forked from Deuxfleurs/garage
garage key import: add checks and --yes
CLI flag (fix #278)
This commit is contained in:
parent
942c1f1bfe
commit
7126f3e1d1
2 changed files with 19 additions and 0 deletions
|
@ -118,10 +118,25 @@ impl AdminRpcHandler {
|
|||
}
|
||||
|
||||
async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> {
|
||||
if !query.yes {
|
||||
return Err(Error::BadRequest("This command is intended to re-import keys that were previously generated by Garage. If you want to create a new key, use `garage key new` instead. Add the --yes flag if you really want to re-import a key.".to_string()));
|
||||
}
|
||||
|
||||
if query.key_id.len() != 26
|
||||
|| &query.key_id[..2] != "GK"
|
||||
|| hex::decode(&query.key_id[2..]).is_err()
|
||||
{
|
||||
return Err(Error::BadRequest(format!("The specified key ID is not a valid Garage key ID (starts with `GK`, followed by 12 hex-encoded bytes)")));
|
||||
}
|
||||
if query.secret_key.len() != 64 || hex::decode(&query.secret_key).is_err() {
|
||||
return Err(Error::BadRequest(format!("The specified secret key is not a valid Garage secret key (composed of 32 hex-encoded bytes)")));
|
||||
}
|
||||
|
||||
let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?;
|
||||
if prev_key.is_some() {
|
||||
return Err(Error::BadRequest(format!("Key {} already exists in data store. Even if it is deleted, we can't let you create a new key with the same ID. Sorry.", query.key_id)));
|
||||
}
|
||||
|
||||
let imported_key = Key::import(&query.key_id, &query.secret_key, &query.name);
|
||||
self.garage.key_table.insert(&imported_key).await?;
|
||||
|
||||
|
|
|
@ -408,6 +408,10 @@ pub struct KeyImportOpt {
|
|||
/// Key name
|
||||
#[structopt(short = "n", default_value = "Imported key")]
|
||||
pub name: String,
|
||||
|
||||
/// Confirm key import
|
||||
#[structopt(long = "yes")]
|
||||
pub yes: bool,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, StructOpt, Debug, Clone)]
|
||||
|
|
Loading…
Reference in a new issue