aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/drafts/admin-api.md15
-rw-r--r--src/api/admin/bucket.rs13
2 files changed, 21 insertions, 7 deletions
diff --git a/doc/drafts/admin-api.md b/doc/drafts/admin-api.md
index e6ce6336..b35a87f1 100644
--- a/doc/drafts/admin-api.md
+++ b/doc/drafts/admin-api.md
@@ -124,11 +124,11 @@ Example response:
[
{
"success": true,
- "error": null,
+ "error": null
},
{
"success": false,
- "error": "Handshake error",
+ "error": "Handshake error"
}
]
```
@@ -490,7 +490,11 @@ OR
"localAlias": {
"accessKeyId": "GK31c2f218a2e44f485b94239e",
"alias": "NameOfMyBucket",
- "allPermissions": true
+ "allow": {
+ "read": true,
+ "write": true,
+ "owner": false
+ }
}
}
```
@@ -504,6 +508,9 @@ OR
Creates a new bucket, either with a global alias, a local one,
or no alias at all.
+Technically, you can also specify both `globalAlias` and `localAlias` and that would create
+two aliases, but I don't see why you would want to do that.
+
#### DeleteBucket `DELETE /v0/bucket?id=<bucket id>`
Deletes a storage bucket. A bucket cannot be deleted if it is not empty.
@@ -519,7 +526,7 @@ Request body format:
```json
{
"indexDocument": "index.html",
- "errorDocument": "404.html",
+ "errorDocument": "404.html"
}
```
diff --git a/src/api/admin/bucket.rs b/src/api/admin/bucket.rs
index 30dc3436..283e54c6 100644
--- a/src/api/admin/bucket.rs
+++ b/src/api/admin/bucket.rs
@@ -7,6 +7,7 @@ use serde::{Deserialize, Serialize};
use garage_util::crdt::*;
use garage_util::data::*;
use garage_util::error::Error as GarageError;
+use garage_util::time::*;
use garage_table::*;
@@ -283,13 +284,19 @@ pub async fn handle_create_bucket(
.bucket_helper()
.set_local_bucket_alias(bucket.id, &la.access_key_id, &la.alias)
.await?;
- if la.all_permissions {
+
+ if la.allow.read || la.allow.write || la.allow.owner {
garage
.bucket_helper()
.set_bucket_key_permissions(
bucket.id,
&la.access_key_id,
- BucketKeyPerm::ALL_PERMISSIONS,
+ BucketKeyPerm{
+ timestamp: now_msec(),
+ allow_read: la.allow.read,
+ allow_write: la.allow.write,
+ allow_owner: la.allow.owner,
+ }
)
.await?;
}
@@ -311,7 +318,7 @@ struct CreateBucketLocalAlias {
access_key_id: String,
alias: String,
#[serde(default)]
- all_permissions: bool,
+ allow: ApiBucketKeyPerm,
}
pub async fn handle_delete_bucket(