garage/src/model/key_table.rs

202 lines
4.8 KiB
Rust
Raw Normal View History

use serde::{Deserialize, Serialize};
use garage_table::crdt::*;
use garage_table::*;
2021-12-14 12:55:11 +00:00
use garage_util::data::*;
use crate::permission::BucketKeyPerm;
use garage_model_050::key_table as old;
2021-03-26 20:53:28 +00:00
/// An api key
#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
pub struct Key {
2021-04-06 03:25:28 +00:00
/// The id of the key (immutable), used as partition key
2020-04-23 20:25:45 +00:00
pub key_id: String,
2021-03-26 20:53:28 +00:00
/// The secret_key associated
2020-04-23 20:25:45 +00:00
pub secret_key: String,
2021-03-26 20:53:28 +00:00
/// Name for the key
2021-05-02 21:13:08 +00:00
pub name: crdt::Lww<String>,
2021-12-14 12:55:11 +00:00
/// If the key is present: it gives some permissions,
/// a map of bucket IDs (uuids) to permissions.
/// Otherwise no permissions are granted to key
pub state: crdt::Deletable<KeyParams>,
}
/// Configuration for a key
#[derive(PartialEq, Clone, Debug, Serialize, Deserialize)]
pub struct KeyParams {
2021-12-16 10:47:58 +00:00
pub allow_create_bucket: crdt::Lww<bool>,
2021-12-14 12:55:11 +00:00
pub authorized_buckets: crdt::Map<Uuid, BucketKeyPerm>,
pub local_aliases: crdt::LwwMap<String, Option<Uuid>>,
2021-12-14 12:55:11 +00:00
}
impl KeyParams {
pub fn new() -> Self {
KeyParams {
2021-12-16 10:47:58 +00:00
allow_create_bucket: crdt::Lww::new(false),
2021-12-14 12:55:11 +00:00
authorized_buckets: crdt::Map::new(),
local_aliases: crdt::LwwMap::new(),
}
}
}
impl Default for KeyParams {
fn default() -> Self {
Self::new()
}
}
2021-12-14 12:55:11 +00:00
impl Crdt for KeyParams {
fn merge(&mut self, o: &Self) {
2021-12-16 10:47:58 +00:00
self.allow_create_bucket.merge(&o.allow_create_bucket);
2021-12-14 12:55:11 +00:00
self.authorized_buckets.merge(&o.authorized_buckets);
self.local_aliases.merge(&o.local_aliases);
}
}
impl Key {
2021-04-08 13:13:02 +00:00
/// Initialize a new Key, generating a random identifier and associated secret key
pub fn new(name: String) -> Self {
2020-04-23 20:25:45 +00:00
let key_id = format!("GK{}", hex::encode(&rand::random::<[u8; 12]>()[..]));
let secret_key = hex::encode(&rand::random::<[u8; 32]>()[..]);
2020-11-20 22:20:20 +00:00
Self {
2020-04-23 20:25:45 +00:00
key_id,
secret_key,
2021-05-02 21:13:08 +00:00
name: crdt::Lww::new(name),
2021-12-14 12:55:11 +00:00
state: crdt::Deletable::present(KeyParams::new()),
2020-11-20 22:20:20 +00:00
}
}
2021-03-26 20:53:28 +00:00
/// Import a key from it's parts
pub fn import(key_id: &str, secret_key: &str, name: &str) -> Self {
Self {
key_id: key_id.to_string(),
secret_key: secret_key.to_string(),
2021-05-02 21:13:08 +00:00
name: crdt::Lww::new(name.to_string()),
2021-12-14 12:55:11 +00:00
state: crdt::Deletable::present(KeyParams::new()),
}
}
2021-03-26 20:53:28 +00:00
/// Create a new Key which can me merged to mark an existing key deleted
2020-04-23 20:25:45 +00:00
pub fn delete(key_id: String) -> Self {
Self {
2020-04-23 20:25:45 +00:00
key_id,
secret_key: "".into(),
2021-05-02 21:13:08 +00:00
name: crdt::Lww::new("".to_string()),
2021-12-14 12:55:11 +00:00
state: crdt::Deletable::Deleted,
}
}
2021-03-26 20:53:28 +00:00
/// Check if `Key` is allowed to read in bucket
2021-12-14 12:55:11 +00:00
pub fn allow_read(&self, bucket: &Uuid) -> bool {
if let crdt::Deletable::Present(params) = &self.state {
params
.authorized_buckets
.get(bucket)
.map(|x| x.allow_read)
.unwrap_or(false)
} else {
false
}
2020-04-23 20:25:45 +00:00
}
2021-03-26 20:53:28 +00:00
/// Check if `Key` is allowed to write in bucket
2021-12-14 12:55:11 +00:00
pub fn allow_write(&self, bucket: &Uuid) -> bool {
if let crdt::Deletable::Present(params) = &self.state {
params
.authorized_buckets
.get(bucket)
.map(|x| x.allow_write)
.unwrap_or(false)
} else {
false
}
2020-04-23 20:25:45 +00:00
}
2021-12-16 10:47:58 +00:00
/// Check if `Key` is owner of bucket
pub fn allow_owner(&self, bucket: &Uuid) -> bool {
if let crdt::Deletable::Present(params) = &self.state {
params
.authorized_buckets
.get(bucket)
.map(|x| x.allow_owner)
.unwrap_or(false)
} else {
false
}
}
}
impl Entry<EmptyKey, String> for Key {
fn partition_key(&self) -> &EmptyKey {
&EmptyKey
}
fn sort_key(&self) -> &String {
2020-04-23 20:25:45 +00:00
&self.key_id
}
}
2021-05-02 21:13:08 +00:00
impl Crdt for Key {
fn merge(&mut self, other: &Self) {
self.name.merge(&other.name);
2021-12-14 12:55:11 +00:00
self.state.merge(&other.state);
}
}
pub struct KeyTable;
#[derive(Clone, Debug, Serialize, Deserialize)]
pub enum KeyFilter {
Deleted(DeletedFilter),
2022-01-03 17:03:12 +00:00
MatchesAndNotDeleted(String),
}
impl TableSchema for KeyTable {
2021-12-14 11:34:01 +00:00
const TABLE_NAME: &'static str = "key";
type P = EmptyKey;
type S = String;
type E = Key;
type Filter = KeyFilter;
fn matches_filter(entry: &Self::E, filter: &Self::Filter) -> bool {
match filter {
2021-12-14 12:55:11 +00:00
KeyFilter::Deleted(df) => df.apply(entry.state.is_deleted()),
2022-01-03 17:03:12 +00:00
KeyFilter::MatchesAndNotDeleted(pat) => {
2021-03-15 18:16:42 +00:00
let pat = pat.to_lowercase();
2022-01-03 17:03:12 +00:00
!entry.state.is_deleted()
&& (entry.key_id.to_lowercase().starts_with(&pat)
|| entry.name.get().to_lowercase() == pat)
}
}
}
fn try_migrate(bytes: &[u8]) -> Option<Self::E> {
let old_k = rmp_serde::decode::from_read_ref::<_, old::Key>(bytes).ok()?;
let state = if old_k.deleted.get() {
crdt::Deletable::Deleted
} else {
// Authorized buckets is ignored here,
// migration is performed in specific migration code in
// garage/migrate.rs
crdt::Deletable::Present(KeyParams {
allow_create_bucket: crdt::Lww::new(false),
authorized_buckets: crdt::Map::new(),
local_aliases: crdt::LwwMap::new(),
})
};
let name = crdt::Lww::raw(old_k.name.timestamp(), old_k.name.get().clone());
Some(Key {
key_id: old_k.key_id,
secret_key: old_k.secret_key,
name,
state,
})
}
}