buckets.items().iter() { let rflag = if perm.allow_read { "R" } else { " " }; let wflag = if perm.allow_write { "W" } else { " " }; - table.push(format!("\t{}{}\t{:?}", rflag, wflag, b)); + let oflag = if perm.allow_owner { "O" } else { " " }; + table.push(format!("\t{}{}{}\t{:?}", rflag, wflag, oflag, b)); } format_table(table); } @@ -58,7 +60,8 @@ pub fn print_bucket_info(bucket: &Bucket) { for (k, perm) in p.authorized_keys.items().iter() { let rflag = if perm.allow_read { "R" } else { " " }; let wflag = if perm.allow_write { "W" } else { " " }; - println!("- {}{} {}", rflag, wflag, k); + let oflag = if perm.allow_owner { "O" } else { " " }; + println!("- {}{}{} {}", rflag, wflag, oflag, k); } } }; |