From 9431090b1eb9006b12395fb22700b0def7fd1f59 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 5 Jan 2022 15:12:59 +0100 Subject: [PATCH] Implement key allow|deny --create-bucket --- src/garage/admin.rs | 30 ++++++++++++++++++++++++++++++ src/garage/cli/structs.rs | 18 ++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/src/garage/admin.rs b/src/garage/admin.rs index a682075f..509ecaf9 100644 --- a/src/garage/admin.rs +++ b/src/garage/admin.rs @@ -429,6 +429,8 @@ impl AdminRpcHandler { KeyOperation::New(query) => self.handle_create_key(query).await, KeyOperation::Rename(query) => self.handle_rename_key(query).await, KeyOperation::Delete(query) => self.handle_delete_key(query).await, + KeyOperation::Allow(query) => self.handle_allow_key(query).await, + KeyOperation::Deny(query) => self.handle_deny_key(query).await, KeyOperation::Import(query) => self.handle_import_key(query).await, } } @@ -523,6 +525,34 @@ impl AdminRpcHandler { ))) } + async fn handle_allow_key(&self, query: &KeyPermOpt) -> Result { + let mut key = self + .garage + .bucket_helper() + .get_existing_matching_key(&query.key_pattern) + .await?; + key.params_mut() + .unwrap() + .allow_create_bucket + .update(true); + self.garage.key_table.insert(&key).await?; + self.key_info_result(key).await + } + + async fn handle_deny_key(&self, query: &KeyPermOpt) -> Result { + let mut key = self + .garage + .bucket_helper() + .get_existing_matching_key(&query.key_pattern) + .await?; + key.params_mut() + .unwrap() + .allow_create_bucket + .update(false); + self.garage.key_table.insert(&key).await?; + self.key_info_result(key).await + } + async fn handle_import_key(&self, query: &KeyImportOpt) -> Result { let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?; if prev_key.is_some() { diff --git a/src/garage/cli/structs.rs b/src/garage/cli/structs.rs index bd7abc8e..a544d6a1 100644 --- a/src/garage/cli/structs.rs +++ b/src/garage/cli/structs.rs @@ -274,6 +274,14 @@ pub enum KeyOperation { #[structopt(name = "delete")] Delete(KeyDeleteOpt), + /// Set permission flags for key + #[structopt(name = "allow")] + Allow(KeyPermOpt), + + /// Unset permission flags for key + #[structopt(name = "deny")] + Deny(KeyPermOpt), + /// Import key #[structopt(name = "import")] Import(KeyImportOpt), @@ -311,6 +319,16 @@ pub struct KeyDeleteOpt { pub yes: bool, } +#[derive(Serialize, Deserialize, StructOpt, Debug)] +pub struct KeyPermOpt { + /// ID or name of the key + pub key_pattern: String, + + /// Flag that allows key to create buckets using S3's CreateBucket call + #[structopt(long = "create-bucket")] + pub create_bucket: bool, +} + #[derive(Serialize, Deserialize, StructOpt, Debug)] pub struct KeyImportOpt { /// Access key ID