forked from Deuxfleurs/garage
Implement key allow|deny --create-bucket
This commit is contained in:
parent
677ab60cc1
commit
9431090b1e
2 changed files with 48 additions and 0 deletions
|
@ -429,6 +429,8 @@ impl AdminRpcHandler {
|
||||||
KeyOperation::New(query) => self.handle_create_key(query).await,
|
KeyOperation::New(query) => self.handle_create_key(query).await,
|
||||||
KeyOperation::Rename(query) => self.handle_rename_key(query).await,
|
KeyOperation::Rename(query) => self.handle_rename_key(query).await,
|
||||||
KeyOperation::Delete(query) => self.handle_delete_key(query).await,
|
KeyOperation::Delete(query) => self.handle_delete_key(query).await,
|
||||||
|
KeyOperation::Allow(query) => self.handle_allow_key(query).await,
|
||||||
|
KeyOperation::Deny(query) => self.handle_deny_key(query).await,
|
||||||
KeyOperation::Import(query) => self.handle_import_key(query).await,
|
KeyOperation::Import(query) => self.handle_import_key(query).await,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -523,6 +525,34 @@ impl AdminRpcHandler {
|
||||||
)))
|
)))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn handle_allow_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> {
|
||||||
|
let mut key = self
|
||||||
|
.garage
|
||||||
|
.bucket_helper()
|
||||||
|
.get_existing_matching_key(&query.key_pattern)
|
||||||
|
.await?;
|
||||||
|
key.params_mut()
|
||||||
|
.unwrap()
|
||||||
|
.allow_create_bucket
|
||||||
|
.update(true);
|
||||||
|
self.garage.key_table.insert(&key).await?;
|
||||||
|
self.key_info_result(key).await
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn handle_deny_key(&self, query: &KeyPermOpt) -> Result<AdminRpc, Error> {
|
||||||
|
let mut key = self
|
||||||
|
.garage
|
||||||
|
.bucket_helper()
|
||||||
|
.get_existing_matching_key(&query.key_pattern)
|
||||||
|
.await?;
|
||||||
|
key.params_mut()
|
||||||
|
.unwrap()
|
||||||
|
.allow_create_bucket
|
||||||
|
.update(false);
|
||||||
|
self.garage.key_table.insert(&key).await?;
|
||||||
|
self.key_info_result(key).await
|
||||||
|
}
|
||||||
|
|
||||||
async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> {
|
async fn handle_import_key(&self, query: &KeyImportOpt) -> Result<AdminRpc, Error> {
|
||||||
let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?;
|
let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id).await?;
|
||||||
if prev_key.is_some() {
|
if prev_key.is_some() {
|
||||||
|
|
|
@ -274,6 +274,14 @@ pub enum KeyOperation {
|
||||||
#[structopt(name = "delete")]
|
#[structopt(name = "delete")]
|
||||||
Delete(KeyDeleteOpt),
|
Delete(KeyDeleteOpt),
|
||||||
|
|
||||||
|
/// Set permission flags for key
|
||||||
|
#[structopt(name = "allow")]
|
||||||
|
Allow(KeyPermOpt),
|
||||||
|
|
||||||
|
/// Unset permission flags for key
|
||||||
|
#[structopt(name = "deny")]
|
||||||
|
Deny(KeyPermOpt),
|
||||||
|
|
||||||
/// Import key
|
/// Import key
|
||||||
#[structopt(name = "import")]
|
#[structopt(name = "import")]
|
||||||
Import(KeyImportOpt),
|
Import(KeyImportOpt),
|
||||||
|
@ -311,6 +319,16 @@ pub struct KeyDeleteOpt {
|
||||||
pub yes: bool,
|
pub yes: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Serialize, Deserialize, StructOpt, Debug)]
|
||||||
|
pub struct KeyPermOpt {
|
||||||
|
/// ID or name of the key
|
||||||
|
pub key_pattern: String,
|
||||||
|
|
||||||
|
/// Flag that allows key to create buckets using S3's CreateBucket call
|
||||||
|
#[structopt(long = "create-bucket")]
|
||||||
|
pub create_bucket: bool,
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize, StructOpt, Debug)]
|
#[derive(Serialize, Deserialize, StructOpt, Debug)]
|
||||||
pub struct KeyImportOpt {
|
pub struct KeyImportOpt {
|
||||||
/// Access key ID
|
/// Access key ID
|
||||||
|
|
Loading…
Reference in a new issue