From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Shannon Sterz <s.sterz@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH proxmox 1/5] access: add the proxmox-access crate to reuse acl trees
Date: Tue, 11 Jun 2024 14:53:53 +0200 [thread overview]
Message-ID: <hpjqsilgojyviztdfj3zibgjksqph4yfpkeysorl6cdzwhgstn@mwymm42mfxgr> (raw)
In-Reply-To: <20240610154214.356689-2-s.sterz@proxmox.com>
On Mon, Jun 10, 2024 at 05:42:10PM GMT, Shannon Sterz wrote:
> diff --git a/proxmox-access/src/init.rs b/proxmox-access/src/init.rs
> new file mode 100644
> index 00000000..71f2f8fc
> --- /dev/null
> +++ b/proxmox-access/src/init.rs
> @@ -0,0 +1,73 @@
> +use anyhow::{format_err, Error};
> +use std::{
> + collections::HashMap,
> + path::{Path, PathBuf},
> + sync::OnceLock,
> +};
> +
> +static ACM_CONF: OnceLock<&'static dyn AcmConfig> = OnceLock::new();
> +static ACM_CONF_DIR: OnceLock<PathBuf> = OnceLock::new();
> +
> +/// This trait specifies the functions a product needs to implement to get ACL tree based access
> +/// control management from this plugin.
> +pub trait AcmConfig: Send + Sync {
This is a terrible name ;-)
Given the methods defined here, we could just call it `RoleSetup`?
> + /// Returns a mapping of all recognized roles and their corresponding `u64` value.
> + fn roles(&self) -> &HashMap<&str, u64>;
> +
> + /// Optionally returns a role that has no access to any resource.
> + ///
> + /// Default: Returns `None`.
> + fn role_no_access(&self) -> Option<&str> {
> + None
> + }
> +
> + /// Optionally returns a role that is allowed to access all resources.
> + ///
> + /// Default: Returns `None`.
> + fn role_admin(&self) -> Option<&str> {
> + None
> + }
> +}
> +
> +pub fn init<P: AsRef<Path>>(
> + acm_config: &'static dyn AcmConfig,
> + config_dir: P,
> +) -> Result<(), Error> {
> + init_acm_config(acm_config)?;
> + init_acm_config_dir(config_dir)
> +}
> +
> +pub fn init_acm_config_dir<P: AsRef<Path>>(config_dir: P) -> Result<(), Error> {
^ pub(crate) ?
> + ACM_CONF_DIR
> + .set(config_dir.as_ref().to_owned())
> + .map_err(|_e| format_err!("cannot initialize acl tree config twice!"))
> +}
> +
> +pub(crate) fn init_acm_config(config: &'static dyn AcmConfig) -> Result<(), Error> {
> + ACM_CONF
> + .set(config)
> + .map_err(|_e| format_err!("cannot initialize acl tree config twice!"))
> +}
> +
> +
> +pub(crate) fn acm_conf() -> &'static dyn AcmConfig {
> + *ACM_CONF
> + .get()
> + .expect("please initialize the acm config before using it!")
> +}
> +
> +
> +fn conf_dir() -> &'static PathBuf {
> + ACM_CONF_DIR
> + .get()
> + .expect("please initialize acm config dir before using it!")
> +}
> +
> +pub(crate) fn acl_config() -> PathBuf {
> + conf_dir().with_file_name("acl.cfg")
> +}
> +
> +pub(crate) fn acl_config_lock() -> PathBuf {
> + conf_dir().with_file_name(".acl.lck")
> +}
> +
> diff --git a/proxmox-access/src/lib.rs b/proxmox-access/src/lib.rs
> new file mode 100644
> index 00000000..8ad2c83d
> --- /dev/null
> +++ b/proxmox-access/src/lib.rs
> @@ -0,0 +1,2 @@
> +pub mod acl;
> +pub mod init;
> --
> 2.39.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-06-11 12:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-10 15:42 [pbs-devel] [PATCH proxmox 0/5] add proxmox-access crate Shannon Sterz
2024-06-10 15:42 ` [pbs-devel] [PATCH proxmox 1/5] access: add the proxmox-access crate to reuse acl trees Shannon Sterz
2024-06-11 12:53 ` Wolfgang Bumiller [this message]
2024-06-10 15:42 ` [pbs-devel] [PATCH proxmox 2/5] access: define shared `User`, `UserWithTokens` and `ApiTokens types Shannon Sterz
2024-06-11 12:51 ` Wolfgang Bumiller
2024-06-10 15:42 ` [pbs-devel] [PATCH proxmox 3/5] access: make token shadow implementation re-usable Shannon Sterz
2024-06-10 15:42 ` [pbs-devel] [PATCH proxmox 4/5] access: factor out user config and cache handling Shannon Sterz
2024-06-11 13:07 ` Wolfgang Bumiller
2024-06-11 14:30 ` Shannon Sterz
2024-06-12 12:49 ` Wolfgang Bumiller
2024-06-10 15:42 ` [pbs-devel] [PATCH proxmox 5/5] access: increment user cache generation when saving acl config Shannon Sterz
2024-06-11 17:28 ` [pbs-devel] [PATCH proxmox 0/5] add proxmox-access crate Thomas Lamprecht
2024-06-13 12:54 ` Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=hpjqsilgojyviztdfj3zibgjksqph4yfpkeysorl6cdzwhgstn@mwymm42mfxgr \
--to=w.bumiller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=s.sterz@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.