diff options
Diffstat (limited to 'src/core/key_table.rs')
-rw-r--r-- | src/core/key_table.rs | 154 |
1 files changed, 0 insertions, 154 deletions
diff --git a/src/core/key_table.rs b/src/core/key_table.rs deleted file mode 100644 index 76d163b5..00000000 --- a/src/core/key_table.rs +++ /dev/null @@ -1,154 +0,0 @@ -use async_trait::async_trait; -use serde::{Deserialize, Serialize}; - -use garage_table::*; -use garage_util::data::*; -use garage_util::error::Error; - -#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)] -pub struct Key { - // Primary key - pub key_id: String, - - // Associated secret key (immutable) - pub secret_key: String, - - // Name - pub name: String, - pub name_timestamp: u64, - - // Deletion - pub deleted: bool, - - // Authorized keys - authorized_buckets: Vec<AllowedBucket>, -} - -impl Key { - pub fn new(name: String, buckets: Vec<AllowedBucket>) -> Self { - let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..])); - let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]); - let mut ret = Self { - key_id, - secret_key, - name, - name_timestamp: now_msec(), - deleted: false, - authorized_buckets: vec![], - }; - for b in buckets { - ret.add_bucket(b) - .expect("Duplicate AllowedBucket in Key constructor"); - } - ret - } - pub fn delete(key_id: String) -> Self { - Self { - key_id, - secret_key: "".into(), - name: "".into(), - name_timestamp: now_msec(), - deleted: true, - authorized_buckets: vec![], - } - } - /// Add an authorized bucket, only if it wasn't there before - pub fn add_bucket(&mut self, new: AllowedBucket) -> Result<(), ()> { - match self - .authorized_buckets - .binary_search_by(|b| b.bucket.cmp(&new.bucket)) - { - Err(i) => { - self.authorized_buckets.insert(i, new); - Ok(()) - } - Ok(_) => Err(()), - } - } - pub fn authorized_buckets(&self) -> &[AllowedBucket] { - &self.authorized_buckets[..] - } - pub fn clear_buckets(&mut self) { - self.authorized_buckets.clear(); - } - pub fn allow_read(&self, bucket: &str) -> bool { - self.authorized_buckets - .iter() - .find(|x| x.bucket.as_str() == bucket) - .map(|x| x.allow_read) - .unwrap_or(false) - } - pub fn allow_write(&self, bucket: &str) -> bool { - self.authorized_buckets - .iter() - .find(|x| x.bucket.as_str() == bucket) - .map(|x| x.allow_write) - .unwrap_or(false) - } -} - -#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)] -pub struct AllowedBucket { - pub bucket: String, - pub timestamp: u64, - pub allow_read: bool, - pub allow_write: bool, -} - -impl Entry<EmptyKey, String> for Key { - fn partition_key(&self) -> &EmptyKey { - &EmptyKey - } - fn sort_key(&self) -> &String { - &self.key_id - } - - fn merge(&mut self, other: &Self) { - if other.deleted { - self.deleted = true; - } - if self.deleted { - self.authorized_buckets.clear(); - return; - } - if other.name_timestamp > self.name_timestamp { - self.name_timestamp = other.name_timestamp; - self.name = other.name.clone(); - } - - for ab in other.authorized_buckets.iter() { - match self - .authorized_buckets - .binary_search_by(|our_ab| our_ab.bucket.cmp(&ab.bucket)) - { - Ok(i) => { - let our_ab = &mut self.authorized_buckets[i]; - if ab.timestamp > our_ab.timestamp { - *our_ab = ab.clone(); - } - } - Err(i) => { - self.authorized_buckets.insert(i, ab.clone()); - } - } - } - } -} - -pub struct KeyTable; - -#[async_trait] -impl TableSchema for KeyTable { - type P = EmptyKey; - type S = String; - type E = Key; - type Filter = (); - - async fn updated(&self, _old: Option<Self::E>, _new: Option<Self::E>) -> Result<(), Error> { - Ok(()) - } - - fn matches_filter(entry: &Self::E, _filter: &Self::Filter) -> bool { - !entry.deleted - } -} |