Deuxfleurs/garage
34
65
Fork 83
Code Issues 95 Pull requests 16 Releases 32 Wiki Activity

WIP: Garage v2 #948

Draft
lx wants to merge 125 commits from next-v2 into main
pull from: next-v2
merge into: Deuxfleurs:main
Conversation 0 Commits 125 Files changed 113 +36 -6
2 changed files with 36 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit d2a064bb1b - Show all commits

26
src/garage/cli/remote/admin_token.rs
View file

@ -152,10 +152,28 @@ impl Cli {
.transpose() .transpose()
.ok_or_message("Invalid duration passed for --expires-in parameter")? .ok_or_message("Invalid duration passed for --expires-in parameter")?
.map(|dur| Utc::now() + dur), .map(|dur| Utc::now() + dur),
scope: opt.scope.map(|s| { scope: opt.scope.map({
s.split(",") let mut new_scope = token.scope;
.map(|x| x.trim().to_string()) |scope_str| {
.collect::<Vec<_>>() if let Some(add) = scope_str.strip_prefix("+") {
for a in add.split(",").map(|x| x.trim().to_string()) {
if !new_scope.contains(&a) {
new_scope.push(a);
}
}
new_scope
} else if let Some(sub) = scope_str.strip_prefix("-") {
for r in sub.split(",").map(|x| x.trim()) {
new_scope.retain(|x| x != r);
}
new_scope
} else {
scope_str
.split(",")
.map(|x| x.trim().to_string())
.collect::<Vec<_>>()
}
}
}), }),
}, },
}) })

16
src/garage/cli/structs.rs
View file

@ -528,7 +528,12 @@ pub struct AdminTokenCreateOp {
/// format) /// format)
#[structopt(long = "expires-in")] #[structopt(long = "expires-in")]
pub expires_in: Option<String>, pub expires_in: Option<String>,
/// Set a limited scope for the token (by default, `*`) /// Set a limited scope for the token, as a comma-separated list of
/// admin API functions (e.g. GetClusterStatus, etc.). The default scope
/// is `*`, which allows access to all admin API functions.
/// Note that granting a scope that allows `CreateAdminToken` or
/// `UpdateAdminToken` allows for privilege escalation, and is therefore
/// equivalent to `*`.
#[structopt(long = "scope")] #[structopt(long = "scope")]
pub scope: Option<String>, pub scope: Option<String>,
/// Print only the newly generated API token to stdout /// Print only the newly generated API token to stdout
@ -544,7 +549,14 @@ pub struct AdminTokenSetOp {
/// format) /// format)
#[structopt(long = "expires-in")] #[structopt(long = "expires-in")]
pub expires_in: Option<String>, pub expires_in: Option<String>,
/// Set a limited scope for the token /// Set a limited scope for the token, as a comma-separated list of
/// admin API functions (e.g. GetClusterStatus, etc.), or `*` to allow
/// all admin API functions.
/// Use `--scope=+Scope1,Scope2` to add scopes to the existing list,
/// and `--scope=-Scope1,Scope2` to remove scopes from the existing list.
/// Note that granting a scope that allows `CreateAdminToken` or
/// `UpdateAdminToken` allows for privilege escalation, and is therefore
/// equivalent to `*`.
#[structopt(long = "scope")] #[structopt(long = "scope")]
pub scope: Option<String>, pub scope: Option<String>,
} }