garage/src/model/key_table.rs

use async_trait::async_trait;
use serde::{Deserialize, Serialize};

use garage_table::*;
use garage_table::crdt::CRDT;

use garage_util::error::Error;

use model010::key_table as prev;

#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
pub struct Key {
	// Primary key
	pub key_id: String,

	// Associated secret key (immutable)
	pub secret_key: String,

	// Name
	pub name: crdt::LWW<String>,

	// Deletion
	pub deleted: crdt::Bool,

	// Authorized keys
	pub authorized_buckets: crdt::LWWMap<String, PermissionSet>,

	// CRDT interaction: deleted implies authorized_buckets is empty
}

impl Key {
	pub fn new(name: String) -> Self {
		let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..]));
		let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]);
		let ret = Self {
			key_id,
			secret_key,
			name: crdt::LWW::new(name),
			deleted: crdt::Bool::new(false),
			authorized_buckets: crdt::LWWMap::new(),
		};
		ret
	}
	pub fn delete(key_id: String) -> Self {
		Self {
			key_id,
			secret_key: "".into(),
			name: crdt::LWW::new("".to_string()),
			deleted: crdt::Bool::new(true),
			authorized_buckets: crdt::LWWMap::new(),
		}
	}
	/// Add an authorized bucket, only if it wasn't there before
	pub fn allow_read(&self, bucket: &str) -> bool {
		self.authorized_buckets
			.get(&bucket.to_string())
			.map(|x| x.allow_read)
			.unwrap_or(false)
	}
	pub fn allow_write(&self, bucket: &str) -> bool {
		self.authorized_buckets
			.get(&bucket.to_string())
			.map(|x| x.allow_write)
			.unwrap_or(false)
	}
}

#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]
pub struct PermissionSet {
	pub allow_read: bool,
	pub allow_write: bool,
}

impl Entry<EmptyKey, String> for Key {
	fn partition_key(&self) -> &EmptyKey {
		&EmptyKey
	}
	fn sort_key(&self) -> &String {
		&self.key_id
	}

	fn merge(&mut self, other: &Self) {
		self.name.merge(&other.name);
		self.deleted.merge(&other.deleted);

		if self.deleted.get() {
			self.authorized_buckets.clear();
			return;
		}

		self.authorized_buckets.merge(&other.authorized_buckets);
	}
}

pub struct KeyTable;

#[async_trait]
impl TableSchema for KeyTable {
	type P = EmptyKey;
	type S = String;
	type E = Key;
	type Filter = DeletedFilter;

	async fn updated(&self, _old: Option<Self::E>, _new: Option<Self::E>) -> Result<(), Error> {
		Ok(())
	}

	fn matches_filter(entry: &Self::E, filter: &Self::Filter) -> bool {
		filter.apply(entry.deleted.get())
	}

	fn try_migrate(bytes: &[u8]) -> Option<Self::E> {
		let old = match rmp_serde::decode::from_read_ref::<_, prev::Key>(bytes) {
			Ok(x) => x,
			Err(_) => return None,
		};
		let mut new = Self::E {
			key_id: old.key_id.clone(),
			secret_key: old.secret_key.clone(),
			name: crdt::LWW::migrate_from_raw(old.name_timestamp, old.name.clone()),
			deleted: crdt::Bool::new(old.deleted),
			authorized_buckets: crdt::LWWMap::new(),
		};
		for ab in old.authorized_buckets() {
			let it = crdt::LWWMap::migrate_from_raw_item(
				ab.bucket.clone(),
				ab.timestamp,
				PermissionSet{
					allow_read: ab.allow_read,
					allow_write: ab.allow_write,
				});
			new.authorized_buckets.merge(&it);
		}
		Some(new)
	}
}
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`use async_trait::async_trait;`
			`use serde::{Deserialize, Serialize};`

Split code for modular compilation 2020-04-24 10:10:01 +00:00			`use garage_table::*;`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`use garage_table::crdt::CRDT;`

Split code for modular compilation 2020-04-24 10:10:01 +00:00			`use garage_util::error::Error;`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`use model010::key_table as prev;`

Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]`
			`pub struct Key {`
			`// Primary key`
Key management admin commands 2020-04-23 20:25:45 +00:00			`pub key_id: String,`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00
			`// Associated secret key (immutable)`
Key management admin commands 2020-04-23 20:25:45 +00:00			`pub secret_key: String,`

			`// Name`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`pub name: crdt::LWW<String>,`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00
			`// Deletion`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`pub deleted: crdt::Bool,`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00
			`// Authorized keys`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`pub authorized_buckets: crdt::LWWMap<String, PermissionSet>,`

			`// CRDT interaction: deleted implies authorized_buckets is empty`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`

			`impl Key {`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`pub fn new(name: String) -> Self {`
Key management admin commands 2020-04-23 20:25:45 +00:00			`let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..]));`
			`let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]);`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`let ret = Self {`
Key management admin commands 2020-04-23 20:25:45 +00:00			`key_id,`
			`secret_key,`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`name: crdt::LWW::new(name),`
			`deleted: crdt::Bool::new(false),`
			`authorized_buckets: crdt::LWWMap::new(),`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`};`
			`ret`
			`}`
Key management admin commands 2020-04-23 20:25:45 +00:00			`pub fn delete(key_id: String) -> Self {`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`Self {`
Key management admin commands 2020-04-23 20:25:45 +00:00			`key_id,`
			`secret_key: "".into(),`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`name: crdt::LWW::new("".to_string()),`
			`deleted: crdt::Bool::new(true),`
			`authorized_buckets: crdt::LWWMap::new(),`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`
			`}`
			`/// Add an authorized bucket, only if it wasn't there before`
Key management admin commands 2020-04-23 20:25:45 +00:00			`pub fn allow_read(&self, bucket: &str) -> bool {`
			`self.authorized_buckets`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`.get(&bucket.to_string())`
Key management admin commands 2020-04-23 20:25:45 +00:00			`.map(\|x\| x.allow_read)`
			`.unwrap_or(false)`
			`}`
			`pub fn allow_write(&self, bucket: &str) -> bool {`
			`self.authorized_buckets`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`.get(&bucket.to_string())`
Key management admin commands 2020-04-23 20:25:45 +00:00			`.map(\|x\| x.allow_write)`
			`.unwrap_or(false)`
			`}`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`

Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Debug, Serialize, Deserialize)]`
			`pub struct PermissionSet {`
Key management admin commands 2020-04-23 20:25:45 +00:00			`pub allow_read: bool,`
			`pub allow_write: bool,`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`

			`impl Entry<EmptyKey, String> for Key {`
			`fn partition_key(&self) -> &EmptyKey {`
			`&EmptyKey`
			`}`
			`fn sort_key(&self) -> &String {`
Key management admin commands 2020-04-23 20:25:45 +00:00			`&self.key_id`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`

			`fn merge(&mut self, other: &Self) {`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`self.name.merge(&other.name);`
			`self.deleted.merge(&other.deleted);`
Fix reconciliation logic 2020-11-20 19:12:32 +00:00
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`if self.deleted.get() {`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`self.authorized_buckets.clear();`
			`return;`
			`}`

Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`self.authorized_buckets.merge(&other.authorized_buckets);`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`
			`}`

			`pub struct KeyTable;`

			`#[async_trait]`
			`impl TableSchema for KeyTable {`
			`type P = EmptyKey;`
			`type S = String;`
			`type E = Key;`
Slight refactoring to make things clearer with DeletedFilter 2020-11-20 19:11:04 +00:00			`type Filter = DeletedFilter;`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00
			`async fn updated(&self, _old: Option<Self::E>, _new: Option<Self::E>) -> Result<(), Error> {`
			`Ok(())`
			`}`

Slight refactoring to make things clearer with DeletedFilter 2020-11-20 19:11:04 +00:00			`fn matches_filter(entry: &Self::E, filter: &Self::Filter) -> bool {`
Begin improve model to use better CRDTs 2020-11-20 20:15:24 +00:00			`filter.apply(entry.deleted.get())`
			`}`

			`fn try_migrate(bytes: &[u8]) -> Option<Self::E> {`
			`let old = match rmp_serde::decode::from_read_ref::<_, prev::Key>(bytes) {`
			`Ok(x) => x,`
			`Err(_) => return None,`
			`};`
			`let mut new = Self::E {`
			`key_id: old.key_id.clone(),`
			`secret_key: old.secret_key.clone(),`
			`name: crdt::LWW::migrate_from_raw(old.name_timestamp, old.name.clone()),`
			`deleted: crdt::Bool::new(old.deleted),`
			`authorized_buckets: crdt::LWWMap::new(),`
			`};`
			`for ab in old.authorized_buckets() {`
			`let it = crdt::LWWMap::migrate_from_raw_item(`
			`ab.bucket.clone(),`
			`ab.timestamp,`
			`PermissionSet{`
			`allow_read: ab.allow_read,`
			`allow_write: ab.allow_write,`
			`});`
			`new.authorized_buckets.merge(&it);`
			`}`
			`Some(new)`
Make table objects slightly more fool-proof; add key table 2020-04-23 18:16:33 +00:00			`}`
			`}`