aboutsummaryrefslogtreecommitdiff
path: root/src/model/key_table.rs
diff options
context:
space:
mode:
authorTrinity Pointard <trinity.pointard@gmail.com>2021-03-26 21:53:28 +0100
committerAlex Auvolat <alex@adnab.me>2021-04-27 16:37:10 +0200
commit67585a4ffab14ba7c4b7c6dca530c177059a91d9 (patch)
tree6fd0339f8d7f651553145a3c29decc56e29c23bd /src/model/key_table.rs
parentb4376108122bb09bd8cff562b718967d4332ffbe (diff)
downloadgarage-67585a4ffab14ba7c4b7c6dca530c177059a91d9.tar.gz
garage-67585a4ffab14ba7c4b7c6dca530c177059a91d9.zip
attempt at documenting model crate
Diffstat (limited to 'src/model/key_table.rs')
-rw-r--r--src/model/key_table.rs26
1 files changed, 19 insertions, 7 deletions
diff --git a/src/model/key_table.rs b/src/model/key_table.rs
index e6ebe8de..653a38e2 100644
--- a/src/model/key_table.rs
+++ b/src/model/key_table.rs
@@ -3,26 +3,28 @@ use serde::{Deserialize, Serialize};
use garage_table::crdt::*;
use garage_table::*;
+/// An api key
#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
pub struct Key {
- // Primary key
+ /// The id of the key (immutable)
pub key_id: String,
- // Associated secret key (immutable)
+ /// The secret_key associated
+ // shouldn't it be hashed or something, so it's trully secret?
pub secret_key: String,
- // Name
+ /// Name for the key
pub name: crdt::LWW<String>,
- // Deletion
+ /// Is the key deleted
pub deleted: crdt::Bool,
- // Authorized keys
+ /// Buckets in which the key is authorized. Empty if `Key` is deleted
pub authorized_buckets: crdt::LWWMap<String, PermissionSet>,
- // CRDT interaction: deleted implies authorized_buckets is empty
}
impl Key {
+ /// Create a new key
pub fn new(name: String) -> Self {
let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..]));
let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]);
@@ -34,6 +36,8 @@ impl Key {
authorized_buckets: crdt::LWWMap::new(),
}
}
+
+ /// Import a key from it's parts
pub fn import(key_id: &str, secret_key: &str, name: &str) -> Self {
Self {
key_id: key_id.to_string(),
@@ -43,6 +47,8 @@ impl Key {
authorized_buckets: crdt::LWWMap::new(),
}
}
+
+ /// Create a new Key which can me merged to mark an existing key deleted
pub fn delete(key_id: String) -> Self {
Self {
key_id,
@@ -52,13 +58,16 @@ impl Key {
authorized_buckets: crdt::LWWMap::new(),
}
}
- /// Add an authorized bucket, only if it wasn't there before
+
+ /// Check if `Key` is allowed to read in bucket
pub fn allow_read(&self, bucket: &str) -> bool {
self.authorized_buckets
.get(&bucket.to_string())
.map(|x| x.allow_read)
.unwrap_or(false)
}
+
+ /// Check if `Key` is allowed to write in bucket
pub fn allow_write(&self, bucket: &str) -> bool {
self.authorized_buckets
.get(&bucket.to_string())
@@ -67,9 +76,12 @@ impl Key {
}
}
+/// Permission given to a key in a bucket
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
pub struct PermissionSet {
+ /// The key can be used to read the bucket
pub allow_read: bool,
+ /// The key can be used to write in the bucket
pub allow_write: bool,
}