155 lines
3.3 KiB
Rust
155 lines
3.3 KiB
Rust
use async_trait::async_trait;
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
use garage_table::*;
|
|
use garage_util::data::*;
|
|
use garage_util::error::Error;
|
|
|
|
#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
|
|
pub struct Key {
|
|
// Primary key
|
|
pub key_id: String,
|
|
|
|
// Associated secret key (immutable)
|
|
pub secret_key: String,
|
|
|
|
// Name
|
|
pub name: String,
|
|
pub name_timestamp: u64,
|
|
|
|
// Deletion
|
|
pub deleted: bool,
|
|
|
|
// Authorized keys
|
|
authorized_buckets: Vec<AllowedBucket>,
|
|
}
|
|
|
|
impl Key {
|
|
pub fn new(name: String, buckets: Vec<AllowedBucket>) -> Self {
|
|
let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..]));
|
|
let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]);
|
|
let mut ret = Self {
|
|
key_id,
|
|
secret_key,
|
|
name,
|
|
name_timestamp: now_msec(),
|
|
deleted: false,
|
|
authorized_buckets: vec![],
|
|
};
|
|
for b in buckets {
|
|
ret.add_bucket(b)
|
|
.expect("Duplicate AllowedBucket in Key constructor");
|
|
}
|
|
ret
|
|
}
|
|
pub fn delete(key_id: String) -> Self {
|
|
Self {
|
|
key_id,
|
|
secret_key: "".into(),
|
|
name: "".into(),
|
|
name_timestamp: now_msec(),
|
|
deleted: true,
|
|
authorized_buckets: vec![],
|
|
}
|
|
}
|
|
/// Add an authorized bucket, only if it wasn't there before
|
|
pub fn add_bucket(&mut self, new: AllowedBucket) -> Result<(), ()> {
|
|
match self
|
|
.authorized_buckets
|
|
.binary_search_by(|b| b.bucket.cmp(&new.bucket))
|
|
{
|
|
Err(i) => {
|
|
self.authorized_buckets.insert(i, new);
|
|
Ok(())
|
|
}
|
|
Ok(_) => Err(()),
|
|
}
|
|
}
|
|
pub fn authorized_buckets(&self) -> &[AllowedBucket] {
|
|
&self.authorized_buckets[..]
|
|
}
|
|
pub fn clear_buckets(&mut self) {
|
|
self.authorized_buckets.clear();
|
|
}
|
|
pub fn allow_read(&self, bucket: &str) -> bool {
|
|
self.authorized_buckets
|
|
.iter()
|
|
.find(|x| x.bucket.as_str() == bucket)
|
|
.map(|x| x.allow_read)
|
|
.unwrap_or(false)
|
|
}
|
|
pub fn allow_write(&self, bucket: &str) -> bool {
|
|
self.authorized_buckets
|
|
.iter()
|
|
.find(|x| x.bucket.as_str() == bucket)
|
|
.map(|x| x.allow_write)
|
|
.unwrap_or(false)
|
|
}
|
|
}
|
|
|
|
#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
|
|
pub struct AllowedBucket {
|
|
pub bucket: String,
|
|
pub timestamp: u64,
|
|
pub allow_read: bool,
|
|
pub allow_write: bool,
|
|
}
|
|
|
|
impl Entry<EmptyKey, String> for Key {
|
|
fn partition_key(&self) -> &EmptyKey {
|
|
&EmptyKey
|
|
}
|
|
fn sort_key(&self) -> &String {
|
|
&self.key_id
|
|
}
|
|
|
|
fn merge(&mut self, other: &Self) {
|
|
if other.deleted {
|
|
self.deleted = true;
|
|
}
|
|
if self.deleted {
|
|
self.authorized_buckets.clear();
|
|
return;
|
|
}
|
|
if other.name_timestamp > self.name_timestamp {
|
|
self.name_timestamp = other.name_timestamp;
|
|
self.name = other.name.clone();
|
|
}
|
|
|
|
for ab in other.authorized_buckets.iter() {
|
|
match self
|
|
.authorized_buckets
|
|
.binary_search_by(|our_ab| our_ab.bucket.cmp(&ab.bucket))
|
|
{
|
|
Ok(i) => {
|
|
let our_ab = &mut self.authorized_buckets[i];
|
|
if ab.timestamp > our_ab.timestamp {
|
|
*our_ab = ab.clone();
|
|
}
|
|
}
|
|
Err(i) => {
|
|
self.authorized_buckets.insert(i, ab.clone());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
pub struct KeyTable;
|
|
|
|
#[async_trait]
|
|
impl TableSchema for KeyTable {
|
|
type P = EmptyKey;
|
|
type S = String;
|
|
type E = Key;
|
|
type Filter = ();
|
|
|
|
async fn updated(&self, _old: Option<Self::E>, _new: Option<Self::E>) -> Result<(), Error> {
|
|
Ok(())
|
|
}
|
|
|
|
fn matches_filter(entry: &Self::E, _filter: &Self::Filter) -> bool {
|
|
!entry.deleted
|
|
}
|
|
}
|