Implement key allow|deny --create-bucket

This commit is contained in:
Alex 2022-01-05 15:12:59 +01:00
parent 677ab60cc1
commit 9431090b1e
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1
2 changed files with 48 additions and 0 deletions

View file

@ -429,6 +429,8 @@ impl AdminRpcHandler {
KeyOperation::New(query) => self.handle_create_key(query).await, KeyOperation::New(query) => self.handle_create_key(query).await,
KeyOperation::Rename(query) => self.handle_rename_key(query).await, KeyOperation::Rename(query) => self.handle_rename_key(query).await,
KeyOperation::Delete(query) => self.handle_delete_key(query).await, KeyOperation::Delete(query) => self.handle_delete_key(query).await,
KeyOperation::Allow(query) => self.handle_allow_key(query).await,
KeyOperation::Deny(query) => self.handle_deny_key(query).await,
KeyOperation::Import(query) => self.handle_import_key(query).await, KeyOperation::Import(query) => self.handle_import_key(query).await,
} }
} }
@ -523,6 +525,34 @@ impl AdminRpcHandler {
))) )))
} }
async fn handle_allow_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> {
let mut key = self
.garage
.bucket_helper()
.get_existing_matching_key(&query.key_pattern)
.await?;
key.params_mut()
.unwrap()
.allow_create_bucket
.update(true);
self.garage.key_table.insert(&key).await?;
self.key_info_result(key).await
}
async fn handle_deny_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> {
let mut key = self
.garage
.bucket_helper()
.get_existing_matching_key(&query.key_pattern)
.await?;
key.params_mut()
.unwrap()
.allow_create_bucket
.update(false);
self.garage.key_table.insert(&key).await?;
self.key_info_result(key).await
}
async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> { async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> {
let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?; let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?;
if prev_key.is_some() { if prev_key.is_some() {

View file

@ -274,6 +274,14 @@ pub enum KeyOperation {
#[structopt(name = "delete")] #[structopt(name = "delete")]
Delete(KeyDeleteOpt), Delete(KeyDeleteOpt),
/// Set permission flags for key
#[structopt(name = "allow")]
Allow(KeyPermOpt),
/// Unset permission flags for key
#[structopt(name = "deny")]
Deny(KeyPermOpt),
/// Import key /// Import key
#[structopt(name = "import")] #[structopt(name = "import")]
Import(KeyImportOpt), Import(KeyImportOpt),
@ -311,6 +319,16 @@ pub struct KeyDeleteOpt {
pub yes: bool, pub yes: bool,
} }
#[derive(Serialize, Deserialize, StructOpt, Debug)]
pub struct KeyPermOpt {
/// ID or name of the key
pub key_pattern: String,
/// Flag that allows key to create buckets using S3's CreateBucket call
#[structopt(long = "create-bucket")]
pub create_bucket: bool,
}
#[derive(Serialize, Deserialize, StructOpt, Debug)] #[derive(Serialize, Deserialize, StructOpt, Debug)]
pub struct KeyImportOpt { pub struct KeyImportOpt {
/// Access key ID /// Access key ID