diff --git a/doc/drafts/admin-api.md b/doc/drafts/admin-api.md index e6ce6336..b35a87f1 100644 --- a/doc/drafts/admin-api.md +++ b/doc/drafts/admin-api.md @@ -124,11 +124,11 @@ Example response: [ { "success": true, - "error": null, + "error": null }, { "success": false, - "error": "Handshake error", + "error": "Handshake error" } ] ``` @@ -490,7 +490,11 @@ OR "localAlias": { "accessKeyId": "GK31c2f218a2e44f485b94239e", "alias": "NameOfMyBucket", - "allPermissions": true + "allow": { + "read": true, + "write": true, + "owner": false + } } } ``` @@ -504,6 +508,9 @@ OR Creates a new bucket, either with a global alias, a local one, or no alias at all. +Technically, you can also specify both `globalAlias` and `localAlias` and that would create +two aliases, but I don't see why you would want to do that. + #### DeleteBucket `DELETE /v0/bucket?id=` Deletes a storage bucket. A bucket cannot be deleted if it is not empty. @@ -519,7 +526,7 @@ Request body format: ```json { "indexDocument": "index.html", - "errorDocument": "404.html", + "errorDocument": "404.html" } ``` diff --git a/src/api/admin/bucket.rs b/src/api/admin/bucket.rs index 30dc3436..283e54c6 100644 --- a/src/api/admin/bucket.rs +++ b/src/api/admin/bucket.rs @@ -7,6 +7,7 @@ use serde::{Deserialize, Serialize}; use garage_util::crdt::*; use garage_util::data::*; use garage_util::error::Error as GarageError; +use garage_util::time::*; use garage_table::*; @@ -283,13 +284,19 @@ pub async fn handle_create_bucket( .bucket_helper() .set_local_bucket_alias(bucket.id, &la.access_key_id, &la.alias) .await?; - if la.all_permissions { + + if la.allow.read || la.allow.write || la.allow.owner { garage .bucket_helper() .set_bucket_key_permissions( bucket.id, &la.access_key_id, - BucketKeyPerm::ALL_PERMISSIONS, + BucketKeyPerm{ + timestamp: now_msec(), + allow_read: la.allow.read, + allow_write: la.allow.write, + allow_owner: la.allow.owner, + } ) .await?; } @@ -311,7 +318,7 @@ struct CreateBucketLocalAlias { access_key_id: String, alias: String, #[serde(default)] - all_permissions: bool, + allow: ApiBucketKeyPerm, } pub async fn handle_delete_bucket(