diff options
author | Alex Auvolat <alex@adnab.me> | 2020-04-23 20:25:45 +0000 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-04-23 20:25:45 +0000 |
commit | 51fb3799a153a0db990fc74a37563ec612e20fc2 (patch) | |
tree | 65d8c192ab45b878ffc7af1e60f7b0106782a9ae /src/store | |
parent | 4ef84a0558c0bf6641094e762ede0c962781204d (diff) | |
download | garage-51fb3799a153a0db990fc74a37563ec612e20fc2.tar.gz garage-51fb3799a153a0db990fc74a37563ec612e20fc2.zip |
Key management admin commands
Diffstat (limited to 'src/store')
-rw-r--r-- | src/store/bucket_table.rs | 13 | ||||
-rw-r--r-- | src/store/key_table.rs | 58 |
2 files changed, 53 insertions, 18 deletions
diff --git a/src/store/bucket_table.rs b/src/store/bucket_table.rs index 7778b8f9..a9bdaa70 100644 --- a/src/store/bucket_table.rs +++ b/src/store/bucket_table.rs @@ -41,7 +41,7 @@ impl Bucket { pub fn add_key(&mut self, key: AllowedKey) -> Result<(), ()> { match self .authorized_keys - .binary_search_by(|k| k.access_key_id.cmp(&key.access_key_id)) + .binary_search_by(|k| k.key_id.cmp(&key.key_id)) { Err(i) => { self.authorized_keys.insert(i, key); @@ -53,14 +53,17 @@ impl Bucket { pub fn authorized_keys(&self) -> &[AllowedKey] { &self.authorized_keys[..] } + pub fn clear_keys(&mut self) { + self.authorized_keys.clear(); + } } #[derive(PartialEq, Clone, Debug, Serialize, Deserialize)] pub struct AllowedKey { - pub access_key_id: String, + pub key_id: String, pub timestamp: u64, - pub allowed_read: bool, - pub allowed_write: bool, + pub allow_read: bool, + pub allow_write: bool, } impl Entry<EmptyKey, String> for Bucket { @@ -83,7 +86,7 @@ impl Entry<EmptyKey, String> for Bucket { for ak in other.authorized_keys.iter() { match self .authorized_keys - .binary_search_by(|our_ak| our_ak.access_key_id.cmp(&ak.access_key_id)) + .binary_search_by(|our_ak| our_ak.key_id.cmp(&ak.key_id)) { Ok(i) => { let our_ak = &mut self.authorized_keys[i]; diff --git a/src/store/key_table.rs b/src/store/key_table.rs index 6c3f96d6..add6ab02 100644 --- a/src/store/key_table.rs +++ b/src/store/key_table.rs @@ -1,16 +1,21 @@ use async_trait::async_trait; use serde::{Deserialize, Serialize}; +use crate::data::*; use crate::error::Error; use crate::table::*; #[derive(PartialEq, Clone, Debug, Serialize, Deserialize)] pub struct Key { // Primary key - pub access_key_id: String, + pub key_id: String, // Associated secret key (immutable) - pub secret_access_key: String, + pub secret_key: String, + + // Name + pub name: String, + pub name_timestamp: u64, // Deletion pub deleted: bool, @@ -20,12 +25,14 @@ pub struct Key { } impl Key { - pub fn new(buckets: Vec<AllowedBucket>) -> Self { - let access_key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..])); - let secret_access_key = hex::encode(&rand::random::<[u8; 32]>()[..]); + pub fn new(name: String, buckets: Vec<AllowedBucket>) -> Self { + let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..])); + let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]); let mut ret = Self { - access_key_id, - secret_access_key, + key_id, + secret_key, + name, + name_timestamp: now_msec(), deleted: false, authorized_buckets: vec![], }; @@ -35,10 +42,12 @@ impl Key { } ret } - pub fn delete(access_key_id: String, secret_access_key: String) -> Self { + pub fn delete(key_id: String) -> Self { Self { - access_key_id, - secret_access_key, + key_id, + secret_key: "".into(), + name: "".into(), + name_timestamp: now_msec(), deleted: true, authorized_buckets: vec![], } @@ -59,14 +68,31 @@ impl Key { pub fn authorized_buckets(&self) -> &[AllowedBucket] { &self.authorized_buckets[..] } + pub fn clear_buckets(&mut self) { + self.authorized_buckets.clear(); + } + pub fn allow_read(&self, bucket: &str) -> bool { + self.authorized_buckets + .iter() + .find(|x| x.bucket.as_str() == bucket) + .map(|x| x.allow_read) + .unwrap_or(false) + } + pub fn allow_write(&self, bucket: &str) -> bool { + self.authorized_buckets + .iter() + .find(|x| x.bucket.as_str() == bucket) + .map(|x| x.allow_write) + .unwrap_or(false) + } } #[derive(PartialEq, Clone, Debug, Serialize, Deserialize)] pub struct AllowedBucket { pub bucket: String, pub timestamp: u64, - pub allowed_read: bool, - pub allowed_write: bool, + pub allow_read: bool, + pub allow_write: bool, } impl Entry<EmptyKey, String> for Key { @@ -74,15 +100,21 @@ impl Entry<EmptyKey, String> for Key { &EmptyKey } fn sort_key(&self) -> &String { - &self.access_key_id + &self.key_id } fn merge(&mut self, other: &Self) { if other.deleted { self.deleted = true; + } + if self.deleted { self.authorized_buckets.clear(); return; } + if other.name_timestamp > self.name_timestamp { + self.name_timestamp = other.name_timestamp; + self.name = other.name.clone(); + } for ab in other.authorized_buckets.iter() { match self |